Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://download.techsmith.com/camtasiastudio/releases/camtasia.exe

Overview

General Information

Sample URL:https://download.techsmith.com/camtasiastudio/releases/camtasia.exe
Analysis ID:753409
Infos:

Detection

Score:30
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

.NET source code references suspicious native API functions
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Uses the system / local time for branch decision (may execute only at specific dates)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Abnormal high CPU Usage
Is looking for software installed on the system
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 3868 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 1504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 2692 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • camtasia.exe (PID: 2600 cmdline: C:\Users\user\Desktop\download\camtasia.exe MD5: 0C60C5F487C288CF2C6B09FE7E4A7D77)
    • camtasia.exe (PID: 1172 cmdline: "C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe" -burn.clean.room="C:\Users\user\Desktop\download\camtasia.exe" -burn.filehandle.attached=180 -burn.filehandle.self=624 MD5: FD85D1BD644ED79F10801C69ECBF27B1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011A9F8F DecryptFileW,5_2_011A9F8F
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008D9F8F DecryptFileW,6_2_008D9F8F
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008FF340 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,6_2_008FF340
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdbx source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: camtasia.exe, 00000006.00000002.758526854.0000000005E72000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdb source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdb source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\EditionConstants\obj\Release\EditionConstants.pdb source: camtasia.exe, 00000006.00000002.756548919.00000000057D2000.00000002.00000001.01000000.0000000B.sdmp, EditionConstants.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdbd5~5 p5_CorDllMainmscoree.dll source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\mbahost.pdb source: camtasia.exe, 00000006.00000002.764310520.000000006FF34000.00000002.00000001.01000000.00000006.sdmp, mbahost.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\setup\WIX\CamtasiaBootstrapperApplication\obj\Release\CamtasiaBootstrapperApplication.pdb source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: camtasia.exe, 00000005.00000000.489737589.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000006.00000000.490838479.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe, 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\core\BootstrapperCore.pdb source: camtasia.exe, camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.6.dr
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_01193D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,5_2_01193D4E
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011D3C72 FindFirstFileW,FindClose,5_2_011D3C72
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_00903C72 FindFirstFileW,FindClose,6_2_00903C72
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008C3D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,6_2_008C3D4E
Source: CamtasiaBootstrapperApplication.resources.dll0.6.drString found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 Das Teilen von Inhalten auf YouTube unterliegt den Nutzungsbedingungen von YouTube {{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 . Weitere Informationen zum Datenschutz auf YouTube finden Sie unter {{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy?hl=de }}{\fldrslt{https://policies.google.com/privacy?hl=de\ul0\cf0}}}}\f0\fs22 und Ihre Sicherheitseinstellungen finden Sie unter {{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \par equals www.youtube.com (Youtube)
Source: CamtasiaBootstrapperApplication.resources.dll4.6.drString found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 O compartilhamento de conte\'fado no YouTube est\'e1 sujeito aos Termos de Servi\'e7os do YouTube {{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 . Voc\'ea pode saber mais sobre a pol\'edtica de privacidade do YouTube acessando {{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy?hl=pt-BR }}{\fldrslt{https://policies.google.com/privacy?hl=pt-BR\ul0\cf0}}}}\f0\fs22 e pode revisar as suas configura\'e7\'f5es de seguran\'e7a em {{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \par equals www.youtube.com (Youtube)
Source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 Sharing Content to YouTube is subject to the YouTube Terms Of Services {{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 . You can learn more about YouTube\rquote s privacy policy by visiting {{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy }}{\fldrslt{https://policies.google.com/privacy\ul0\cf0}}}}\f0\fs22 and you can review your security settings by visiting {{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \par equals www.youtube.com (Youtube)
Source: CamtasiaBootstrapperApplication.resources.dll.6.drString found in binary or memory: \pard\widctlpar\sa160\sl252\slmult1\cf0\b0\fs22 YouTube \f2\'82\'c5\'82\'cc\'83\'52\'83\'93\'83\'65\'83\'93\'83\'63\'82\'cc\'8b\'a4\'97\'4c\'82\'c9\'82\'cd\'81\'41\f0 YouTube \f2\'82\'cc\'97\'98\'97\'70\'8b\'4b\'96\'f1\f0 ({{\field{\*\fldinst{HYPERLINK https://www.youtube.com/t/terms }}{\fldrslt{https://www.youtube.com/t/terms\ul0\cf0}}}}\f0\fs22 ) \f2\'82\'aa\'93\'4b\'97\'70\'82\'b3\'82\'ea\'82\'dc\'82\'b7\'81\'42\f0 YouTube \f2\'82\'cc\'83\'76\'83\'89\'83\'43\'83\'6f\'83\'56\'81\'5b\f0 \f2\'83\'7c\'83\'8a\'83\'56\'81\'5b\'82\'cc\'8f\'da\'8d\'d7\'82\'c9\'82\'c2\'82\'a2\'82\'c4\'82\'cd\'81\'41{\f0{\field{\*\fldinst{HYPERLINK https://policies.google.com/privacy?hl=ja }}{\fldrslt{https://policies.google.com/privacy?hl=ja\ul0\cf0}}}}\f0\fs22 \f2\'82\'f0\'8e\'51\'8f\'c6\'82\'b5\'82\'c4\'82\'ad\'82\'be\'82\'b3\'82\'a2\'81\'42\'83\'86\'81\'5b\'83\'55\'81\'5b\'82\'cc\'83\'5a\'83\'4c\'83\'85\'83\'8a\'83\'65\'83\'42\'90\'dd\'92\'e8\'82\'cd\'81\'41{\f0{\field{\*\fldinst{HYPERLINK https://security.google.com/settings/security/permissions }}{\fldrslt{https://security.google.com/settings/security/permissions\ul0\cf0}}}}\f0\fs22 \f2\'82\'c5\'8a\'6d\'94\'46\'82\'c5\'82\'ab\'82\'dc\'82\'b7\'81\'42\f0 \par equals www.youtube.com (Youtube)
Source: camtasia.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: camtasia.exe, 00000005.00000000.489737589.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000006.00000000.490838479.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe, 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://appsyndication.org/2006/appsynapplicationc:
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: wget.exe, 00000002.00000002.477700107.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477438169.0000000000B7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000002.477700107.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477857273.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477438169.0000000000B7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000002.477700107.0000000000B7C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477438169.0000000000B7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crlm
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-regular.otf
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-semibold.otf
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/Images/MarketingAnimation/cursor.p
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/ResourceDictionary.xaml
Source: camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/usercontrols/featuresusercontrol.x
Source: camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/CamtasiaBootstrapperApplication;component/windows/selectlanguagedialog.xaml
Source: camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Fonts/proximanova-regular.otf
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Fonts/proximanova-semibold.otf
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/camtasia2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/cursor.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/desktop2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/desktop3.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/desktop6.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Images/MarketingAnimation/share-menu.png
Source: camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/proximanova-regular.otf
Source: camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/proximanova-semibold.otf
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/camtasia1.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/camtasia2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/cursor.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/desktop2.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/desktop3.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/desktop6.png
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/images/marketinganimation/share-menu.png
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/changeusercontrol.baml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/csisrunningusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/errormessageusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/finishedusercontrol.baml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/installusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/modifyusercontrol.baml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/optionsusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/progressusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/install%20states/uninstallusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/usercontrols/featuresusercontrol.baml
Source: camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/windows/selectlanguagedialog.baml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/install%20states/changeusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/install%20states/csisrunningusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/install%20states/errormessageusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/install%20states/finishedusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/install%20states/installusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/install%20states/modifyusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/install%20states/optionsusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/install%20states/progressusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/install%20states/uninstallusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/usercontrols/featuresusercontrol.xaml
Source: camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/windows/selectlanguagedialog.xaml
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://ocsp.digicert.com0A
Source: wget.exe, 00000002.00000002.477788874.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434699584.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.dr, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://ocsp.digicert.com0C
Source: camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://ocsp.digicert.com0H
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://ocsp.digicert.com0I
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://ocsp.digicert.com0K
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://ocsp.digicert.com0N
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://ocsp.digicert.com0O
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://ocsp.digicert.com0X
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: http://wixtoolset.org
Source: camtasia.exeString found in binary or memory: http://wixtoolset.org/
Source: camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: camtasia.exe, camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.drString found in binary or memory: http://wixtoolset.org/news/
Source: camtasia.exe, Microsoft.Deployment.WindowsInstaller.dll.6.drString found in binary or memory: http://wixtoolset.org/releases/
Source: camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.6.drString found in binary or memory: http://wixtoolset.org/releases/SCreating
Source: camtasia.exeString found in binary or memory: http://wixtoolset.org/telemetry/v
Source: camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://www.digicert.com/CPS0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.drString found in binary or memory: http://www.josbuivenga.demon.nl
Source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.drString found in binary or memory: http://www.josbuivenga.demon.nlCopyright
Source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.drString found in binary or memory: http://www.josbuivenga.demon.nlMuseo
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.761967978.0000000009592000.00000004.00000800.00020000.00000000.sdmp, WPFCommonControls.dll.6.drString found in binary or memory: http://www.marksimonson.com
Source: camtasia.exe, 00000006.00000002.756685478.0000000005882000.00000002.00000001.01000000.0000000A.sdmp, camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, WPFCommonControls.dll.6.drString found in binary or memory: http://www.marksimonson.comCopyright
Source: WPFCommonControls.dll.6.drString found in binary or memory: http://www.marksimonson.comProxima
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.marksimonson.comcomd
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.marksimonson.comq
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.marksimonson.comrK
Source: camtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.marksimonson.comrV
Source: CamtasiaBootstrapperApplication.resources.dll4.6.drString found in binary or memory: https://assets.techsmith.com/Docs/Camtasia-2021-Deployment-Tool-Guide.pdf
Source: wget.exe, 00000002.00000002.477846105.0000000000CE0000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.drString found in binary or memory: https://download.techsmith.com/camtasiastudio/releases/camtasia.exe
Source: wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.techsmith.com/camtasiastudio/releases/camtasia.exe6
Source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://policies.google.com/privacy
Source: CamtasiaBootstrapperApplication.resources.dll0.6.drString found in binary or memory: https://policies.google.com/privacy?hl=de
Source: CamtasiaBootstrapperApplication.resources.dll.6.drString found in binary or memory: https://policies.google.com/privacy?hl=ja
Source: CamtasiaBootstrapperApplication.resources.dll4.6.drString found in binary or memory: https://policies.google.com/privacy?hl=pt-BR
Source: CamtasiaBootstrapperApplication.resources.dll4.6.drString found in binary or memory: https://security.google.com/settings/security/permissions
Source: CamtasiaBootstrapperApplication.resources.dll0.6.drString found in binary or memory: https://support.techsmith.com/hc/de/articles/203732668
Source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp, CamtasiaBootstrapperApplication.resources.dll4.6.drString found in binary or memory: https://support.techsmith.com/hc/en-us/articles/203732668-TechSmith-Return-Policy
Source: CamtasiaBootstrapperApplication.resources.dll.6.drString found in binary or memory: https://support.techsmith.com/hc/ja/articles/203732668-TechSmith-Return-Policy
Source: camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.techsmith.comd=
Source: mbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drString found in binary or memory: https://www.digicert.com/CPS0
Source: wget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drString found in binary or memory: https://www.techsmith.com
Source: camtasia.exe, 00000006.00000002.756685478.0000000005882000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.techsmith.com/redirect.asp?target=
Source: camtasia.exe, 00000006.00000002.751317529.0000000000C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.techsmith.com/redirect.asp?target=systemrequirements&product=camtasiastudio&ver=
Source: camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.techsmith.com/redirect.asp?target=systemrequirements&product=camtasiastudio&ver=22.3.0&l
Source: camtasia.exe, 00000006.00000002.751317529.0000000000C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.techsmith.com/redirect.asp?target=windowsninstall&product=camtasiastudio&ver=22.
Source: camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.techsmith.com/redirect.asp?target=windowsninstall&product=camtasiastudio&ver=22.3.0&lang
Source: camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.techsmith.comd=
Source: CamtasiaBootstrapperApplication.resources.dll4.6.drString found in binary or memory: https://www.youtube.com/t/terms
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CF74262_2_00CF7426
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00D008202_2_00D00820
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011BC01F5_2_011BC01F
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011BF8C35_2_011BF8C3
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011CA28E5_2_011CA28E
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011C9DE05_2_011C9DE0
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011C24135_2_011C2413
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011CE73C5_2_011CE73C
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011B3F715_2_011B3F71
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011C26425_2_011C2642
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008EF8C36_2_008EF8C3
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008EC01F6_2_008EC01F
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008FA28E6_2_008FA28E
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008F24136_2_008F2413
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008F9DE06_2_008F9DE0
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008F26426_2_008F2642
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008FE73C6_2_008FE73C
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008E3F716_2_008E3F71
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_053641806_2_05364180
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: String function: 01192022 appears 46 times
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: String function: 011D2B5D appears 79 times
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: String function: 011CFB09 appears 445 times
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: String function: 011938BA appears 375 times
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: String function: 008C2022 appears 46 times
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: String function: 008FFB09 appears 459 times
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: String function: 008C38BA appears 373 times
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: String function: 00902B5D appears 79 times
Source: C:\Windows\SysWOW64\wget.exeProcess Stats: CPU usage > 98%
Source: CamtasiaBootstrapperApplication.resources.dll.6.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll0.6.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll1.6.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll2.6.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll3.6.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: CamtasiaBootstrapperApplication.resources.dll4.6.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe"
Source: unknownProcess created: C:\Users\user\Desktop\download\camtasia.exe C:\Users\user\Desktop\download\camtasia.exe
Source: C:\Users\user\Desktop\download\camtasia.exeProcess created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe "C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe" -burn.clean.room="C:\Users\user\Desktop\download\camtasia.exe" -burn.filehandle.attached=180 -burn.filehandle.self=624
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exeProcess created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe "C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe" -burn.clean.room="C:\Users\user\Desktop\download\camtasia.exe" -burn.filehandle.attached=180 -burn.filehandle.self=624 Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_01194639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,5_2_01194639
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008C4639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,6_2_008C4639
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exeFile created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\Jump to behavior
Source: classification engineClassification label: sus30.evad.win@7/55@0/2
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011D28BD GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,5_2_011D28BD
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CachePackageBeginEventArgs.csSuspicious method names: System.Int64 Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CachePackageBeginEventArgs::get_CachePayloads()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/ResolveSourceEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.ResolveSourceEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.csSuspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::.ctor(System.String,System.String)
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadBeginEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadBeginEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyCompleteEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireCompleteEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheVerifyBeginEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheVerifyBeginEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireProgressEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireProgressEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.csSuspicious method names: System.Void Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::.ctor(System.String,System.String,System.Int32)
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadFileName()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/DownloadPayloadCompleteEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.DownloadPayloadCompleteEventArgs::get_PayloadId()
Source: BootstrapperCore.dll.6.dr, Tools.WindowsInstallerXml/Bootstrapper/CacheAcquireBeginEventArgs.csSuspicious method names: System.String Microsoft.Tools.WindowsInstallerXml.Bootstrapper.CacheAcquireBeginEventArgs::get_PayloadId()
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_01192078 FormatMessageW,GetLastError,LocalFree,5_2_01192078
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{A723FF4B-219A-4F82-BBF4-A96C1104CA00}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1504:120:WilError_01
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdbx source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: camtasia.exe, 00000006.00000002.758526854.0000000005E72000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: d:\BuildAgent2\work\332abf23d6adde7e\WPFCommonControls\obj\Release\WPFCommonControls.pdb source: camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdb source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\EditionConstants\obj\Release\EditionConstants.pdb source: camtasia.exe, 00000006.00000002.756548919.00000000057D2000.00000002.00000001.01000000.0000000B.sdmp, EditionConstants.dll.6.dr
Source: Binary string: d:\BuildAgent\work\e5c4efd8f9fde200\WPFCommonViewModel\obj\Release\WPFCommonViewModel.pdbd5~5 p5_CorDllMainmscoree.dll source: camtasia.exe, 00000006.00000002.756599449.0000000005852000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\mbahost.pdb source: camtasia.exe, 00000006.00000002.764310520.000000006FF34000.00000002.00000001.01000000.00000006.sdmp, mbahost.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: E:\DTLTMP160133615\work\b8074b7c5534a0bd\setup\WIX\CamtasiaBootstrapperApplication\obj\Release\CamtasiaBootstrapperApplication.pdb source: camtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: camtasia.exe, 00000005.00000000.489737589.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000006.00000000.490838479.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe, 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe.5.dr, camtasia.exe.2.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\core\BootstrapperCore.pdb source: camtasia.exe, camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.6.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.6.dr
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CFF013 push 00000078h; retf 2_2_00CFF015
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CF65E2 push edi; iretd 2_2_00CF664A
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CFA19B pushfd ; iretd 2_2_00CFA19E
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CF5999 push ecx; iretd 2_2_00CF59A2
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CF596D push ecx; iretd 2_2_00CF59A2
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CF657C push edi; iretd 2_2_00CF664A
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CF5D0C push edx; iretd 2_2_00CF5D02
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CF6654 push edi; iretd 2_2_00CF664A
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CF1652 push ss; iretd 2_2_00CF1666
Source: C:\Windows\SysWOW64\wget.exeCode function: 2_2_00CECF48 pushad ; iretd 2_2_00CECF55
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011BE806 push ecx; ret 5_2_011BE819
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008EE806 push ecx; ret 6_2_008EE819
Source: camtasia.exe.2.drStatic PE information: section name: .wixburn
Source: camtasia.exe.5.drStatic PE information: section name: .wixburn
Source: EditionConstants.dll.6.drStatic PE information: 0xBBD9EC2A [Thu Nov 14 02:19:22 2069 UTC]
Source: initial sampleStatic PE information: section name: .text entropy: 7.109301216282531
Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\camtasia.exeJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\download\camtasia.exeFile created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbahost.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\download\camtasia.exeFile created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbahost.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeFile created: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeEvasive API call chain: GetLocalTime,DecisionNodes
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dllJump to dropped file
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeDropped PE file which has not been started: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011CF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 011CF839h5_2_011CF79E
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011CF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 011CF832h5_2_011CF79E
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008FF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 008FF839h6_2_008FF79E
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008FF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 008FF832h6_2_008FF79E
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeRegistry key enumerated: More than 152 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\Desktop\download\camtasia.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_01193D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,5_2_01193D4E
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011D3C72 FindFirstFileW,FindClose,5_2_011D3C72
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_00903C72 FindFirstFileW,FindClose,6_2_00903C72
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008C3D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,6_2_008C3D4E
Source: C:\Users\user\Desktop\download\camtasia.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeAPI call chain: ExitProcess graph end node
Source: wget.exeBinary or memory string: Hyper-V RAW
Source: wget.exe, 00000002.00000002.477857273.0000000000CE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011C34A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_011C34A2
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011939DF GetProcessHeap,RtlAllocateHeap,5_2_011939DF
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011C4104 mov eax, dword ptr fs:[00000030h]5_2_011C4104
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008F4104 mov eax, dword ptr fs:[00000030h]6_2_008F4104
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011BE0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_011BE0A8
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011C34A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_011C34A2
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008EE0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_008EE0A8
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeCode function: 6_2_008F34A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_008F34A2

HIPS / PFW / Operating System Protection Evasion

barindex
.NET source code references suspicious native API functions
Source: WPFCommonControls.dll.6.dr, WPFCommonControls/NativeMouseMove.csReference to suspicious API methods: ('LoadLibrary', 'LoadLibrary@kernel32')
Source: Microsoft.Deployment.WindowsInstaller.dll.6.dr, Deployment.WindowsInstaller/NativeMethods.csReference to suspicious API methods: ('FindResourceEx', 'FindResourceEx@kernel32.dll'), ('LoadLibraryEx', 'LoadLibraryExW@kernel32.dll')
Source: TechSmith.Win32.dll.6.dr, Win32/User32.csReference to suspicious API methods: ('MapVirtualKeyW', 'MapVirtualKeyW@user32.dll')
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" Jump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exeProcess created: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe "C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe" -burn.clean.room="C:\Users\user\Desktop\download\camtasia.exe" -burn.filehandle.attached=180 -burn.filehandle.self=624 Jump to behavior
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011A4E6A ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,5_2_011A4E6A
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011BE463 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_011BE463
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011D8039 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,5_2_011D8039
Source: C:\Users\user\Desktop\download\camtasia.exeCode function: 5_2_011D3349 GetVersionExW,5_2_011D3349

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Command and Scripting Interpreter		Path Interception1
Access Token Manipulation		11
Masquerading		OS Credential Dumping12
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium2
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts12
Native API		Boot or Logon Initialization Scripts12
Process Injection		1
Disable or Modify Tools		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Access Token Manipulation		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)12
Process Injection		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets1
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common3
Obfuscated Files or Information		Cached Domain Credentials24
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Software Packing		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Timestomp		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 753409 URL: https://download.techsmith.... Startdate: 24/11/2022 Architecture: WINDOWS Score: 30 35 .NET source code references suspicious native API functions 2->35 6 camtasia.exe 3 2->6         started        9 cmd.exe 2 2->9         started        process3 file4 19 C:\Windows\Temp\...\camtasia.exe, PE32 6->19 dropped 11 camtasia.exe 88 6->11         started        14 wget.exe 2 9->14         started        17 conhost.exe 9->17         started        process5 dnsIp6 21 CamtasiaBootstrapp...ation.resources.dll, PE32 11->21 dropped 23 CamtasiaBootstrapp...ation.resources.dll, PE32 11->23 dropped 25 C:\Windows\Temp\...\mbapreq.dll, PE32 11->25 dropped 29 14 other files (none is malicious) 11->29 dropped 31 8.8.8.8 GOOGLEUS United States 14->31 33 23.205.232.22 AKAMAI-ASUS United States 14->33 27 C:\Users\user\Desktop\download\camtasia.exe, PE32 14->27 dropped file7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://download.techsmith.com/camtasiastudio/releases/camtasia.exe0%VirustotalBrowse
https://download.techsmith.com/camtasiastudio/releases/camtasia.exe0%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\download\camtasia.exe0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dll2%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbahost.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dll0%ReversingLabs
C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dll0%ReversingLabs
C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://appsyndication.org/2006/appsynapplicationc:0%URL Reputationsafe
http://appsyndication.org/2006/appsyn0%URL Reputationsafe
http://foo/install%20states/csisrunningusercontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/images/marketinganimation/desktop3.png0%Avira URL Cloudsafe
http://foo/Images/MarketingAnimation/camtasia2.png0%Avira URL Cloudsafe
https://www.techsmith.comd=0%Avira URL Cloudsafe
http://www.josbuivenga.demon.nlMuseo0%Avira URL Cloudsafe
http://www.marksimonson.comq0%Avira URL Cloudsafe
http://www.josbuivenga.demon.nl0%Avira URL Cloudsafe
http://foo/install%20states/installusercontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/images/marketinganimation/cursor.png0%Avira URL Cloudsafe
http://foo/Images/MarketingAnimation/desktop3.png0%Avira URL Cloudsafe
http://foo/install%20states/errormessageusercontrol.xaml0%Avira URL Cloudsafe
http://defaultcontainer/CamtasiaBootstrapperApplication;component/ResourceDictionary.xaml0%Avira URL Cloudsafe
http://foo/install%20states/optionsusercontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/install%20states/optionsusercontrol.baml0%Avira URL Cloudsafe
http://foo/bar/install%20states/progressusercontrol.baml0%Avira URL Cloudsafe
http://foo/bar/fonts/proximanova-semibold.otf0%Avira URL Cloudsafe
http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-semibold.otf0%Avira URL Cloudsafe
http://foo/bar/install%20states/installusercontrol.baml0%Avira URL Cloudsafe
http://defaultcontainer/CamtasiaBootstrapperApplication;component/windows/selectlanguagedialog.xaml0%Avira URL Cloudsafe
http://foo/Images/MarketingAnimation/cursor.png0%Avira URL Cloudsafe
http://defaultcontainer/CamtasiaBootstrapperApplication;component/usercontrols/featuresusercontrol.x0%Avira URL Cloudsafe
http://foo/bar/images/marketinganimation/desktop6.png0%Avira URL Cloudsafe
http://foo/bar/images/marketinganimation/share-menu.png0%Avira URL Cloudsafe
http://foo/bar/install%20states/csisrunningusercontrol.baml0%Avira URL Cloudsafe
http://www.josbuivenga.demon.nlCopyright0%Avira URL Cloudsafe
http://foo/usercontrols/featuresusercontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/install%20states/uninstallusercontrol.baml0%Avira URL Cloudsafe
http://foo/install%20states/progressusercontrol.xaml0%Avira URL Cloudsafe
http://www.marksimonson.comProxima0%Avira URL Cloudsafe
http://foo/Fonts/proximanova-regular.otf0%Avira URL Cloudsafe
http://foo/Images/MarketingAnimation/desktop2.png0%Avira URL Cloudsafe
https://support.techsmith.comd=0%Avira URL Cloudsafe
http://foo/install%20states/changeusercontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/images/marketinganimation/camtasia1.png0%Avira URL Cloudsafe
http://foo/bar/windows/selectlanguagedialog.baml0%Avira URL Cloudsafe
http://foo/install%20states/uninstallusercontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/images/marketinganimation/camtasia2.png0%Avira URL Cloudsafe
http://foo/bar/install%20states/changeusercontrol.baml0%Avira URL Cloudsafe
http://foo/install%20states/finishedusercontrol.xaml0%Avira URL Cloudsafe
http://foo/bar/install%20states/modifyusercontrol.baml0%Avira URL Cloudsafe
http://foo/bar/install%20states/finishedusercontrol.baml0%Avira URL Cloudsafe
http://foo/windows/selectlanguagedialog.xaml0%Avira URL Cloudsafe
http://foo/Images/MarketingAnimation/share-menu.png0%Avira URL Cloudsafe
http://www.marksimonson.comrK0%Avira URL Cloudsafe
http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-regular.otf0%Avira URL Cloudsafe
http://foo/bar/usercontrols/featuresusercontrol.baml0%Avira URL Cloudsafe
http://foo/install%20states/modifyusercontrol.xaml0%Avira URL Cloudsafe
http://www.marksimonson.comcomd0%Avira URL Cloudsafe
http://www.marksimonson.comrV0%Avira URL Cloudsafe
http://foo/bar/fonts/proximanova-regular.otf0%Avira URL Cloudsafe
http://foo/bar/images/marketinganimation/desktop2.png0%Avira URL Cloudsafe
http://foo/bar/install%20states/errormessageusercontrol.baml0%Avira URL Cloudsafe
http://www.marksimonson.comCopyright0%Avira URL Cloudsafe
http://defaultcontainer/CamtasiaBootstrapperApplication;component/Images/MarketingAnimation/cursor.p0%Avira URL Cloudsafe
http://foo/Fonts/proximanova-semibold.otf0%Avira URL Cloudsafe
http://foo/Images/MarketingAnimation/desktop6.png0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.josbuivenga.demon.nlMuseocamtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.drfalse
  • Avira URL Cloud: safe
unknown
http://foo/Images/MarketingAnimation/camtasia2.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
low
http://foo/install%20states/csisrunningusercontrol.xamlcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
low
https://www.techsmith.comd=camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
low
http://foo/bar/images/marketinganimation/desktop3.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
low
http://www.josbuivenga.demon.nlcamtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.drfalse
  • Avira URL Cloud: safe
unknown
http://www.marksimonson.comqcamtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.techsmith.com/redirect.asp?target=windowsninstall&product=camtasiastudio&ver=22.3.0&langcamtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmpfalse
    		high
    https://support.techsmith.com/hc/de/articles/203732668CamtasiaBootstrapperApplication.resources.dll0.6.drfalse
      		high
      http://foo/Images/MarketingAnimation/desktop3.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		low
      https://www.techsmith.com/redirect.asp?target=systemrequirements&product=camtasiastudio&ver=22.3.0&lcamtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://foo/install%20states/installusercontrol.xamlcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://foo/bar/images/marketinganimation/cursor.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://foo/install%20states/errormessageusercontrol.xamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        https://www.techsmith.com/redirect.asp?target=windowsninstall&product=camtasiastudio&ver=22.camtasia.exe, 00000006.00000002.751317529.0000000000C30000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://defaultcontainer/CamtasiaBootstrapperApplication;component/ResourceDictionary.xamlcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		low
          https://www.techsmith.com/redirect.asp?target=systemrequirements&product=camtasiastudio&ver=camtasia.exe, 00000006.00000002.751317529.0000000000C30000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://support.techsmith.com/hc/ja/articles/203732668-TechSmith-Return-PolicyCamtasiaBootstrapperApplication.resources.dll.6.drfalse
              		high
              https://www.youtube.com/t/termsCamtasiaBootstrapperApplication.resources.dll4.6.drfalse
                		high
                http://foo/install%20states/optionsusercontrol.xamlcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		low
                http://wixtoolset.org/news/camtasia.exe, camtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.drfalse
                  		high
                  https://policies.google.com/privacy?hl=deCamtasiaBootstrapperApplication.resources.dll0.6.drfalse
                    		high
                    https://download.techsmith.com/camtasiastudio/releases/camtasia.exe6wget.exe, 00000002.00000003.477392459.0000000000BC1000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.477815634.0000000000BC1000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://foo/bar/install%20states/optionsusercontrol.bamlcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://wixtoolset.org/releases/SCreatingcamtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.6.drfalse
                        		high
                        http://foo/bar/install%20states/progressusercontrol.bamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-semibold.otfcamtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://foo/bar/fonts/proximanova-semibold.otfcamtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://foo/bar/install%20states/installusercontrol.bamlcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://appsyndication.org/2006/appsynapplicationc:camtasia.exe, 00000005.00000000.489737589.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmp, camtasia.exe, 00000006.00000000.490838479.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe, 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://defaultcontainer/CamtasiaBootstrapperApplication;component/windows/selectlanguagedialog.xamlcamtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://foo/Images/MarketingAnimation/cursor.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://wixtoolset.orgmbahost.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.dr, mbapreq.dll.6.drfalse
                          		high
                          https://download.techsmith.com/camtasiastudio/releases/camtasia.exewget.exe, 00000002.00000002.477846105.0000000000CE0000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.drfalse
                            		high
                            http://defaultcontainer/CamtasiaBootstrapperApplication;component/usercontrols/featuresusercontrol.xcamtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://foo/bar/images/marketinganimation/desktop6.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://foo/bar/images/marketinganimation/share-menu.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://foo/bar/install%20states/csisrunningusercontrol.bamlcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://www.josbuivenga.demon.nlCopyrightcamtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, WPFCommonControls.dll.6.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://foo/bar/install%20states/uninstallusercontrol.bamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://foo/usercontrols/featuresusercontrol.xamlcamtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://foo/install%20states/progressusercontrol.xamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://www.marksimonson.comProximaWPFCommonControls.dll.6.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://foo/Fonts/proximanova-regular.otfcamtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            https://security.google.com/settings/security/permissionsCamtasiaBootstrapperApplication.resources.dll4.6.drfalse
                              		high
                              http://foo/Images/MarketingAnimation/desktop2.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              https://support.techsmith.comd=camtasia.exe, 00000005.00000002.750699046.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.752029151.0000000002CA0000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://foo/install%20states/changeusercontrol.xamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://foo/bar/images/marketinganimation/camtasia1.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://foo/bar/windows/selectlanguagedialog.bamlcamtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://schemas.xmlsoap.org/soap/encoding/camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://assets.techsmith.com/Docs/Camtasia-2021-Deployment-Tool-Guide.pdfCamtasiaBootstrapperApplication.resources.dll4.6.drfalse
                                  		high
                                  http://foo/install%20states/uninstallusercontrol.xamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vcamtasia.exe, 00000006.00000002.755966145.0000000005362000.00000002.00000001.01000000.00000009.sdmp, Microsoft.Deployment.WindowsInstaller.dll.6.dr, BootstrapperCore.dll.6.drfalse
                                    		high
                                    https://www.techsmith.comwget.exe, 00000002.00000003.434632058.0000000000BB8000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434681470.0000000000BBA000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.434597617.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe.5.dr, camtasia.exe.2.drfalse
                                      		high
                                      http://foo/bar/images/marketinganimation/camtasia2.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://foo/bar/install%20states/changeusercontrol.bamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://foo/install%20states/finishedusercontrol.xamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://foo/bar/install%20states/modifyusercontrol.bamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://foo/bar/install%20states/finishedusercontrol.bamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      https://policies.google.com/privacy?hl=jaCamtasiaBootstrapperApplication.resources.dll.6.drfalse
                                        		high
                                        https://support.techsmith.com/hc/en-us/articles/203732668-TechSmith-Return-Policycamtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmp, CamtasiaBootstrapperApplication.resources.dll4.6.drfalse
                                          		high
                                          https://www.techsmith.com/redirect.asp?target=camtasia.exe, 00000006.00000002.756685478.0000000005882000.00000002.00000001.01000000.0000000A.sdmpfalse
                                            		high
                                            http://foo/windows/selectlanguagedialog.xamlcamtasia.exe, 00000006.00000002.754862185.00000000035E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://www.marksimonson.comrKcamtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://wixtoolset.org/releases/camtasia.exe, Microsoft.Deployment.WindowsInstaller.dll.6.drfalse
                                              		high
                                              http://foo/Images/MarketingAnimation/share-menu.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://defaultcontainer/CamtasiaBootstrapperApplication;component/Fonts/proximanova-regular.otfcamtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://foo/bar/usercontrols/featuresusercontrol.bamlcamtasia.exe, 00000006.00000002.754151345.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://foo/install%20states/modifyusercontrol.xamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://www.marksimonson.comcomdcamtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.marksimonson.comrVcamtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://foo/bar/fonts/proximanova-regular.otfcamtasia.exe, 00000006.00000002.754926608.0000000003608000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://schemas.xmlsoap.org/wsdl/camtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.marksimonson.comcamtasia.exe, 00000006.00000002.751386655.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, camtasia.exe, 00000006.00000002.761967978.0000000009592000.00000004.00000800.00020000.00000000.sdmp, WPFCommonControls.dll.6.drfalse
                                                  		high
                                                  http://wixtoolset.org/camtasia.exefalse
                                                    		high
                                                    http://wixtoolset.org/telemetry/vcamtasia.exefalse
                                                      		high
                                                      https://policies.google.com/privacycamtasia.exe, 00000006.00000002.757000023.00000000058F7000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                        		high
                                                        http://foo/bar/images/marketinganimation/desktop2.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        https://policies.google.com/privacy?hl=pt-BRCamtasiaBootstrapperApplication.resources.dll4.6.drfalse
                                                          		high
                                                          http://foo/bar/install%20states/errormessageusercontrol.bamlcamtasia.exe, 00000006.00000002.754283314.000000000348D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.marksimonson.comCopyrightcamtasia.exe, 00000006.00000002.756685478.0000000005882000.00000002.00000001.01000000.0000000A.sdmp, camtasia.exe, 00000006.00000002.758598344.0000000005F12000.00000002.00000001.01000000.0000000E.sdmp, camtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmp, WPFCommonControls.dll.6.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://defaultcontainer/CamtasiaBootstrapperApplication;component/Images/MarketingAnimation/cursor.pcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://foo/Fonts/proximanova-semibold.otfcamtasia.exe, 00000006.00000002.755219331.00000000036A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://foo/Images/MarketingAnimation/desktop6.pngcamtasia.exe, 00000006.00000002.752276135.00000000031E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://appsyndication.org/2006/appsyncamtasia.exefalse
                                                          • URL Reputation: safe
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          8.8.8.8
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          23.205.232.22
                                                          		unknownUnited States
                                                          		16625AKAMAI-ASUSfalse

                                                          General Information

                                                          Joe Sandbox Version:36.0.0 Rainbow Opal
                                                          Analysis ID:753409
                                                          Start date and time:2022-11-24 19:13:53 +01:00
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 13m 35s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:urldownload.jbs
                                                          Sample URL:https://download.techsmith.com/camtasiastudio/releases/camtasia.exe
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:10
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:SUS
                                                          Classification:sus30.evad.win@7/55@0/2
                                                          EGA Information:
                                                          • Successful, ratio: 66.7%
                                                          HDC Information:
                                                          • Successful, ratio: 64.5% (good quality ratio 61.9%)
                                                          • Quality average: 73.2%
                                                          • Quality standard deviation: 27.4%
                                                          HCA Information:
                                                          • Successful, ratio: 84%
                                                          • Number of executed functions: 105
                                                          • Number of non-executed functions: 291

                                                          Warnings

                                                          • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                          • Execution Graph export aborted for target wget.exe, PID 2692 because there are no executed function
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          No simulations

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          No context

                                                          Domains

                                                          No context

                                                          ASNs

                                                          No context

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\Users\user\Desktop\cmdline.out

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:modified
                                                          Size (bytes):560894
                                                          Entropy (8bit):2.189471291564133
                                                          Encrypted:false
                                                          SSDEEP:1536:dK8QXYaJk+N2Ryy1WS9MQ3JnGsxc2REiLDsKZIAMFd8JDhuWsfLlDhCS/ciSuHz1:sxdEzJae61
                                                          MD5:513243550C654A23E9443A54D674AEEC
                                                          SHA1:220674420B8BE12412AB9DF40DA74794FC07362D
                                                          SHA-256:19A91D33FE2E21A052A51DE2624BA071554C6BEC9EDF1784DD1EBC58A6398A29
                                                          SHA-512:E8C5D7C3060A402F0DB33A5E8B9C6112C91591E1EDB7365FE03997F461C458AB94A44B6929D34F67B785A83385C29021781095F2A3949DCE1A9A17FBC27AC2F6
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:--2022-11-24 19:14:43-- https://download.techsmith.com/camtasiastudio/releases/camtasia.exe..Resolving download.techsmith.com (download.techsmith.com)... 23.205.232.22..Connecting to download.techsmith.com (download.techsmith.com)|23.205.232.22|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 368315368 (351M) [application/octet-stream]..Saving to: 'C:/Users/user/Desktop/download/camtasia.exe'.... 0K .......... .......... .......... .......... .......... 0% 902K 6m39s.. 50K .......... .......... .......... .......... .......... 0% 1.24M 5m41s.. 100K .......... .......... .......... .......... .......... 0% 1.16M 5m29s.. 150K .......... .......... .......... .......... .......... 0% 1.86M 4m54s.. 200K .......... .......... .......... .......... .......... 0% 1.20M 4m53s.. 250K .......... .......... .......... .......... .......... 0% 2.35M 4m29s.. 300K .......... .......... .......... .......... .......... 0% 1.88M 4m17s.. 350K ....

                                                          C:\Users\user\Desktop\download\camtasia.exe

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\wget.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):368315368
                                                          Entropy (8bit):7.99971960397624
                                                          Encrypted:true
                                                          SSDEEP:6291456:j6ZqpwjIuzjEinRLMtQRBj4xfEXPuaoZhPNEyvpYORwtpG2SepZlmkxe49WvMBqD:j6cuXzjEoRWCjDQvEGY9pG2v3lLwBvMC
                                                          MD5:0C60C5F487C288CF2C6B09FE7E4A7D77
                                                          SHA1:0927751BA365DD9B672B2A10CF7FB1584579FC7D
                                                          SHA-256:3913A1981B8FAE2BB3A9D5C6B00B90ADEA03AB407C2FE958D7C01DC3383F0945
                                                          SHA-512:A786DFB0C7394E4D44D87B2A392A830B2616EFEF522A59FB9BC48B6FE7F98AA908DA3A60AF601AEE3CE13E3FD805751E24A663B5533CFC1A719E2770781D3764
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.o.}k..}k..}k.....wk......k.....ek../...nk../...ik../...Vk..t...xk..t...lk..}k..(j......6k......|k..}k...k......|k..Rich}k..........PE..L...2p.]............................q.............@..................................W....@.........................................................P....*.......=..0p..T....................p.......j..@...................4|.......................text............................... ..`.rdata..`...........................@..@.data...............................@....wixburn8...........................@..@.rsrc...............................@..@.reloc...=.......>...Z..............@..B........................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1028\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2025
                                                          Entropy (8bit):6.231406644010833
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DTAT8tMBCus9T3FVWmHdniarRFeOrw8Nhv2VyfN3mKNWFP44SBWWW1GyfiPq:8L4T2RJhfHP8+VYuTmQUc2mE
                                                          MD5:1D4B831F77EFEC96FFBC70BC4B59B8B5
                                                          SHA1:1B3ED82655AEC8A52DAEC60F8674BC7E07F8CFEB
                                                          SHA-256:1B93556F07C35AC0564D57E0743CCBA231950962C6506C8D4A74A31CD66FD04C
                                                          SHA-512:C6CCB188281F161DEBF02DCDDE24B77D8D14943DEED8852E77E5AFB18F3F62683AB1AE06DCEB1E09D53804A76DF6400A360712D8E7E228B7F971054BB4FB2496
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-tw" Language="1028" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName] ...... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive | /quiet - ...... UI ............ UI ... ........... UI ........../norestart - ................UI ............./log log.txt - ............ %TEMP% ......</String>.. <Stri

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1029\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2458
                                                          Entropy (8bit):5.36165936198009
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DTZT8u9cktosM6re4mSTcIIyfI7sh/DMNwIHWAoN3mepNRfKPnWZ0hqAQZfC:8LxTK23f33AwIViRrRynRuZfiMS
                                                          MD5:CC8C6D04DC707B38E0F0C08BA16FE49B
                                                          SHA1:95EA7F570677AEA52393D02FDB21CEBB218A7343
                                                          SHA-256:DC445E2457ED31ABF536871F90FF7CC96800A40B6BC033F37D45E3156A3B4FA9
                                                          SHA-512:A4B19EBC8BB0D88ABA7D3D5783E28F8B6E0960582A540059BC71076B1203BF43BCA15EA726272D15395C7B4E431046ADA1CBB9D55072BBC5DBE7729C4599F0E0
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="cs-cz" Language="1029" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalace produktu [WixBundleName]</String>.. <String Id="Title">Pro instalaci produktu [WixBundleName] je vy.adov.no rozhran. Microsoft .NET Framework.</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da k instalaci</String>.. <String Id="HelpText">/passive | /quiet - Zobraz. minim.ln. u.ivatelsk. rozhran. bez jak.chkoli.. v.zev, nebo nezobraz. ..dn. u.ivatelsk. rozhran. ani ..dn. v.zvy. Ve v.choz.m.. nastaven. se jak u.ivatelsk. rozhran., tak i v.echny v.zvy zobrazuj....../norestart - Potla.. jak.koli p

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1030\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2286
                                                          Entropy (8bit):5.061915970731254
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DCrT81tbzjamsjFq7LhzqGgdRDJNbqoN3mpN+ELPnfyOwYxPyzraXnAF:8LaTOkaEOiGd/BwF
                                                          MD5:7C6E4CE87870B3B5E71D3EF4555500F8
                                                          SHA1:E831E8978A48BEAFA04AAD52A564B7EADED4311D
                                                          SHA-256:CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696
                                                          SHA-512:2A02415A3E5F073F4530FD87C97B685D95B8C0E1B15EFD185CC5CB046FCF1D0DCE28DB9889AD52588B96FE01841A7A61F6B7D6D2F669EAB10A8926C46B8E93D1
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="da-dk" Language="1030" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation af [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework skal v.re installeret i forbindelse med Installationen af [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Er du sikker p., at du vil annullere?</String>.. <String Id="HelpHeader">Hj.lp til installation</String>.. <String Id="HelpText">/passive | /quiet - viser en minimal brugergr.nseflade uden prompter eller.. viser ingen brugergr.nseflade og ingen prompter... Brugergr.nsefladen og alle prompter vises som standard...../norestart - skjuler fors.g p. genstart. Der vises som standard en.. foresp.rgse

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1031\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2442
                                                          Entropy (8bit):5.094465051245675
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DASTcCwit/soJy9hkVByUZN+29N3mfN65PS9CvZwZi7uuASD:8LxT8itGeVB97+gyC9BdaSD
                                                          MD5:C8E7E0B4E63B3076047B7F49C76D56E1
                                                          SHA1:4E44E656A0D552B2FFD65911CB45245364E5DBF3
                                                          SHA-256:631D46CB048FB6CF0B9A1362F8E5A1854C46E9525A0260C7841A04B2316C8295
                                                          SHA-512:FD7E8896F9414F0DB7A88F926F55EE24E0591DA676F330200BC6BB829EB32648D90D3094E0011BFE36C7BA8BE41DFD74B12D444AFEA0D2866801258DA4FA16E8
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="de-de" Language="1031" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <UI Control="InstallButton" Width="180" />.. .. <String Id="Caption">[WixBundleName]-Setup</String>.. <String Id="Title">F.r das [WixBundleName]-Setup ist Microsoft .NET Framework erforderlich.</String>.. <String Id="ConfirmCancelMessage">Sind Sie sicher, dass Sie den Vorgang abbrechen m.chten?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne.. Eingabeaufforderungen oder keine Benutzeroberfl.che und keine.. Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und.. alle Eingabeaufforderungen angezeigt...../no

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1032\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):3400
                                                          Entropy (8bit):5.279888750092028
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7D8jVT8dUk9Ug/usOo2pNSBIbESvR2drdESPzghC76DeN2hL0eLoN3mOLSNIx:8L45TCyop5riGzH7xgJit8IqSsBwqk
                                                          MD5:074D5921AF07E6126049CB45814246ED
                                                          SHA1:91D4BDDA8D2B703879CFE2C28550E0A46074FA57
                                                          SHA-256:B8E90E20EDF110AAAAEA54FBC8533872831777BE5589E380CFDD17E1F93147B5
                                                          SHA-512:28DAC36516BCC76BCC598C6E7ABDE359695F85AB7A830D6ADBC844EB240D9FA372CB5A5CE4DBE21E250408C6B246D371D3CDD656D2178FB0EC22DAC7D39CBD9F
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="el-gr" Language="1032" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">........... ... [WixBundleName]</String>.. <String Id="Title">... ... ........... ... [WixBundleName] .......... .. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">..... ....... ... ...... .. ..... .......;</String>.. <String Id="HelpHeader">....... ... ... ...........</String>.. <String Id="HelpText">/passive | /quiet - ......... ........ ........... ... ............. .......... ...... ..... ........ . ... ..

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1035\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2235
                                                          Entropy (8bit):5.142592159444541
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DE+T8Z+bm5snwETMAoQEATN27uNBDReq4N3mJeNHNP64NsFKJJem4vyAs:8LZTDkZ7+2IBCht6J8neHs
                                                          MD5:E338408F1101499EB22507A3451F7B06
                                                          SHA1:83B42F9D7307265A108FC339D0460D36B66A8B94
                                                          SHA-256:B7D9528F29761C82C3D926EFE5E0D5036A0E0D83EB4CCA7282846C86A9D6F9F3
                                                          SHA-512:F7BE923DC2856E0941D0669E2DE5A5C307C98DC7EBA0A1B68728EB29C95B4625145C2AD3AC6F6B6D82F062887EA349E2187F1F91785DDE5A5083BC1150E56326
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fi-fi" Language="1035" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] -asennus</String>.. <String Id="Title">Microsoft .NET Framework tarvitaan [WixBundleName] -asennusta varten</String>.. <String Id="ConfirmCancelMessage">Haluatko varmasti peruuttaa?</String>.. <String Id="HelpHeader">Asennusohjelman ohje</String>.. <String Id="HelpText">/passive | /quiet - n.ytt.. mahdollisimman v.h.n k.ytt.liittym.st.; ei.. kehotteita tai ei k.ytt.liittym.. ja kehotteita. Oletusarvoisesti.. k.ytt.liittym. ja kaikki kehotteet n.ytet..n...../norestart - est.. uudelleenk.ynnistysyritykset. Oletusarvoisesti.. k.ytt.liittym. kysyy ennen uudelleenk.yn

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1036\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2306
                                                          Entropy (8bit):5.076293283609686
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DyBT81BbKBswAL1xV1wjRcDSNwDXoN3mSZfNhkLPkQpznsdMEodAY:8LwTK5KHsijmEXY
                                                          MD5:AA32A059AADD42431F7837CB1BE7257F
                                                          SHA1:4CD21661E341080FB8C2DEFD9F32F134561FC3BA
                                                          SHA-256:88E7DDACD6B714D94D5322876BD50051479B7A0C686DC2E9EB06B3B7A0BC06C9
                                                          SHA-512:78E201F369E65535E25722DFC0EFE99EDF641F7C14EFF1526DC1CC047FF11640079F1E3D25C9072CF25F4804195891BE006FC5ED313063AFCB91FB5700120B88
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="fr-fr" Language="1036" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework requis pour l'installation de [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.tes-vous s.r de vouloir annuler.?</String>.. <String Id="HelpHeader">Aide de l'installation</String>.. <String Id="HelpText">/passive | /quiet - affiche une interface minimale sans invites ou n'affiche.. aucune interface ni aucune invite. Par d.faut, l'interface et toutes les.. invites sont affich.es...../norestart - annule toute tentative de red.marrage. Par d.faut, l'interface.. affiche une invite avant de red.marrer..

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1038\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2392
                                                          Entropy (8bit):5.293225307744296
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DwzT8cSwvs48mF7GD/g1v0wH7N3wwJxL99oN3m/ZNRUYPBZRT1XESW3o/ULG:8LQT2wpFGbgT3wMN2QRj/y/LKr
                                                          MD5:17FB605A2F02DA203DF06F714D1CC6DE
                                                          SHA1:3A71D13D4CCA06116B111625C90DD1C451EA9228
                                                          SHA-256:55CF62D54EFB79801A9D94B24B3C9BA221C2465417A068950D40A67C52BA66EF
                                                          SHA-512:D05008D37143A1CC031F4B6268490A5A10FBB686C86984D20DB94843BDC4624EF9651D158DCB5B660FC239C3C3E8D087EB5D23FFFB8C4681910CBC376148F0F0
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="hu-hu" Language="1038" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] telep.t.</String>.. <String Id="Title">A(z) [WixBundleName] telep.t.s.hez Microsoft .NET-keretrendszer sz.ks.ges</String>.. <String Id="ConfirmCancelMessage">Biztosan megszak.tja?</String>.. <String Id="HelpHeader">A telep.t. s.g.ja</String>.. <String Id="HelpText">/passive | /quiet - Minim.lis felhaszn.l.i fel.let megjelen.t.se k.rd.sek.. n.lk.l, illetve felhaszn.l.i fel.let .s k.rd.sek megjelen.t.se n.lk.li.. telep.t.s. Alapesetben a felhaszn.l.i fel.let .s minden k.rd.s megjelenik...../norestart - Az .jraind.t.si k.r.sek elrejt.se. Alapeset

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1040\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2304
                                                          Entropy (8bit):4.985260685429469
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DQyT81ebRcesyB+lY25ukVpkXJM2DJNXhpXZoN3mMhNTM+POYO/n1YxXlcI5:8LFTzLtkfwWKXHZi37MIDp
                                                          MD5:50261379B89457B1980FF19CFABE6A08
                                                          SHA1:F80B1F416539D33206CE3C24BA3B14B799A84813
                                                          SHA-256:A40C94EB33F8841C79E9F6958433AFFD517F97B4570F731666AF572E63178BB7
                                                          SHA-512:BBD9794181EEC95D6BE7A1B7BA83FD61AF2B2DF61D9DA8DDA2788B61BEC53C30FCEFE5222EDF134166532B36D3AB6CE8996F2D670DC6907C1864AF881A21EA40
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="it-it" Language="1040" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">Microsoft .NET Framework necessario per l'installazione di [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida dell'installazione</String>.. <String Id="HelpText">/passive | /quiet - visualizza l'interfaccia utente minima senza istruzioni.. oppure non visualizza n. l'interfaccia utente n. le istruzioni. Per.. impostazione predefinita vengono visualizzate interfaccia utente e.. istruzioni...../norestart - elimina eventuali tentativi di riavvio. Per impostazione.. predefinita l'int

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1041\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2545
                                                          Entropy (8bit):5.923292576429967
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DpcYT86WyscLpTIFw6tnOUjsj/D3NIgHcQN3mKN/WPOhT0SXsDay+z8QZEcE:8L1TccOFw6tnOUjsjpICnlOO934apWz
                                                          MD5:DB0F5BAB42403FD67C0A18E35E6880EC
                                                          SHA1:C0A18C8C5BCD7B88C384B5304B56EEB85A0DA3DC
                                                          SHA-256:CCDCDB111EFA152C5F9FF4930033698B843390A549699AE802098D87431F16FE
                                                          SHA-512:589522BD4A26BF54CCF3564E392E41BBBA4E7B3FD1ED74E7F4F6AD6F2E65CDE11FFF32D0C5F3BCD09052FE5110FDC361D1926E220FD0BAD2D38CAC21BBE93211
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ja-jp" Language="1041" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ......</String>.. <String Id="Title">[WixBundleName] ........ Microsoft .NET Framework .....</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/passive | /quiet - ... UI ....................UI.. .............. .....UI ....................../norestart - ........................

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1042\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2236
                                                          Entropy (8bit):5.97627825234954
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7D3sT8ZeusKOwOWGyKCstFmhENI2Y+kN3mp4iNmi6IPa0dDaoIunvZqIHU5UH:8LQTXvRFhIzl44wmgko04U5TY
                                                          MD5:442F8463EF5CA42B99B2EFACA696BD01
                                                          SHA1:67496DB91CBAA85AC0727B12FC2D35E990537DAC
                                                          SHA-256:D22F6ADA97DBFFC1E7548E52163807F982B30B11A2A5109E71F42985102CCCBD
                                                          SHA-512:A350EAF9E7AEAFAB1163D7C0B8D014AFE07EE98BAE3915CBDD3C26282E345A0838E853C89BAE8943474758DCBCFD0BB0724A0C75CBF969F321FAB4944E8704FD
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ko-kr" Language="1042" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] ... ... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/passive | /quiet - ... .. .. UI. ..... UI. .... .... .... ..... ..... UI . .. .... ........../norestart - .. ..... ... ...... ..... UI. .. .... .. .... ......../log log.txt - .

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1043\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2312
                                                          Entropy (8bit):4.965432037520827
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DK1T8u7hbU7Asd7MqpSwzCcHGFN9OsNN3mvoNBC7hPFtO7+xw7t0Yza2Al:8LcTtpGLFSwJHmPnnKhEBtsl
                                                          MD5:67F28BCDB3BA6774CD66AA198B06FF38
                                                          SHA1:85D843B7248A5E1173FF9BD59CB73BB505F69B66
                                                          SHA-256:226B778604236931B4AE45F6F272586C884A11517444A34BF45CD5CAE49BE62E
                                                          SHA-512:7BC7D3E6E19ECF865B2CABFC46C75D516561D5A8A81A8ED55B4EDBA41A13A7110F474473740200AFB035B9597A2511D08C2A2E7A9ADE2C2AB4D3F168944B8328
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nl-nl" Language="1043" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installatie</String>.. <String Id="Title">Microsoft .NET Framework is vereist voor installatie [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Weet u zeker dat u de installatie wilt annuleren?</String>.. <String Id="HelpHeader">Help bij Setup</String>.. <String Id="HelpText">/passive | /quiet - geeft een minimale gebruikersinterface weer zonder prompts.. of geeft geen gebruikersinterface en geen prompts weer. Gebruikersinterface.. en alle prompts worden standaard weergegeven...../norestart - pogingen tot opnieuw opstarten onderdrukken... Gebruikersinterface vraagt standaard al

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1044\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2171
                                                          Entropy (8bit):5.089922193759582
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DTeT8uUbnFdsLnFHv+Gpm1qL5DQNDDaoN3mpZfN15dPnfuOOg5wZ5uAq8fAS:8L+Tec1x8Siule4S
                                                          MD5:5454F724C9CDAB8172678A1CC7057220
                                                          SHA1:241A57018ACE1210881583A9CF646E7D2E51412F
                                                          SHA-256:41545AC1247B61C3C3E2A7E4659D9FAD2BCCA8347C69F2EB7B9D0CF5FC31E113
                                                          SHA-512:40E311EADA299996E32A7D35223CA678A03C869D63C023D59BC97A7B2049B0252AA9D0A7EC8558D5ACB73BD14C7BFA913097E65ABEE7455658DB7E35BBDA8AE1
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="nb-no" Language="1044" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Installasjonsprogram</String>.. <String Id="Title">Microsoft .NET Framework kreves for [WixBundleName]-installasjon</String>.. <String Id="ConfirmCancelMessage">Er du sikker p. at du vil avbryte?</String>.. <String Id="HelpHeader">Installasjonshjelp</String>.. <String Id="HelpText">/passive | /quiet - viser minimalt brukergrensesnitt uten ledetekster, eller.. ikke noe brukergrensesnitt og ingen ledetekster. Som standard vises.. brukergrensesnitt og alle ledetekster...../norestart - undertrykker alle fors.k p. omstart. Som standard sp.r.. brukergrensesnittet f.r omstart.../log log.txt

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1045\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2368
                                                          Entropy (8bit):5.270514043715206
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7Du4OT82gXusarwkfpYrKD8DTNkbNuoN3mjbsNniIPh8ynN1NYd4iYuffAL:8LKTsXgpYr2IyoiiOffpT3L
                                                          MD5:96ACAAA5AEF7798E9048BAFF4C3FA8D3
                                                          SHA1:E76629973F6C1CFC06F60BA64FE9F237B2DB9698
                                                          SHA-256:F4AA983E39FB29C95E3306082F034B3A43E1D26489C997B8E6697B6A3B2F9F3C
                                                          SHA-512:964F73E572BDCB1AD946C770E6A2FB4A1CE54AF4B5BB072F64256083BA27A223F4DAD4A95B9D2A646180806D1F977726147970B06AAC35EED75AEC6CA89ED337
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pl-pl" Language="1045" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalator programu [WixBundleName]</String>.. <String Id="Title">Do zainstalowania programu [WixBundleName] jest wymagany program Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Pomoc instalatora</String>.. <String Id="HelpText">/passive | /quiet - wy.wietla minimalny interfejs u.ytkownika bez monit.w.. lub nie wy.wietla interfejsu u.ytkownika ani monit.w. Domy.lnie jest.. wy.wietlany interfejs u.ytkownika i wszystkie monity...../norestart - pomija wszelkie pr.by ponownego uruchomienia. Domy.lnie.. interf

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1046\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2147
                                                          Entropy (8bit):5.130635342194656
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DuoT85b0s/4TDoYDj4NF5j2hN3mMNYskPDXKIMaKcP9A5g:8L1TmBHjs59M8r6
                                                          MD5:BD39ADB6B872163FD2D570028E9F3213
                                                          SHA1:688B8A109688D3EA483548F29DE2E57A8A56C868
                                                          SHA-256:ECB5C22E6C2423CAF07AEBE69F4FAF22450164EEE9587B64EF45A2D7F658CA15
                                                          SHA-512:F2826BE203E767D09FF0D7677E1CF5B13113B773D529166DAE02A1F5DB2DC58E0856A34901DF70011EBABB6E964FAB7ACF38590E650BD629D4E4DC4CB36C8D45
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-br" Language="1046" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">Microsoft .NET Framework . necess.rio para instala..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/passive | /quiet - exibe UI m.nima sem avisos ou exibe sem UI e.. sem avisos. Por padr.o a UI e todos avisos s.o exibidos...../norestart - suprime qualquer tentativa de reinicializa..o. Por padr.o a UI.. ir. solicitar antes de reiniciar.../log log.txt - logs para um arquivo espec.fico. Por padr.

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1049\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2880
                                                          Entropy (8bit):5.408094213063887
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DkTT8fjtEeusogrohY2Ar7DHNnjTh53oN3miRMNKrdPin+/uYcbSkuEIcOvG:8LYT8EeHMMJRNi1Ruwi3OwL
                                                          MD5:DAF167AF4031EF47E562056A7D51AA73
                                                          SHA1:0156B230CADD6169AC2820865E3C031ED79785EF
                                                          SHA-256:C91C9E87AB4A6DB078F1991F4A2CDC726B58A40E47BCE49D39168A8F8F151C3B
                                                          SHA-512:5E87EE3838E3595ADBD7EABA6E3E33CDFEA5E15ED716FBCCDBD55235B3E53E1E41EA5A907F425E96C35167543C7F75AC5214B5AEE177D299FC2464A68B22851E
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="ru-ru" Language="1049" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">......... [WixBundleName]</String>.. <String Id="Title">... ......... [WixBundleName] ......... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.. ............. ...... ........ ........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/passive | /quiet - ........... ............ .. ... ........ ... ...... ... .. .. . ............ .. ......... ............ .. . ... ......

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1051\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2334
                                                          Entropy (8bit):5.397882326481071
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7D+cT8muPusz2qs1u+Vh1TqDINHZJoN3m8fN0vPp3OAwa2ywSODAm:8L1TuPdKNzfifFmcatm
                                                          MD5:016C278E515F87F589AD22C856B201F7
                                                          SHA1:F20C7DB38B3161B143DEC4E578CE71D7F585F436
                                                          SHA-256:4A7FDF4A9033FE05C31F565ED3AE5B8C67D324B7AEADB737CE95DBB416D46868
                                                          SHA-512:310C85B27E1ECF4C6729E88051037150CFBA0234A0138666C26662B3D665FF38B74E95ABCADDEEF6CBEBB23E3357FAC487E6EE5EB8FE158C269D77672191B042
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sk-sk" Language="1051" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] . in.tal.cia</String>.. <String Id="Title">Na in.tal.ciu aplik.cie [WixBundleName] sa vy.aduje s..as. Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">Naozaj chcete zru.i. oper.ciu?</String>.. <String Id="HelpHeader">Pomocn.k pre in.tal.ciu</String>.. <String Id="HelpText">/passive | /quiet . zobraz. minim.lne pou..vate.sk. rozhranie bez v.ziev alebo.. nezobraz. .iadne pou..vate.sk. rozhranie ani v.zvy. Predvolene sa.. zobrazuje pou..vate.sk. rozhranie aj v.etky v.zvy...../norestart . zru.. v.etky pokusy o re.tart. Pou..vate

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1053\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2132
                                                          Entropy (8bit):5.1255014007111495
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DviT8NFLbu9sM2vECjf26axBZYXcqADCNKTbkoN3maT6NWOjEXPauOOKYnhf:8LmTAcRnQXFPK0iHMsfb2Ws3M
                                                          MD5:D95E81164C57B6FD75E7C3022454192E
                                                          SHA1:5D5ACBC56E7078AF4D04C45B78C0FF090C02EE6A
                                                          SHA-256:6DD61CC6B87B53EAF28430068A2A459730FD4B2BCF876CCDF040212D04C4FE7D
                                                          SHA-512:9E4BA81A145574818DD6A1F1D0EC38EA1629C7771919C35923F440E31EA9912E1630D94FCDB82B71104EBD61D0321DCDF935BA20D69988EE6E9B22259186AF0C
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sv-se" Language="1053" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName]-installation</String>.. <String Id="Title">Microsoft .NET Framework kr.vs f.r installation av [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Vill du avbryta?</String>.. <String Id="HelpHeader">Installationshj.lp</String>.. <String Id="HelpText">/passive | /quiet - visar ett minimalt anv.ndargr.nssnitt utan prompter,.. alternativt inget anv.ndargr.nssnitt och inga prompter. Som standard visas.. anv.ndargr.nssnitt och samtliga prompter...../norestart - hejdar omstart. Som standard visar anv.ndargr.nssnittet en.. prompt f.re omstart.../log log.txt - skapar logg till

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1055\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2303
                                                          Entropy (8bit):5.2754753523795275
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DNcYT8anOSMsHEqGpcBztpvrJlrs2ZmNI2+Yo6irN3m22NFcPc+4Trzrdgc7:8LZHTE7APaTI9sq6yEbgg
                                                          MD5:01B200E06BA600A4EF00C00F7AAC5CE4
                                                          SHA1:22234426C42637E069A46217019551E4434A4AB6
                                                          SHA-256:06BFB6DFBC38105C699DEA226A029DF3EF673C33E4B8928DC4EC7FB8F761487D
                                                          SHA-512:8BDCF7533A6BCFA231B42A7EF845A70C7535FBF607D62FF6404928D5941BA6AFBF139450A1A1B58C65FACF88DC0785AEC4ABEFBCC803466A58B1930F7C468CDD
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="tr-tr" Language="1055" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName] kurulumu i.in Microsoft .NET Framework gerekir</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/passive | /quiet - komut istemi olmayan olabildi.ince k...k bir UI.. g.r.nt.ler veya komut istemi ve UI g.r.nt.lemez. Varsay.lan olarak UI.. ve t.m komut istemleri g.r.nt.lenir...../norestart - yeniden ba.latma denemelerini engeller. Varsay.lan.. olarak UI yeniden ba.latmadan .nce komut isteyecekt

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\1060\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2200
                                                          Entropy (8bit):5.1485120966265
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DZ0T8obZsw9g5gS56K97D7NCt2VoN3mQXNJPOhP58vqc1qwueo3RAL:8LyTLlS9h9hCtsihdxOh+NL
                                                          MD5:5836F0C655BDD97093F68AAF69AB2BAB
                                                          SHA1:B6842E816F9E0DCC559A5692E4D26101D10B4B16
                                                          SHA-256:C015247D022BDC108B4FFCAE89CB55D1E313034D7E6EED18744C1BB55F108F8C
                                                          SHA-512:640A79D6A756E591AD02DDCCC53BC43F855C5148B8CBB5CE6C1CAF5419CA02F7B2AFF89CCA4C056356814D3899EF79BF038B4E8B4B79EB85138A3CEDCCE93E5B
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="sl-si" Language="1060" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Namestitev</String>.. <String Id="Title">Microsoft .NET Framework, potreben za namestitev paketa [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Ali ste prepri.ani, da .elite preklicati?</String>.. <String Id="HelpHeader">Pomo. za namestitev</String>.. <String Id="HelpText">/passive | /quiet - prika.e minimalni uporabni.ki vmesnik brez pozivov ali ne prika.e.. uporabni.kega vmesnika in pozivov. Privzeto so prikazani uporabni.ki vmesnik in.. vsi pozivi...../norestart - skrije vse mo.nosti za vnovicni zagon. Privzeto uporabni.ki vmesnik.. prika.e poziv pred ponovnim zag

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\2052\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1980
                                                          Entropy (8bit):6.189594519053644
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DjQT8tOBousi+zq+frUR2ropNV2rfN3msNUqPPT9T+DwZ9f5wDTAV:8L4TGUGw3V8N3RykV
                                                          MD5:A34DCF7771198C779648B89156483E83
                                                          SHA1:A6E0FA91CD50048511C7BEF1BE3A8D32B42B6D1F
                                                          SHA-256:89C559C6765F8D643469E3C8F4AA93023F09369B0395EA647FAD5AF3C2893EB6
                                                          SHA-512:0F1D7BC4FD64E18EEEC488CDCE01FB6BFA5CD3BFF614A8D03E388D39F569B8341E74302946877EB25BA1EB17AEC137499189605E251FAFB6B20051744CB463B1
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="zh-ch" Language="2052" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] ..</String>.. <String Id="Title">[WixBundleName] .... Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/passive | /quiet - ..... UI .......... UI ... ........... UI ........../norestart - .............. UI ........../log log.txt - .............. %TEMP% ........</String>.. <String Id="HelpCloseButton"

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\2070\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2211
                                                          Entropy (8bit):5.1155097909395035
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DbT8QGls54nK3znI5zKDj4NLkdoN3mMNYsEPbpK2Aegeu9A5g:8LXTUasJnYdi59som6
                                                          MD5:8A278E519EF81B2847490EFB070219BC
                                                          SHA1:7365EDF6E4F9E66B6CEE47933B6C70FF0B9ECFF8
                                                          SHA-256:E2BFDB2CF3BEAE2E988827C52C58006D7EEAD4ABA5312B5EAE1F6CCF3863C385
                                                          SHA-512:88275C1136FFB15AB04D315E8601BE2DE77387F3E00F17E9807E415A9DFC4A73E2CD3B5710E4CA58006F91E18180D7CFAEEF4E8319C624E1B81397F9CB9ECA92
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="pt-pt" Language="2070" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Configura..o do [WixBundleName]</String>.. <String Id="Title">O Microsoft .NET Framework . necess.rio para a configura..o do [WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem a certeza de que pretende cancelar?</String>.. <String Id="HelpHeader">Ajuda da Configura..o</String>.. <String Id="HelpText">/passive | /quiet - apresenta IU m.nima sem mensagens ou n.o apresenta IU nem.. mensagens. Por predefini..o, s.o apresentadas a IU e todas as mensagens...../norestart - suprimir qualquer tentativa de rein.cio. Por predefini..o, a IU.. avisar. antes de reiniciar.../log log.txt - r

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\3082\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2400
                                                          Entropy (8bit):4.992567587099768
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DLT8/OusS2V8j4Lq+7dKzCLdqaaD6NJaXFoN3mRNLo3PWKWnRcsB9A8:8LfTz+8EPqKqTJiFikUgk8
                                                          MD5:1024AA88AE01BC7BA797193CC6023375
                                                          SHA1:9252A309C1CB32573F4D58A595A78660FDF54B2F
                                                          SHA-256:B884C4ABB8867553C1FFADD6721C2135EC5F9F1455C3F668D711CCEA65363D1A
                                                          SHA-512:77E6DD332104C0461B7C5A08469161AF3F1DC51D3B55585D39DD9FC9E2088DA036BDF2278CFB96CA702FD26CE073C6C6F66611313270700B9E7A76600C1C8E38
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="es-es" Language="3082" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">La instalaci.n de [WixBundleName] requiere Microsoft .NET Framework</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar?</String>.. <String Id="HelpHeader">Ayuda del programa de instalaci.n</String>.. <String Id="HelpText">/passive | /quiet - muestra una interfaz de usuario m.nima y no realiza.. preguntas, o bien no muestra interfaz de usuario y no realiza preguntas... De manera predeterminada se muestra la interfaz de usuario completa y se.. realizan todas las preguntas necesarias...../norestart - suprime cu

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.de-DE.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (336), with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1020
                                                          Entropy (8bit):5.233721305179343
                                                          Encrypted:false
                                                          SSDEEP:24:2d54+QGRLjoEDo+xRvn1IQoPoecam+6N0bYoxZaVwWJs2ix8d5:c9TSET71CQLt0bzIJ
                                                          MD5:7D187DAD9DD9DC8DECC740DF4BF476D9
                                                          SHA1:EA17C69D4CB679A8B3BE22365BE28105BF7D2EF1
                                                          SHA-256:1E893384D56472D5D6CC5AF101D1CE659E67DFE1D29029C320CE144112942B1F
                                                          SHA-512:A0A6E5F3D621F2A9220AAC3E482317F0523827AB3DFB37AA240F2A52E6AC9752116466DD8A2E23A9A91D50A1DF9F11F702FCC74608A19F6DD63E133D853E30F6
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="de-DE" Codepage="1252" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="LaunchCondition_Windows">F.r die Installation von [WixBundleName] wird Microsoft Windows.10 Version.1909 oder neuer ben.tigt. Bitte aktualisieren Sie zun.chst Windows gem.. den &lt;a href=&quot;[RedirectURL_systemrequirements]&quot;&gt;Systemanforderungen&lt;/a&gt; und starten Sie dann die Installation erneut.</String>.. <String Id="LaunchCondition_64Bit">[WixBundleName] ben.tigt ein 64-Bit-Betriebssystem.&#xD;&#xA;&#xD;&#xA;Die Installation kann nicht fortgesetzt werden.</String>.. <String Id="LaunchCondition_MediaFeaturePack">Um [WixBundleName] unter Windows N und KN nutzen zu k.nnen, muss das das Windows Media Feature Pack installiert sein. Bitte installieren Sie das Windows Media Feature Pack f.r Ihre Betriebssystem-Version &lt;a href=&quot;[RedirectURL_windowsninstall]&quot;&gt;hier&lt;/a&gt;.</String>..

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.en-US.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (302), with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):920
                                                          Entropy (8bit):5.201493348802633
                                                          Encrypted:false
                                                          SSDEEP:24:JdO4+QGRLjorp+xHyOgJSoecC1QsoQc3640EwbIaqs:30TS0TgJ9+GPhcI0
                                                          MD5:2C0A13A927382F371D2706F7F2B7BDEB
                                                          SHA1:B75968C17B7A96CC6267D9218AB93E8C42C30582
                                                          SHA-256:197E948199466201AE29B258E79961BD5A3B0A2B8F61D05C815C8B09553080D4
                                                          SHA-512:75F03909458280935F5B93F825295C4572CAEB7508EB45DEF91484BE37A39008230FB0644513D5C78EB45CF06CAA8054A8C012F82613522E0336744248BB2E98
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="en-us" Codepage="1252" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="LaunchCondition_Windows">[WixBundleName] requires Microsoft Windows 10 version 1909 or newer to install. Please update Windows based on our &lt;a href=&quot;[RedirectURL_systemrequirements]&quot;&gt;system requirements&lt;/a&gt; before trying your installation again.</String>.. <String Id="LaunchCondition_64Bit">[WixBundleName] requires a 64-bit operating system.&#xD;&#xA;&#xD;&#xA;Installation cannot continue.</String>.. <String Id="LaunchCondition_MediaFeaturePack">[WixBundleName] requires Windows Media Feature Pack be installed on Windows N and KN editions. Please install Windows Media Feature Pack for your Operating System's version &lt;a href=&quot;[RedirectURL_windowsninstall]&quot;&gt;here&lt;/a&gt;.</String>..</WixLocalization>..

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.es-ES.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (312), with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):964
                                                          Entropy (8bit):5.168443890300373
                                                          Encrypted:false
                                                          SSDEEP:24:2dgo4+QGRLjor8xHrCD5t/3oecwEkwtioQcbZU8HXZntqe:cPTSo8le8E//3Tntj
                                                          MD5:F80B16DDFDF530127076C34519F03C48
                                                          SHA1:DF117500B2EB3650EC54991FFA48C59669A762FF
                                                          SHA-256:E986448D0BB106EA7E516031C3664730FC7E58DBEE73A48EAB792B47D34E6025
                                                          SHA-512:2FFCB5FA7FF8A64BFAABD3A0C7385EDA6101E65C062AB41E51A18885D64E5E3B3C6867CCC7F1C60EE4022C3CA94B122BBAC6715F50C690E28D337AF946975DA8
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="es-ES" Codepage="1252" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="LaunchCondition_Windows">[WixBundleName] requiere la instalaci.n de Microsoft Windows 10 versi.n 1909 o posterior. Actualiza Windows en funci.n de nuestros &lt;a href=&quot;[RedirectURL_systemrequirements]&quot;&gt;requisitos del sistema&lt;/a&gt; antes de intentar instalarlo de nuevo.</String>.. <String Id="LaunchCondition_64Bit">[WixBundleName] requiere un sistema operativo de 64 bits.&#xD;&#xA;&#xD;&#xA;La instalaci.n no puede continuar.</String>.. <String Id="LaunchCondition_MediaFeaturePack">[WixBundleName] requiere la instalaci.n de Windows Media Feature Pack para las versiones N y KN de Windows. Instala Windows Media Feature Pack para la versi.n de tu sistema operativo &lt;a href=&quot;[RedirectURL_windowsninstall]&quot;&gt;aqu.&lt;/a&gt;.</String>..</WixLocalization>..

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.fr-FR.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (348), with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1080
                                                          Entropy (8bit):5.2506564347881985
                                                          Encrypted:false
                                                          SSDEEP:24:2dj4+QGRLjoKCIxHs8N9dTQe2Rnco68gnYOb5toQc1znqPiUGznU/Y9J:cPTSKTOk9+Rn/NBObcz2fG1J
                                                          MD5:534F2469EEC9D749ACE4AE627D252EBD
                                                          SHA1:98C37C21B36F481BE3F0E6C22D2FE4563835F8B7
                                                          SHA-256:6420409E6C929642C2725560533F6B5F32FAC9F9C9F591CB1D60A4D1834CDD71
                                                          SHA-512:D835F47F5B5E293155B2A0165A8D80CE8E1F199B31CE1E6CA1A747E84E5ED2F1B7504ADD11E5777668A2CF6E76D33093B320B6B926EB2796CD4F7716518FAFD5
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="fr-FR" Codepage="1252" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="LaunchCondition_Windows">L.installation de [WixBundleName] n.cessite Microsoft Windows 10 version 1909 ou une version plus r.cente. Veuillez mettre . jour Windows en respectant la &lt;a href=&quot;[RedirectURL_systemrequirements]&quot;&gt;configuration requise&lt;/a&gt; pour le logiciel avant de proc.der . l.installation.</String>.. <String Id="LaunchCondition_64Bit">Vous devez disposer d.un syst.me d.exploitation 64.bits pour ex.cuter [WixBundleName].&#xD;&#xA;&#xD;&#xA;L.installation ne peut pas se poursuivre.</String>.. <String Id="LaunchCondition_MediaFeaturePack">[WixBundleName] n.cessite d.installer le Windows Media Feature Pack pour les .ditions Windows N et KN. Veuillez installer le Windows Media Feature Pack pour votre version du syst.me d.exploitation, &lt;a href=&quot;[RedirectURL_wi

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.ja-JP.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1201
                                                          Entropy (8bit):5.8659845373957005
                                                          Encrypted:false
                                                          SSDEEP:24:2dy4+QGRLjorcKxG6OoNXGu2fnRfZoecxxXGrb/oQcwQj49WbN6yY4Mc:cwTS4KkjcsfKuASQ0aLMc
                                                          MD5:494FDFF94397D5D257909CA117860AAF
                                                          SHA1:4C63CD9E8DC535C914AF810CF7FF08A587B2C85C
                                                          SHA-256:948931CD34CB3A28EA3535F495EDD41EFAC0D6B996D33526F2F76FCAE3959458
                                                          SHA-512:F8DC771DFD55F2443AAC5692AD2BA28315129A0220C1C0D86FD389F5CA0468C3E02E551AADFCB8093CDA72B6142B7C03231C3EF9EABC3DAB7281F44AC8600A71
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="ja-JP" Codepage="932" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="LaunchCondition_Windows">[WixBundleName] ........... Microsoft Windows 10..... 1909 ........................&lt;a href=&quot;[RedirectURL_systemrequirements]&quot;&gt;......&lt;/a&gt;..... Windows ..........</String>.. <String Id="LaunchCondition_64Bit">[WixBundleName] ....... 64 ... ........ ..........&#xD;&#xA;&#xD;&#xA;...............</String>.. <String Id="LaunchCondition_MediaFeaturePack">[WixBundleName] ........Windows . N ... KN ....... Windows Media Feature Pack .................&lt;a href=&quot;[RedirectURL_windowsninstall]&quot;&gt;..

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.pt-BR.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (318), with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):981
                                                          Entropy (8bit):5.186546315874703
                                                          Encrypted:false
                                                          SSDEEP:24:2dD4+QGRLjoeZxH6Is7K6KFkAoeSkLTHo0F2ZINUZhql:cvTSi5s3OYNINK4
                                                          MD5:66EF836E4BF990648546E4F9979A7076
                                                          SHA1:EB7AC755B45F7EB0C772D2F5D7C51262BF9C3E55
                                                          SHA-256:CDEB23E9BE69A7AC7E3095F0BD98E422259F4663FEFD721260D00F814C9446F7
                                                          SHA-512:7E9E9E84496682D52130756B9C8D80089F2410C1A57C817FCBC3DE00237F8007B8D5E7C13790A525F58F0F6115D166BC28D7C9668840A04150B1744942A46BAE
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="pt-BR" Codepage="1252" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="LaunchCondition_Windows">O [WixBundleName] requer o Microsoft Windows 10 vers.o 1909 ou mais recente para ser instalado. Atualize o Windows de acordo com os nossos &lt;a href=&quot;[RedirectURL_systemrequirements]&quot;&gt;requisitos de sistema&lt;/a&gt; antes de tentar a instala..o novamente.</String>.. <String Id="LaunchCondition_64Bit">O [WixBundleName] requer um sistema operacional de 64 bits.&#xD;&#xA;&#xD;&#xA;N.o foi poss.vel continuar a instala..o.</String>.. <String Id="LaunchCondition_MediaFeaturePack">O [WixBundleName] requer o Windows Media Feature Pack para ser instalado nas edi..es N e KN do Windows. Instale o Windows Media Feature Pack para a vers.o do seu sistema operacional &lt;a href=&quot;[RedirectURL_windowsninstall]&quot;&gt;aqui&lt;/a&gt;.</String>..</WixLocalization>..

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Bootstrapper.zh-CN.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):868
                                                          Entropy (8bit):6.170692116826478
                                                          Encrypted:false
                                                          SSDEEP:24:2dE4+QGRLjorXWxatpiSSyoecn9HoQcFT2UY+8O45:ciTS7WccdLO3TaD
                                                          MD5:D8641897EDBA695C0AAE6B20E16B2543
                                                          SHA1:BC052880915C5C67703664FEE44F0C0DC911FF04
                                                          SHA-256:7DB5163792DC2AB7E2BA567571EFBF9EEB90820A4DA3D713862F544D731F7032
                                                          SHA-512:54608CBB4F6C3F2EABA0C2348A1EE9DED45931F1A5C20B94596564D5E9ADC2190A8145D1A7D673C905A5504D363B5C92F62D1E56A952FCC6206ED9B7B94CE135
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<WixLocalization Culture="zh-CN" Codepage="936" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="LaunchCondition_Windows">[WixBundleName].... Microsoft Windows 10 .. 1909 ...........&lt;a href=&quot;[RedirectURL_systemrequirements]&quot;&gt;....&lt;/a&gt;.. Windows..........</String>.. <String Id="LaunchCondition_64Bit">[WixBundleName] .. 64 ......&#xD;&#xA;&#xD;&#xA;.......</String>.. <String Id="LaunchCondition_MediaFeaturePack">[WixBundleName] ... Windows N . KN ..... Windows Media Feature Pack...&lt;a href=&quot;[RedirectURL_windowsninstall]&quot;&gt;..&lt;/a&gt;............. Windows Media Feature Pack.</String>..</WixLocalization>..

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperApplicationData.xml

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (573), with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):22588
                                                          Entropy (8bit):3.704158393359043
                                                          Encrypted:false
                                                          SSDEEP:192:X0sGsNs4gjTGSRFxF0F1xErF/FUFyF0FgF+FVFhFwucFjFNF6FJFhFwWFhFpFGfi:X0sGsNs4gjTCEN12reCCmT
                                                          MD5:B9C42AD32B9F3D203F227C724DEE5C1B
                                                          SHA1:FA61E6A81BA514A9292A11F04B2A0633DB164DD9
                                                          SHA-256:052E1F0665783530B47A57ED290158CE25167ABC024314B53D9DD1C94CE915C0
                                                          SHA-512:7D03C468DF8AAA2C4F5E307281361DCCF64E4951BFC497A5EC72E11F9A084EB86207F095155A727AC3A799F6715FA7C88F63729D8A0770F6DC1AB45796487D81
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4.". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .r.e.q.u.i.r.e.s. .a. .6.4.-.b.i.t. .o.p.e.r.a.t.i.n.g. .s.y.s.t.e.m...&.#.x.D.;.&.#.x.A.;.&.#.x.D.;.&.#.x.A.;.I.n.s.t.a.l.l.a.t.i.o.n. .c.a.n.n.o.t. .c.o.n.t.i.n.u.e...". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".N.O.T. .V.e.r.s.i.o.n.9.X. .A.N.D. .V.e.r.s.i.o.n.N.T. .&.g.t.;.v.6...2. .A.N.D. .(.W.I.N.D.O.W.S._.B.U.I.L.D._.N.U.M.B.E.R. .&.g.t.;.=. .M.i.n.i.m.u.m.W.i.n.d.o.w.s.1.0.B.u.i.l.d.N.u.m.b.e.r.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .r.e.q.u.i.r.e.s. .M.i.c.r.o.s.o.f.t. .W.i.n.d.o.w.s. .1.0. .v.e.r.s.i.o.n. .1.9.0.

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.config

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):621
                                                          Entropy (8bit):4.928176017224312
                                                          Encrypted:false
                                                          SSDEEP:12:MMHd41id7lzc+TXYr+XFy9bWzc+TXYcXIIfMVymhsSY9g3XmG/nQ3bxT:Jd17RtYrx9itYsmhV3WenQ3l
                                                          MD5:B21B189DDA42B3C02641CC8913E7D5A2
                                                          SHA1:23078EA5CA53CA64106C52A1758E6DAAED2CF151
                                                          SHA-256:1AC8B06B7FAFB709D47BF1053DD16A247B3A39C034A6A88B0A5A341B9A5D6710
                                                          SHA-512:DEA15F3C4758804BEAF5203471BDFE160F18DCB47F819E670741C52B80329B788C580E6B8C97A7D1691E81EE71421628F2A41A040B0D3FEDDD5CB508D49A78E2
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.... <configSections>.. <sectionGroup name="wix.bootstrapper" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.BootstrapperSectionGroup, BootstrapperCore">.. <section name="host" type="Microsoft.Tools.WindowsInstallerXml.Bootstrapper.HostSection, BootstrapperCore" />.. </sectionGroup>.. </configSections>.... <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. </startup>.. <wix.bootstrapper>.. <host assemblyName="CamtasiaBootstrapperApplication" />.. </wix.bootstrapper>....</configuration>

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\BootstrapperCore.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):90032
                                                          Entropy (8bit):5.688550211341784
                                                          Encrypted:false
                                                          SSDEEP:768:9BgPxZlx0MBps+j7ejaab0Y6OwE7v10WHSp5fh06iG27N9k+6ybJ1ErEgtCmYjhm:HHMBp/GRbgi5ofpiG2pq+51EogsmYI
                                                          MD5:B0D10A2A622A322788780E7A3CBB85F3
                                                          SHA1:04D90B16FA7B47A545C1133D5C0CA9E490F54633
                                                          SHA-256:F2C2B3CE2DF70A3206F3111391FFC7B791B32505FA97AEF22C0C2DBF6F3B0426
                                                          SHA-512:62B0AA09234067E67969C5F785736D92CD7907F1F680A07F6B44A1CAF43BFEB2DF96F29034016F3345C4580C6C9BC1B04BEA932D06E53621DA4FCF7B8C0A489F
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Mp.].........." ..0...... ........... ...@....... ..............................N.....@.................................`...O....@...............@.......`......(-............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\CamtasiaBootstrapperApplication.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):741376
                                                          Entropy (8bit):7.098862290420886
                                                          Encrypted:false
                                                          SSDEEP:12288:yWOP5P6Mfv32KwxUc1iLiGD9SSMRoHQkupgv:ypPhvGV1iN0SMRy
                                                          MD5:53EA819BA99A05D6BC41414E2B48F2E4
                                                          SHA1:CA9915D9730633C2CE9930164026B0C1AD6BBCCA
                                                          SHA-256:2B42BEF74C17A08341BEE7A0B0D0246B90412D79505D4AC97638EE2204B73EA7
                                                          SHA-512:CBCB30E99BDCD8AC68DC491A0CC3C56F8AAC0E72578D45616F63008F7E4A53049FDA9C65806719C53EFD55CA7622348DDB587704C85B6C74C7932A3A5E868059
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y.rc.........." ..0..F...........d... ........... ....................................@..................................d..O.......`...........................Lc............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...`............H..............@..@.reloc...............N..............@..B.................d......H.......,....:..............8...........................................>. 4......(....*2......o....*:........o....*.0..,........o....r...p $...........%...%....o....t....*&...o ...*..(!...*...0..C.......("..........%.r!..p.%...%.r...p.%...%.r...p.%...%.r...p.(#...(....*f.($....(.....{.....o%...*..(&...*..('...*....0..$........{....,.*..}....r...p.s(......()...*.0............YE........)...6...C...P...]...j...w...............8......t....}.....{...........s*...o+...*..t....}...

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\EditionConstants.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):12288
                                                          Entropy (8bit):5.052927687512696
                                                          Encrypted:false
                                                          SSDEEP:192:3tjaOqSpC00lyozQW6ZKiNOcmJW2Fl8p4wRSrBlOg+YbQ+4GkdL93T2:FaOhpilVQW6rVmJW2MewRUnLk3T2
                                                          MD5:52B1DEDB325A75827408D8EDCBDECB9A
                                                          SHA1:9A6A3CB354A2FB45FCE0A85EB8D5E1DD9352DA95
                                                          SHA-256:76901D237E39F84C3A0DAD621C103AAC76B4858EDE825A2F8C8752DA7F5F8315
                                                          SHA-512:30E753527D1052DF7E5811AC8419129F65A56C4A7A4B3754354364E003423A3912CE1BE032D40383A173C8DB79C8FD4F3210867ED2FA70BD1D64367190E2AC99
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*............" ..0..&...........E... ...`....... ....................................@..................................E..O....`..D............................D..8............................................ ............... ..H............text....%... ...&.................. ..`.rsrc...D....`.......(..............@..@.reloc..............................@..B.................E......H.......P$... ............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..D.......~....-..(....*~.....3..(....*~.....3..(....*~.....3..(....*...(....*..(....*.0.............(......o......&...*..................Vr...p.....r7..p.....*Vra..pr...pr...p(....*B(....r...p(....*.r...ps....*.~....s,...(....(....~.....#...(....(....o....(....s....o....*.~....~0...%-.&~/.....2...s....%.0...(...+*F(!....(....o"...*.0..

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Deployment.WindowsInstaller.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):184240
                                                          Entropy (8bit):5.876033362692288
                                                          Encrypted:false
                                                          SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                          MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                          SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                          SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                          SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\Microsoft.Expression.Interactions.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):91648
                                                          Entropy (8bit):5.836675531273972
                                                          Encrypted:false
                                                          SSDEEP:1536:Srf5GttgxHXEuRmG5rtkGY4CEmWAxXSSYhhS98ca2Wvsd65FJDlGWwkEy:a5GttWHXEUx5r65LxXshk8JDIWP
                                                          MD5:6A3B9E46C41E42E7B8E1479468D892AF
                                                          SHA1:E31C05AE685E51D07808B1DD24CECED9D299ED81
                                                          SHA-256:F3B14DEFBD05493B8573016B08B86E5B5D53B486B0457FD75F67BF8BFF04BE38
                                                          SHA-512:D6416204875CE732EDAC51E36F267C9CCA52F60BA79CD981B388988E435BD1CCE87F972A9E90BE4FD9A7FD25CB316293F938F45FB645F25A4F62B980A37236B7
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...eu.K...........!.....\...........z... ........@.. ....................................@..................................y..K....................................x............................................... ............... ..H............text...$Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H...........L...........x...1...P ........................................z...y.k.....bdd I..`..).PsR@... .aL...%:...y.....XDgM.X}..~)2.v-..4..........EAZZ...,..[..H...o5*C.o...5/I.m.!2...#.:.(......}....*:.(......}....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*"..(....*"..(....*..*..{....,..{.....o....*.{....o....*2.~....(....*6.~.....(....*F.~....(....td...*6.~.....(....*J.(.....s ...}....*F.(...

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\System.Windows.Interactivity.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):39936
                                                          Entropy (8bit):5.593512133791687
                                                          Encrypted:false
                                                          SSDEEP:768:6MazwAgR8/XJ665bKZdxuB8DCuL5enM7JxKjuMlZCZN+R0E7E:63wBccZdxuB8mQen6JxKjrlMZgR0Eo
                                                          MD5:3AB57A33A6E3A1476695D5A6E856C06A
                                                          SHA1:DABB4ECFFD0C422A8EEBFF5D4EC8116A6E90D7E7
                                                          SHA-256:4AACE8C8A330AE8429CD8CC1B6804076D3A9FFD633470F91FD36BDD25BB57876
                                                          SHA-512:58DBFCF9199D72D370E2D98B8EF2713D74207A597C9494B0ECF5E4C7BF7CF60C5E85F4A92B2A1896DFF63D9D5107F0D81D7DDDBC7203E9E559AB7219ECA0DF92
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...du.K...........!..................... ........ ;. ....................................@.................................\...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4O..X`..........xD......P ......................................{c...2......q..Z,.C.....3.n.Z..7....R.....T.{yF")i.$JMv...,a.....U...M:,...Z.Q:..c..N.{....<....h%.....:s..T...Z.gSI.....6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\TechSmith.Win32.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):35328
                                                          Entropy (8bit):5.895235960595344
                                                          Encrypted:false
                                                          SSDEEP:768:RB9QbO/taV0arVikz3qVj6nlHCfPsNhYTmeBUOkWZ+EAQz:Z0JxPqVj6lHC3uhYTLyWUED
                                                          MD5:9B7262268522E3110914B0FB197D2370
                                                          SHA1:BE5E3CB4B6352BA96CCC7F5F67F672830CB601BC
                                                          SHA-256:CF66B59B248CB5D63AA655FF3B5B220AD6113367A7FF21128057285F7F342BC5
                                                          SHA-512:70E746662BFA13D1ADB63EC87ECAA0531ABB23D199B2E43514B8E33D3C91823401710AA8E2DF6BE706F83A91C903773ABF0C33D89D839BA01FC9AB3DAD85D483
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....vRT...........!..................... ........... ....................................@.................................l...O.......(...........................4................................................ ............... ..H............text........ ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H........,..\q............................................................(....*.0..&...........).....(k...&..{....l..{....ls....*&..(w...&*^..(....i..(....i(w...&*.0...........-..*...o......-..*.*&...o....*..0..#...........-...(......(....(.......&.....*..................0..............1...(.......1......&.....*..................V....(....(.....o ...*>....1....o ...*..(....*.(!...*....0..-.......(N.....(r......X(....l..Z(....l(".....(P...&*..c....#......X@[(!....c....#......

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonControls.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):562688
                                                          Entropy (8bit):6.600314060415237
                                                          Encrypted:false
                                                          SSDEEP:6144:duW1g+cmqDkdA4FdVEcRm7ccI0w11Sxs79L95HtFtISqTNGV8CvOEp91f36bGRw+:duW1VA4FHdD6Mfv32KwobzI4
                                                          MD5:790253CBA1EF332266357D09FC03F62D
                                                          SHA1:3B5A71BC97BC827C8B03931135EFD98463D8D588
                                                          SHA-256:58D679CCCBA0664439C5FF3F894477C9E862E436E642357892000F1FFB44E202
                                                          SHA-512:FB27E99B179E22808012525E53CA9AFD8D84A226CAF286726AF4628D991FA2E340FBE99E4387FD2A34D3C073B925278CA0165F1CEC1E8688D46D27D701A1B97B
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:2V...........!..................... ........... ....................................@.................................P...K.......@............................................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........................-..>............................................0..........r...p....(.........(....#....................s....s....(.........r...p....(.........(....#.............s....(.........r'..p....(.........(..........s....(.........rK..p....(.........(....#.............s....(.........rg..p....(.........(....#...........s....(.........r...p....(.........(....#....................s....s....(.........r...p....(.........(....#....................s....s....

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\WPFCommonViewModel.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):7680
                                                          Entropy (8bit):4.765172486061349
                                                          Encrypted:false
                                                          SSDEEP:96:BH46qr6ooN6E8mYj/+Dj7gq01Jb+rmJy633BM19wLJzr/N:BHVqr6DNfqj/+DjYb+ru3BMELNr/N
                                                          MD5:6B0E7E074D99B03CC289F33C92EC7379
                                                          SHA1:D1B2946ADB8FC85EDACF2B897A73F73567A7982B
                                                          SHA-256:EA0D692FB1A71EE8DBAF8C07B7A90ED6132183AA678DD04A4B7B27EE0152DA2F
                                                          SHA-512:A4B7E2D573493D1225AAE19E888040D53F4B284FFC87EFF73EE589EF109D00CDB6672B2A53B73BF34CAC74A63DEB48F06269AEEBBBC54585D9DD943323344536
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....lT...........!.................5... ...@....... ....................................@.................................<5..O....@.......................`.......4............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p5......H........"..............................................................&...(....*..(.....-.r...ps....z..}......}....*...0..E........{....-..*.-&.....(....(....,..{.............o....*.{..........o....*>.{....,..(....*>.{....,..(....*J.{..........o....*&...(....*..(.....-.r...ps....z..}......}....*Z.{....,..{....o....*.*>.{....,..(....*>.{....,..(....*2.{....o....*...0..4........( ...,.*.(!....o"...-.r...p.(#.....o....,...s$...z*..*..0..)........{.........(%...t......|......(.

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\de-DE\CamtasiaBootstrapperApplication.resources.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):96256
                                                          Entropy (8bit):5.20949991216615
                                                          Encrypted:false
                                                          SSDEEP:1536:J2xR3fwTRWhyOCCQJ6vDA+boDy+Ujw15PrCc8QiIOXwzdlgM+HfdV:J2r3fwNWhyO7Q4foDy7kpiIOy8dV
                                                          MD5:A39974EC9EEFD2872E35836AE96327D1
                                                          SHA1:A1C5EC8B981A27DF6286D194F6BCAC5203C59B2D
                                                          SHA-256:55D6CC71F99F020A6F5ED87D6C142D06832BFE33195A1D6CD6E840D5157D989F
                                                          SHA-512:14A1E60CA2B75C03B7CE321815ABC277786B8F82299448CF9CD8490D2497B14B0EF536A17343203EBA6B5BFD6241B7628ABF4FD32578A5C2EC769A37149AA481
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y.rc...........!.....n............... ........... ....................................@.................................`...K.......X............................................................................ ............... ..H............text....m... ...n.................. ..`.rsrc...X............p..............@..@.reloc...............v..............@..B........................H..........t...........P ...i...........................................i.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......p.....H....8.....!...\A..........R..^..>.$.O..h...E.....E0..E0..E0..E0.Z...].............8...L...E....1b.-l....j...j...j.l....p...0..3......s.....3..,.............V...............P...S...U...V...W...Z...[.......

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\es-ES\CamtasiaBootstrapperApplication.resources.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):91136
                                                          Entropy (8bit):5.073136095594621
                                                          Encrypted:false
                                                          SSDEEP:1536:d2xR3fTYv0FQK+rgWxn8nhPNkJgQ8KM7oXdhW7XHm8nebXym2OE0kOJUi6Ua7Vei:d2r3fTYv0FQKE98G2oNqW/XyAK7VABd8
                                                          MD5:F1A30A8F3E7C18D417B350ADCE2B954F
                                                          SHA1:9C23861EA0289D00BBAD2FD35098476A2824521B
                                                          SHA-256:D213345E58EFC32F976BA5EEB060087316F5A3B090405AE00B5CEAD1EA2DFF48
                                                          SHA-512:F83D2D915B972FF808A05F8DF85CC1F238F778DE463F2033CCE7395408EEEE60915889B143EA797898EA39DC9B5E1B1CB6255F6D76214F495F20FAD50D620EBE
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y.rc...........!.....Z...........x... ........... ....................................@.................................tx..W.......X............................................................................ ............... ..H............text....X... ...Z.................. ..`.rsrc...X............\..............@..@.reloc...............b..............@..B.................x......H........u..t...........P ...T...........................................T.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......p.....H....8.....!...\A..........R..^..>.$.O..h...E.....E0..E0..E0..E0.Z...].............8...L...E....1b.-l....j...j...j.l....p...0..3......s.....3..,.............V...............P...S...U...V...W...Z...[.......

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\fr-FR\CamtasiaBootstrapperApplication.resources.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):99328
                                                          Entropy (8bit):5.137513025025834
                                                          Encrypted:false
                                                          SSDEEP:3072:72r3evq/2AZMhoXtGJQEcfSR6i+khLF68id8:loXQJQEcfShLF6fd
                                                          MD5:686D783A6A43534030BCA2B253D6F706
                                                          SHA1:A2E5C9C499FA183947B2669660A90D694AE7B6E5
                                                          SHA-256:3E92C5F6A2F1B7DB02475AAE5A76036462C80E1C951BA3FFA4E8AEB0C61DDE51
                                                          SHA-512:7B63119EBC270A440A074ABA0D999300774B44894FC01FF0EF7146B83AA3D03C2A7D722588878B87BD4D120120D794FAAF15A78282A7BEFFF3EFDF558AC73CAD
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y.rc...........!.....z..........N.... ........... ....................................@.....................................W.......X............................................................................ ............... ..H............text...Tx... ...z.................. ..`.rsrc...X............|..............@..@.reloc..............................@..B................0.......H...........t...........P ..-t..........................................)t.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......p.....H....8.....!...\A..........R..^..>.$.O..h...E.....E0..E0..E0..E0.Z...].............8...L...E....1b.-l....j...j...j.l....p...0..3......s.....3..,.............V...............P...S...U...V...W...Z...[.......

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\ja-JP\CamtasiaBootstrapperApplication.resources.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):207360
                                                          Entropy (8bit):4.590826361002773
                                                          Encrypted:false
                                                          SSDEEP:1536:02xR3gpCifGHg6ed53BgXoozCh6wBPkQHtSD4MQl+hm4qkA86phOyOhmdu:02r3gpC4GHg6K3BVwCh6cPF04bpFdu
                                                          MD5:70122771D7C2FD74D65D3BC0B5B3D5D5
                                                          SHA1:8AC08F1289BFAC938136A3E886225F3AE65A46AB
                                                          SHA-256:F67E5C448A0A1F5772A34E4C6188931429113CFEEE77D09DA858812D0A70B4F0
                                                          SHA-512:0C1861C8B3E4ECDED1CF5BE5D95DF09AC2983849D55638C93070A1AE13E522467B3947687F5E7CA7368D6BA0C4B63B2B8D0A2B1906DC2170710D6157F658B733
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.rc...........!..... ...........?... ...@....... ....................................@..................................>..S....@..X....................`....................................................... ............... ..H............text........ ... .................. ..`.rsrc...X....@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......D;..t...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......p.....H....8.....!...\A..........R..^..>.$.O..h...E.....E0..E0..E0..E0.Z...].............8...L...E....1b.-l....j...j...j.l....p...0..3......s.....3..,.............V...............P...S...U...V...W...Z...[.......

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbahost.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):122288
                                                          Entropy (8bit):6.643662045821993
                                                          Encrypted:false
                                                          SSDEEP:3072:iyjfrCvv4JR5zsemsABCF0TPSLNegl/+b:xrrCYRsehsIX/E
                                                          MD5:C59832217903CE88793A6C40888E3CAE
                                                          SHA1:6D9FACABF41DCF53281897764D467696780623B8
                                                          SHA-256:9DFA1BC5D2AB4C652304976978749141B8C312784B05CB577F338A0AA91330DB
                                                          SHA-512:1B1F4CB2E3FA57CB481E28A967B19A6FEFA74F3C77A3F3214A6B09E11CEB20AE428D036929F000710B4EB24A2C57D5D7DFE39661D5A1F48EE69A02D83381D1A9
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v........................}.......|..............................o..............2~......2~......2~q.............2~......Rich....................PE..L...Tp.]...........!.....&..........(>.......@.......................................;....@.....................................x......................................T...........................H...@............@...............................text....%.......&.................. ..`.rdata...s...@...t...*..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):188848
                                                          Entropy (8bit):6.598346436496911
                                                          Encrypted:false
                                                          SSDEEP:3072:iaVVzf0r2vM357+pwnohBIiv8+2kt2GOTALPN2obXbE7PKPU9+Wxhsz7CMD:iaLzfpIsHhBIqgGOTALFdbz7f
                                                          MD5:FE7E0BD53F52E6630473C31299A49FDD
                                                          SHA1:F706F45768BFB95F4C96DFA0BE36DF57AA863898
                                                          SHA-256:2BEA14D70943A42D344E09B7C9DE5562FA7E109946E1C615DD584DA30D06CC80
                                                          SHA-512:FEED48286B1E182996A3664F0FACDF42AAE3692D3D938EA004350C85764DB7A0BEA996DFDDF7A77149C0D4B8B776FB544E8B1CE5E9944086A5B1ED6A8A239A3C
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:v.O~.c.~.c.~.c....t.c......c....f.c.,.g.n.c.,.`.l.c.,.f.a.c.wo..z.c.wo..c.c.~.b.|.c..~f.g.c..~c...c..~....c.~.....c..~a...c.Rich~.c.........PE..L...Yp.]...........!................................................................1.....@.........................`.......L...................................`.......T...........................H...@...............\............................text............................... ..`.rdata..2...........................@..@.data...............................@....rsrc...............................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.png

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
                                                          Category:dropped
                                                          Size (bytes):797
                                                          Entropy (8bit):7.648767094164769
                                                          Encrypted:false
                                                          SSDEEP:12:6v/7rW3M/jDYAlFTzdvhKZ7e/cbp4/82UNb6MjmlKPNXheD1H0oJodqSXaTbutak:lQD1lldv8Z7g04/82Y6+Pxi19mDoqt5
                                                          MD5:A356956FD269567B8F4612A33802637B
                                                          SHA1:75AE41181581FD6376CA9CA88147011E48BF9A30
                                                          SHA-256:A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03
                                                          SHA-512:A0F7836AEFA1747F481C116F6B085F503B5C09B3A1DD97CD2189F7CE4E6E7EA98F1F66503CBA2E6A83E873248CC7507328710DFA670AA5763DF8AEDCC560285E
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:.PNG........IHDR...?...?.....W_......sRGB.........gAMA......a.....pHYs..........+......IDAThC./W.0....P(...Db+q8$.........J...-..8.e]._..;........Y... .Y....z\........{W|..../q..<%.....C5...0....OrU....,..^........).....2.......i.Ge..T9T..}.7..J.......}..b...S.>.%y..Fc..j.X.....y."...e.U..M(ez....4\..C....u.......w..0..J.Wo."...mM.r.h..8..q..X..k!...j..xn...l...W`..r.+.R..J........c.T.}......cz..<43..@.c..rH...|..V.....K.mN.........k....,..4OL..5..M.tm%=.U.t-7.w....k.R.....c...-].5~..]2..5...GA..[..={.5..].=(.$}.\.9..5...MWu..[#.....F..j.F...d...,..MWu.7..3......$.......G.t.....=;N<_:[......0.,1.y.\.Z.|..%..>}...q.s....y.#p......!-.;.6!o.KO..E.6...........<..c..9_B....y....im...b...Xn.....)t9Q...........V.WMtP. .P..Z.&..KR.ac......IEND.B`.

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.thm

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):3915
                                                          Entropy (8bit):5.15881451198739
                                                          Encrypted:false
                                                          SSDEEP:48:cecHddpXBT2E/zPHWgtpmAPH8TSJmBP+NPHrM/O8YpQbFUuhJ3PK7usPH4Lr:wHdHxS4Z9UG4BmNjCOhpsB3PswP
                                                          MD5:A20778EC90A094A62A6C3A6AB2A6DC7D
                                                          SHA1:74C131B5FD80446FFDF2AFAD723762DD36621309
                                                          SHA-256:F8C3A03F47F0B9B3C20F0522A2481DA28C77FECDBB302F8DD8FBED87758CBAEA
                                                          SHA-512:47F34A9F416D223DCBF071E7292A05554AF3D27CDE67FC8C161C1BED564C6E7FC448C2F482E05F33149C782E09C681BD65730CA00CF9EC68B284128214B75529
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="mbapreq.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="96" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="112" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\mbapreq.wxl

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):2464
                                                          Entropy (8bit):5.076345322304751
                                                          Encrypted:false
                                                          SSDEEP:48:cxX7DxMT8dbCsK19Wqq8+JIDxN3Wm2WcN3miNlLPDHXsmkaYXfXQ2BmGA7b1fABP:8LuTY1xmmmTerNR0AT1O
                                                          MD5:4D2C8D10C5DCCA6B938B71C8F02CA8A8
                                                          SHA1:11577021465379E9D1FF4260E607149BA5DFA6B3
                                                          SHA-256:C63DE5F309502F9272402587A6BE22624D1BC2FEACD1BD33FB11E44CD6614B96
                                                          SHA-512:AE791C1F05821167F1D2E1D07DBF95FE7E72B35B3E4B1E22720006C7A672B1330B748414792392B0E806F111AA4EFC1C424F4479EBDE349E3F079792DBB3BF47
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">Microsoft .NET Framework required for [WixBundleName] setup</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String>.. <String Id="HelpClos

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\pt-BR\CamtasiaBootstrapperApplication.resources.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):91648
                                                          Entropy (8bit):5.134240795112116
                                                          Encrypted:false
                                                          SSDEEP:1536:i2xR3nVSXEtap6wpOwgpcJIxXsAeY57VphIXIL99Cl4gS2h+tedT:i2r3nVSX4ap6WexXsnY5j+TdT
                                                          MD5:2CB03012D457B4E3887BA3D944079EBA
                                                          SHA1:02B2EF15AFD898AD9334598A32619F3328757762
                                                          SHA-256:1DE6142CAA4EE1683F5AE91E29F63DD8F0C1E11541ABC766854509DA751DD8E2
                                                          SHA-512:34D07859BAB1C5CA140537911C8E69850B3617BBCB27AAF56AB6DB075F531384D25641DEBB28FD598277641782C8DF9643DA0CB80BF93B8A66295B6C9D56C73C
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.rc...........!.....\..........^{... ........... ....................................@..................................{..O.......X............................................................................ ............... ..H............text...d[... ...\.................. ..`.rsrc...X............^..............@..@.reloc...............d..............@..B................@{......H........w..t...........P ..FW..........................................BW.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......p.....H....8.....!...\A..........R..^..>.$.O..h...E.....E0..E0..E0..E0.Z...].............8...L...E....1b.-l....j...j...j.l....p...0..3......s.....3..,.............V...............P...S...U...V...W...Z...[.......

                                                          C:\Windows\Temp\{7E66493E-A433-47D4-9045-EEADE201F171}\.ba\zh-CN\CamtasiaBootstrapperApplication.resources.dll

                                                          Download File
                                                          Process:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):128000
                                                          Entropy (8bit):4.838800823163518
                                                          Encrypted:false
                                                          SSDEEP:768:7DyxR3Aup5VdsVfZi6gEqcyvCxcamR2nbBwrwYUNskIPb0o+WMEGIxYT/6F0Ow0B:72xR3Au5dsfZihQSesH0uWadR
                                                          MD5:943A37A2CA7B130BDD98CC547ACBEC9C
                                                          SHA1:3F057B938FB717DABB658EC66D0C5B421CC210FA
                                                          SHA-256:088E8BE2331F7D4D38665D24A9453EBEC41DE5830049CC08B897C27F8F5958CF
                                                          SHA-512:D0985F2FB6D5FA42B81508A03B7A41A1606C40D19753FC3102C5A5C832E331C6C3CDE50FDD36FA836218CECF0862A3BD37597C1249F17FF920972F7612D876B4
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.rc...........!..................... ... ....... .......................`............@.....................................W.... ..X....................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...X.... ......................@..@.reloc.......@......................@..B........................H...........t...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......p.....H....8.....!...\A..........R..^..>.$.O..h...E.....E0..E0..E0..E0.Z...].............8...L...E....1b.-l....j...j...j.l....p...0..3......s.....3..,.............V...............P...S...U...V...W...Z...[.......

                                                          C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe

                                                          Download File
                                                          Process:C:\Users\user\Desktop\download\camtasia.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1707656
                                                          Entropy (8bit):7.817645109909811
                                                          Encrypted:false
                                                          SSDEEP:49152:2T2pZ1Xrp9c4H5p9i6lmPli4sVwP8jLI4DtEm9+:2T0zp9c4H5VlfMUHHDtEF
                                                          MD5:FD85D1BD644ED79F10801C69ECBF27B1
                                                          SHA1:B4C5A3B83AB35ED1957B032335812013A3DAABA3
                                                          SHA-256:B5BCB60B49216BE9BDE71BFB402F2C16E34B5D1BBF00E2A3DBFCFF4B60FBFD69
                                                          SHA-512:7506D08B94B345986D450D3B0CD9E62220D707011CA4981627BC0ED13A2961EE4704908142E035D8A5F31C36B294905607CF1C606D98F23A271CFDCB34D1F8AF
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.o.}k..}k..}k.....wk......k.....ek../...nk../...ik../...Vk..t...xk..t...lk..}k..(j......6k......|k..}k...k......|k..Rich}k..........PE..L...2p.]............................q.............@.......................................@..............................................................*.......=..0p..T....................p.......j..@...................4|.......................text............................... ..`.rdata..`...........................@..@.data...............................@....wixburn8...........................@..@.rsrc...............................@..@.reloc...=.......>...Z..............@..B........................................................................................................................................................................................................................................................

                                                          Static File Info

                                                          No static file info

                                                          Network Behavior

                                                          No network behavior found

                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:19:14:43
                                                          Start date:24/11/2022
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe" > cmdline.out 2>&1
                                                          Imagebase:0xd90000
                                                          File size:232960 bytes
                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low

                                                          General

                                                          Target ID:1
                                                          Start time:19:14:43
                                                          Start date:24/11/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7c72c0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low

                                                          General

                                                          Target ID:2
                                                          Start time:19:14:43
                                                          Start date:24/11/2022
                                                          Path:C:\Windows\SysWOW64\wget.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://download.techsmith.com/camtasiastudio/releases/camtasia.exe"
                                                          Imagebase:0x400000
                                                          File size:3895184 bytes
                                                          MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low

                                                          General

                                                          Target ID:5
                                                          Start time:19:16:14
                                                          Start date:24/11/2022
                                                          Path:C:\Users\user\Desktop\download\camtasia.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\Desktop\download\camtasia.exe
                                                          Imagebase:0x1190000
                                                          File size:368315368 bytes
                                                          MD5 hash:0C60C5F487C288CF2C6B09FE7E4A7D77
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 0%, ReversingLabs
                                                          Reputation:low

                                                          General

                                                          Target ID:6
                                                          Start time:19:16:14
                                                          Start date:24/11/2022
                                                          Path:C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\Temp\{CB5AD3D6-270A-4AB0-A898-D5E0F7C2252B}\.cr\camtasia.exe" -burn.clean.room="C:\Users\user\Desktop\download\camtasia.exe" -burn.filehandle.attached=180 -burn.filehandle.self=624
                                                          Imagebase:0x8c0000
                                                          File size:1707656 bytes
                                                          MD5 hash:FD85D1BD644ED79F10801C69ECBF27B1
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET
                                                          Antivirus matches:
                                                          • Detection: 0%, ReversingLabs
                                                          Reputation:low

                                                          Disassembly

                                                          Reset < >

                                                            Non-executed Functions

                                                            Function 00CF7426 Relevance: .4, Instructions: 361COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000002.00000002.477857273.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, Offset: 00CE8000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_2_2_ce8000_wget.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 15e79debd574779cf3715bda9e719df8658295a0cde5bd043304be1b69c9b99c
                                                            • Instruction ID: c43985b7532ce3007120cc52116975e1926f5575359d76664f812cdfb8c7858d
                                                            • Opcode Fuzzy Hash: 15e79debd574779cf3715bda9e719df8658295a0cde5bd043304be1b69c9b99c
                                                            • Instruction Fuzzy Hash: AA31E23140E7C08FC717DF7588655DA7F71FF87318B1985DAC8809E427C26AA91ACB42
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00D00820 Relevance: .1, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000002.00000002.477857273.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp, Offset: 00CE8000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_2_2_ce8000_wget.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7d256bbd259aef871669506e28803bb83898088cf54d9afc6d73d34d314faf90
                                                            • Instruction ID: 2886d492413f609fdbec77e07f0b4656fd03241ccc0158ae18aab0cd6442b33c
                                                            • Opcode Fuzzy Hash: 7d256bbd259aef871669506e28803bb83898088cf54d9afc6d73d34d314faf90
                                                            • Instruction Fuzzy Hash: 3E418B7284EBD19FC303AB3488656927FB59E13224B1E05DBD4C4CF0A3E269095FCB62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Executed Functions

                                                            Function 011D28BD Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 152libraryloadercomCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1319 11d28bd-11d28e1 GetModuleHandleA 1320 11d2916-11d2927 GetProcAddress 1319->1320 1321 11d28e3-11d28ed 1319->1321 1322 11d2929-11d294d GetProcAddress * 3 1320->1322 1323 11d296a 1320->1323 1329 11d28ef-11d28f8 1321->1329 1330 11d28fa 1321->1330 1326 11d294f-11d2951 1322->1326 1327 11d2966-11d2968 1322->1327 1325 11d296c-11d2989 CoCreateInstance 1323->1325 1331 11d2a1f-11d2a21 1325->1331 1332 11d298f-11d2991 1325->1332 1326->1327 1328 11d2953-11d2955 1326->1328 1327->1325 1328->1327 1333 11d2957-11d2964 1328->1333 1329->1330 1334 11d28fc 1330->1334 1335 11d2901-11d2911 call 11938ba 1330->1335 1337 11d2a34 1331->1337 1338 11d2a23-11d2a2a 1331->1338 1336 11d2996-11d29a6 1332->1336 1333->1325 1334->1335 1339 11d2a35-11d2a3a 1335->1339 1341 11d29a8-11d29ac 1336->1341 1342 11d29b0 1336->1342 1337->1339 1338->1337 1353 11d2a2c-11d2a2e ExitProcess 1338->1353 1343 11d2a3c-11d2a3e 1339->1343 1344 11d2a42-11d2a47 1339->1344 1341->1336 1347 11d29ae 1341->1347 1349 11d29b2-11d29c2 1342->1349 1343->1344 1350 11d2a4f-11d2a54 1344->1350 1351 11d2a49-11d2a4b 1344->1351 1352 11d29ca 1347->1352 1354 11d29d4-11d29d8 1349->1354 1355 11d29c4-11d29c8 1349->1355 1351->1350 1352->1354 1356 11d29da-11d29ed call 11d2a57 1354->1356 1357 11d2a03-11d2a14 1354->1357 1355->1349 1355->1352 1356->1331 1362 11d29ef-11d2a01 1356->1362 1357->1331 1360 11d2a16-11d2a1d 1357->1360 1360->1331 1362->1331 1362->1357
                                                            C-Code - Quality: 63%
                                                            			E011D28BD(signed short _a4, intOrPtr* _a8, signed short _a12) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed short _v20;
				signed short _t38;
				signed short _t46;
				signed int _t53;
				signed short _t58;
				signed int _t63;
				signed short _t64;
				intOrPtr* _t65;
				intOrPtr* _t66;
				signed int _t67;
				signed int _t68;
				signed short _t70;
				signed short _t73;
				signed short _t78;
				struct HINSTANCE__* _t80;
				signed short _t81;
				signed short _t85;

				_t63 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t80 = GetModuleHandleA("kernel32.dll");
				if(_t80 != 0) {
					_t38 = GetProcAddress(_t80, "IsWow64Process");
					__eflags = _t38;
					if(_t38 == 0) {
						_t78 = 0;
						L13:
						__imp__CoCreateInstance(0x11fb688, 0, 1, 0x11da878,  &_v8); // executed
						_t81 = 0x11fb688;
						__eflags = 0x11fb688;
						if(0x11fb688 < 0) {
							L27:
							__eflags = _t63;
							if(_t63 == 0) {
								L30:
								L31:
								_t65 = _v12;
								if(_t65 != 0) {
									 *((intOrPtr*)( *_t65 + 8))(_t65);
								}
								_t66 = _v8;
								if(_t66 != 0) {
									 *((intOrPtr*)( *_t66 + 8))(_t66);
								}
								return _t81;
							}
							_t46 =  *_t78(_v16);
							__eflags = _t46;
							if(_t46 != 0) {
								goto L30;
							}
							ExitProcess(1);
						}
						_t67 = 0;
						__eflags = 0;
						_t73 = 0x11fb688;
						while(1) {
							__eflags =  *((intOrPtr*)(_t73 + _t67 * 4)) -  *((intOrPtr*)(0x11da868 + _t67 * 4));
							_t73 = 0x11fb688;
							if(__eflags != 0) {
								break;
							}
							_t67 = _t67 + 1;
							__eflags = _t67 - 4;
							if(_t67 != 4) {
								continue;
							}
							L21:
							 *0x11fb698 = 1;
							L22:
							__eflags = _a4;
							if(_a4 == 0) {
								L25:
								_v8 = _v8 & 0x00000000;
								 *_a8 = _v8;
								_t70 = _a12;
								__eflags = _t70;
								if(_t70 != 0) {
									_t29 =  &_v12;
									 *_t29 = _v12 & 0x00000000;
									__eflags =  *_t29;
									 *_t70 = _v12;
								}
								goto L27;
							}
							_t81 = E011D2A57( &_v12, _v8, _a4,  &_v12);
							__eflags = _t81;
							if(_t81 < 0) {
								goto L27;
							}
							_t53 = _v8;
							_t81 =  *((intOrPtr*)( *_t53 + 0x54))(_t53, _v12, 0);
							__eflags = _t81;
							if(_t81 < 0) {
								goto L27;
							}
							goto L25;
						}
						_t68 = 0;
						__eflags = 0;
						while(1) {
							__eflags =  *((intOrPtr*)(_t73 + _t68 * 4)) -  *((intOrPtr*)(0x11da858 + _t68 * 4));
							_t73 = 0x11fb688;
							if(__eflags != 0) {
								goto L22;
							}
							_t68 = _t68 + 1;
							__eflags = _t68 - 4;
							if(_t68 != 4) {
								continue;
							}
							goto L21;
						}
						goto L22;
					}
					_v20 = GetProcAddress(_t80, "Wow64DisableWow64FsRedirection");
					_t64 = GetProcAddress(_t80, "Wow64EnableWow64FsRedirection");
					_t78 = GetProcAddress(_t80, "Wow64RevertWow64FsRedirection");
					_t58 = _v20;
					__eflags = _t58;
					if(_t58 == 0) {
						L11:
						_t63 = 0;
						goto L13;
					}
					__eflags = _t64;
					if(_t64 == 0) {
						goto L11;
					}
					__eflags = _t78;
					if(_t78 == 0) {
						goto L11;
					}
					 *_t58( &_v16);
					_t63 =  *_t64(1) & 0x000000ff;
					goto L13;
				}
				_t81 = GetLastError();
				if(_t81 > 0) {
					_t81 = _t81 & 0x0000ffff | 0x80070000;
					_t85 = _t81;
				}
				if(_t85 >= 0) {
					_t81 = 0x80004005;
				}
				E011938BA(_t61, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x85, _t81);
				goto L31;
			}























                                                            0x011d28cc
                                                            0x011d28ce
                                                            0x011d28d1
                                                            0x011d28d4
                                                            0x011d28dd
                                                            0x011d28e1
                                                            0x011d2923
                                                            0x011d2925
                                                            0x011d2927
                                                            0x011d296a
                                                            0x011d296c
                                                            0x011d297f
                                                            0x011d2985
                                                            0x011d2987
                                                            0x011d2989
                                                            0x011d2a1f
                                                            0x011d2a1f
                                                            0x011d2a21
                                                            0x011d2a34
                                                            0x011d2a35
                                                            0x011d2a35
                                                            0x011d2a3a
                                                            0x011d2a3f
                                                            0x011d2a3f
                                                            0x011d2a42
                                                            0x011d2a47
                                                            0x011d2a4c
                                                            0x011d2a4c
                                                            0x011d2a54
                                                            0x011d2a54
                                                            0x011d2a26
                                                            0x011d2a28
                                                            0x011d2a2a
                                                            0x00000000
                                                            0x00000000
                                                            0x011d2a2e
                                                            0x011d2a2e
                                                            0x011d298f
                                                            0x011d298f
                                                            0x011d2991
                                                            0x011d2996
                                                            0x011d299e
                                                            0x011d29a1
                                                            0x011d29a6
                                                            0x00000000
                                                            0x00000000
                                                            0x011d29a8
                                                            0x011d29a9
                                                            0x011d29ac
                                                            0x00000000
                                                            0x00000000
                                                            0x011d29ca
                                                            0x011d29ca
                                                            0x011d29d4
                                                            0x011d29d4
                                                            0x011d29d8
                                                            0x011d2a03
                                                            0x011d2a09
                                                            0x011d2a0d
                                                            0x011d2a0f
                                                            0x011d2a12
                                                            0x011d2a14
                                                            0x011d2a19
                                                            0x011d2a19
                                                            0x011d2a19
                                                            0x011d2a1d
                                                            0x011d2a1d
                                                            0x00000000
                                                            0x011d2a14
                                                            0x011d29e9
                                                            0x011d29eb
                                                            0x011d29ed
                                                            0x00000000
                                                            0x00000000
                                                            0x011d29ef
                                                            0x011d29fd
                                                            0x011d29ff
                                                            0x011d2a01
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d2a01
                                                            0x011d29b0
                                                            0x011d29b0
                                                            0x011d29b2
                                                            0x011d29ba
                                                            0x011d29bd
                                                            0x011d29c2
                                                            0x00000000
                                                            0x00000000
                                                            0x011d29c4
                                                            0x011d29c5
                                                            0x011d29c8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d29c8
                                                            0x00000000
                                                            0x011d29b2
                                                            0x011d2937
                                                            0x011d2942
                                                            0x011d2946
                                                            0x011d2948
                                                            0x011d294b
                                                            0x011d294d
                                                            0x011d2966
                                                            0x011d2966
                                                            0x00000000
                                                            0x011d2966
                                                            0x011d294f
                                                            0x011d2951
                                                            0x00000000
                                                            0x00000000
                                                            0x011d2953
                                                            0x011d2955
                                                            0x00000000
                                                            0x00000000
                                                            0x011d295b
                                                            0x011d2961
                                                            0x00000000
                                                            0x011d2961
                                                            0x011d28e9
                                                            0x011d28ed
                                                            0x011d28f2
                                                            0x011d28f8
                                                            0x011d28f8
                                                            0x011d28fa
                                                            0x011d28fc
                                                            0x011d28fc
                                                            0x011d290c
                                                            0x00000000

                                                            APIs
                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,011D2E6B,00000000,?,00000000), ref: 011D28D7
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,011BBD14,?,01195442,?,00000000,?), ref: 011D28E3
                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 011D2923
                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 011D292F
                                                            • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 011D293A
                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 011D2944
                                                            • CoCreateInstance.OLE32(011FB688,00000000,00000001,011DA878,?,?,?,?,?,?,?,?,?,?,?,011BBD14), ref: 011D297F
                                                            • ExitProcess.KERNEL32 ref: 011D2A2E
                                                            Strings
                                                            • kernel32.dll, xrefs: 011D28C7
                                                            • IsWow64Process, xrefs: 011D291D
                                                            • Wow64EnableWow64FsRedirection, xrefs: 011D2931
                                                            • Wow64RevertWow64FsRedirection, xrefs: 011D293C
                                                            • @Mqt, xrefs: 011D28E3
                                                            • c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp, xrefs: 011D2907
                                                            • Wow64DisableWow64FsRedirection, xrefs: 011D2929
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                            • String ID: @Mqt$IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp$kernel32.dll
                                                            • API String ID: 2124981135-846803452
                                                            • Opcode ID: 011f148e528b7242ed61aeef931958e693d9f9b61ec74f77ea8158925f61ec47
                                                            • Instruction ID: f482e54046a42957bd7d972ed581b4be277cedf7bd3c22d0834e5f1ec4d7d322
                                                            • Opcode Fuzzy Hash: 011f148e528b7242ed61aeef931958e693d9f9b61ec74f77ea8158925f61ec47
                                                            • Instruction Fuzzy Hash: CB41F132A01325ABDB3DDBA9C844FAEBBA5EF04750F11416CEA21FB240E770D941CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A9F8F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 21%
                                                            			E011A9F8F(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _t12;
				void* _t13;
				void* _t27;

				_v8 = 0;
				_t12 = E011A819F(__edx, _a4,  &_v8); // executed
				if(_t12 >= 0) {
					_t13 = E0119415F(_v8, 0); // executed
					_t27 = _t13;
					if(_t27 >= 0) {
						__imp__DecryptFileW(_v8, 0); // executed
						if(_a8 != 0) {
							_t27 = E0119229E(_a8, _v8, 0);
							if(_t27 < 0) {
								_push("Failed to copy working folder.");
								goto L7;
							}
						}
					} else {
						_push("Failed create working folder.");
						goto L7;
					}
				} else {
					_push("Failed to calculate working folder to ensure it exists.");
					L7:
					_push(_t27);
					E011CFB09();
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t27;
			}







                                                            0x011a9f9e
                                                            0x011a9fa1
                                                            0x011a9faa
                                                            0x011a9fb7
                                                            0x011a9fbc
                                                            0x011a9fc0
                                                            0x011a9fcd
                                                            0x011a9fd6
                                                            0x011a9fe4
                                                            0x011a9fe8
                                                            0x011a9fea
                                                            0x00000000
                                                            0x011a9fea
                                                            0x011a9fe8
                                                            0x011a9fc2
                                                            0x011a9fc2
                                                            0x00000000
                                                            0x011a9fc2
                                                            0x011a9fac
                                                            0x011a9fac
                                                            0x011a9fef
                                                            0x011a9fef
                                                            0x011a9ff0
                                                            0x011a9ff6
                                                            0x011a9ffa
                                                            0x011a9fff
                                                            0x011a9fff
                                                            0x011aa009

                                                            Strings
                                                            • Failed to copy working folder., xrefs: 011A9FEA
                                                            • Failed to calculate working folder to ensure it exists., xrefs: 011A9FAC
                                                            • Failed create working folder., xrefs: 011A9FC2
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectoryErrorLastProcessWindows
                                                            • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                            • API String ID: 3841436932-2072961686
                                                            • Opcode ID: c2871b6f15c64bbca33a28e2b0e636ea14873003c91346e71b7076d511d0f381
                                                            • Instruction ID: fb1274882172b19a2fa3bb9297c86cd881244740baee298075ccd7dccc22bd84
                                                            • Opcode Fuzzy Hash: c2871b6f15c64bbca33a28e2b0e636ea14873003c91346e71b7076d511d0f381
                                                            • Instruction Fuzzy Hash: 5B01F23AA05629FB8F2F6B59DD04CAEBFBADF90A287514165F800B6210DB318F40D681
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011939DF Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E011939DF(long _a4, signed int _a8) {
				void* _t7;

				asm("sbb eax, eax");
				_t7 = RtlAllocateHeap(GetProcessHeap(),  ~_a8 & 0x00000008, _a4); // executed
				return _t7;
			}




                                                            0x011939ea
                                                            0x011939f7
                                                            0x011939fe

                                                            APIs
                                                            • GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                            • RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateProcess
                                                            • String ID:
                                                            • API String ID: 1357844191-0
                                                            • Opcode ID: 1a1600686a810dd718ac26c75b152f2f2e5dbcdeb92593f15add8471027cd5b9
                                                            • Instruction ID: cb4602a324b40201373badb5f402cbb0976f1d4456cd07d4314fb63320647e52
                                                            • Opcode Fuzzy Hash: 1a1600686a810dd718ac26c75b152f2f2e5dbcdeb92593f15add8471027cd5b9
                                                            • Instruction Fuzzy Hash: 1FC0123219520DAB8B009EF4EC0DC5637ACBB146427088410B515C3104C638E0508760
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119DEDC Relevance: 124.9, APIs: 11, Strings: 60, Instructions: 648COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E0119DEDC(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				short** _v40;
				intOrPtr* _t206;
				intOrPtr* _t211;
				intOrPtr _t221;
				signed int _t222;
				int _t233;
				signed int _t252;
				int _t260;
				signed int _t266;
				intOrPtr _t269;
				intOrPtr _t272;
				intOrPtr _t273;
				intOrPtr _t277;
				intOrPtr _t299;
				signed int _t300;
				intOrPtr* _t315;
				short** _t317;
				intOrPtr* _t319;
				intOrPtr* _t321;
				intOrPtr* _t322;
				signed int _t325;
				signed int _t326;
				intOrPtr* _t327;
				intOrPtr _t329;
				signed int _t334;
				signed int _t341;
				void* _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				short** _t357;
				void* _t359;

				_v20 = _v20 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v28 = _v28 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_t350 = E011D3183(_a12, L"RollbackBoundary",  &_v20);
				if(_t350 >= 0) {
					_t206 = _v20;
					_t318 =  *_t206;
					_t350 =  *((intOrPtr*)( *_t206 + 0x20))(_t206,  &_v24);
					if(_t350 >= 0) {
						_t208 = _v24;
						_push(__ebx);
						_t315 = _a4;
						if(_v24 == 0) {
							L17:
							_t319 = _v20;
							if(_t319 != 0) {
								 *((intOrPtr*)( *_t319 + 8))(_t319);
								_v20 = _v20 & 0x00000000;
							}
							if(E011D3183(_a12, L"Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage",  &_v20) >= 0) {
								_t211 = _v20;
								_push( &_v24);
								_push(_t211);
								if( *((intOrPtr*)( *_t211 + 0x20))() >= 0) {
									_t213 = _v24;
									if(_v24 == 0) {
										L123:
										_t350 = 0;
										goto L124;
									}
									_t221 = E011939DF(_t213 * 0xe0, 1);
									 *((intOrPtr*)(_t315 + 8)) = _t221;
									if(_t221 != 0) {
										_t222 = _v24;
										_v32 = _v32 & 0x00000000;
										 *((intOrPtr*)(_t315 + 0xc)) = _t222;
										if(_t222 == 0) {
											L106:
											_t350 = E0119D93A(_t315, _a12);
											if(_t350 >= 0) {
												goto L123;
											}
											_push("Failed to parse target product codes.");
											goto L108;
										}
										_t325 = 0;
										_v36 = 0;
										while(1) {
											_t345 =  *((intOrPtr*)(_t315 + 8)) + _t325;
											_t350 = E011D30E2(_t325, _v20,  &_v8,  &_v12);
											if(_t350 < 0) {
												break;
											}
											_t350 = E011D2B5D(_v8, L"Id", _t345);
											if(_t350 < 0) {
												L121:
												_push("Failed to get @Id.");
												goto L108;
											}
											_t350 = E011D2B5D(_v8, L"Cache",  &_v16);
											if(_t350 < 0) {
												_push("Failed to get @Cache.");
												goto L108;
											}
											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
												if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
													_t233 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"always", 0xffffffff);
													_t325 = 2;
													if(_t233 != _t325) {
														_push(_v16);
														_t350 = 0x8000ffff;
														_push("Invalid cache type: %ls");
														L119:
														_push(_t350);
														E011CFB09();
														goto L124;
													}
													 *(_t345 + 0x20) = _t325;
													L37:
													_t350 = E011D2B5D(_v8, L"CacheId", _t345 + 0x24);
													if(_t350 < 0) {
														_push("Failed to get @CacheId.");
														goto L108;
													}
													_t350 = E011D2C2F(_v8, L"Size", _t345 + 0x30);
													if(_t350 < 0) {
														_push("Failed to get @Size.");
														goto L108;
													}
													_t350 = E011D2C2F(_v8, L"InstallSize", _t345 + 0x28);
													if(_t350 < 0) {
														_push("Failed to get @InstallSize.");
														goto L108;
													}
													_t350 = E011D2D69(_t325, _v8, L"PerMachine", _t345 + 0x14);
													if(_t350 < 0) {
														_push("Failed to get @PerMachine.");
														goto L108;
													}
													_t350 = E011D2D69(_t325, _v8, L"Permanent", _t345 + 0x18);
													if(_t350 < 0) {
														_push("Failed to get @Permanent.");
														goto L108;
													}
													 *(_t345 + 0x18) = 0 |  *(_t345 + 0x18) == 0x00000000;
													_t350 = E011D2D69(_t325, _v8, L"Vital", _t345 + 0x1c);
													if(_t350 < 0) {
														L112:
														_push("Failed to get @Vital.");
														goto L108;
													}
													_t350 = E011D2B5D(_v8, L"LogPathVariable", _t345 + 4);
													if(_t350 == 0x80070490 || _t350 >= 0) {
														_t252 = E011D2B5D(_v8, L"RollbackLogPathVariable", _t345 + 8); // executed
														_t350 = _t252;
														if(_t350 == 0x80070490 || _t350 >= 0) {
															_t350 = E011D2B5D(_v8, L"InstallCondition", _t345 + 0xc);
															if(_t350 == 0x80070490 || _t350 >= 0) {
																_t350 = E011D2B5D(_v8, L"RollbackBoundaryForward",  &_v16);
																if(_t350 == 0x80070490) {
																	L52:
																	_t350 = E011D2B5D(_v8, L"RollbackBoundaryBackward",  &_v16);
																	if(_t350 == 0x80070490) {
																		L55:
																		if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"ExePackage", 0xffffffff) != 2) {
																			_t260 = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsiPackage", 0xffffffff);
																			_t326 = 2;
																			if(_t260 != _t326) {
																				if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MspPackage", 0xffffffff) != 2) {
																					if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsuPackage", 0xffffffff) != 2) {
																						L66:
																						_t350 = E0119DAA8(_t315, _t345, _a8, _v8);
																						if(_t350 < 0) {
																							_push("Failed to parse payload references.");
																							goto L108;
																						}
																						_t350 = E011B7C6C(_t345, _v8);
																						if(_t350 < 0) {
																							_push("Failed to parse dependency providers.");
																							goto L108;
																						}
																						_t327 = _v8;
																						if(_t327 != 0) {
																							 *((intOrPtr*)( *_t327 + 8))(_t327);
																							_v8 = _v8 & 0x00000000;
																						}
																						if(_v12 != 0) {
																							__imp__#6(_v12);
																							_v12 = _v12 & 0x00000000;
																						}
																						_t266 = _v32 + 1;
																						_t325 = _v36 + 0xe0;
																						_v32 = _t266;
																						_v36 = _t325;
																						if(_t266 < _v24) {
																							continue;
																						} else {
																							_t355 = _v28;
																							if(_v28 == 0) {
																								goto L106;
																							}
																							_t269 = E011939DF(_t355 << 4, 1);
																							 *((intOrPtr*)(_t315 + 0x20)) = _t269;
																							if(_t269 != 0) {
																								_t272 = E011939DF(_t355 << 2, 1);
																								 *((intOrPtr*)(_t315 + 0x24)) = _t272;
																								if(_t272 != 0) {
																									_t273 =  *((intOrPtr*)(_t315 + 0xc));
																									_t329 = 0;
																									_a8 = 0;
																									if(_t273 == 0) {
																										goto L106;
																									}
																									_t346 = 0;
																									_v28 = 0;
																									do {
																										_t357 =  *((intOrPtr*)(_t315 + 8)) + _t346;
																										_v40 = _t357;
																										if( *((intOrPtr*)(_t357 + 0x8c)) != 3) {
																											goto L105;
																										}
																										 *((intOrPtr*)( *((intOrPtr*)(_t315 + 0x20)) + ( *(_t315 + 0x28) +  *(_t315 + 0x28)) * 8)) =  *((intOrPtr*)(_t357 + 0x94));
																										_t341 = 0;
																										_v36 = 0;
																										 *((intOrPtr*)( *((intOrPtr*)(_t315 + 0x20)) + 4 + ( *(_t315 + 0x28) +  *(_t315 + 0x28)) * 8)) = 2;
																										 *((intOrPtr*)( *((intOrPtr*)(_t315 + 0x24)) +  *(_t315 + 0x28) * 4)) = _t357;
																										 *(_t315 + 0x28) =  *(_t315 + 0x28) + 1;
																										_t273 =  *((intOrPtr*)(_t315 + 0xc));
																										if(_t273 == 0) {
																											L104:
																											_t329 = _a8;
																											goto L105;
																										}
																										_t334 = 0;
																										_v32 = 0;
																										do {
																											_t359 =  *((intOrPtr*)(_t315 + 8)) + _t334;
																											if( *((intOrPtr*)(_t359 + 0x8c)) != 2) {
																												goto L102;
																											}
																											_t347 = 0;
																											if( *((intOrPtr*)(_t359 + 0xd4)) <= 0) {
																												goto L102;
																											}
																											_t317 = _v40;
																											do {
																												_t277 =  *((intOrPtr*)(_t359 + 0xd0));
																												if( *(_t277 + _t347 * 4) != 0 && CompareStringW(0x7f, 0,  *_t317, 0xffffffff,  *(_t277 + _t347 * 4), 0xffffffff) == 2) {
																													 *( *((intOrPtr*)(_t359 + 0xcc)) + _t347 * 4) = _t317;
																													_t280 =  *((intOrPtr*)(_t359 + 0xd0));
																													if( *( *((intOrPtr*)(_t359 + 0xd0)) + _t347 * 4) != 0) {
																														E01192762( *((intOrPtr*)(_t280 + _t347 * 4)));
																														 *( *((intOrPtr*)(_t359 + 0xd0)) + _t347 * 4) =  *( *((intOrPtr*)(_t359 + 0xd0)) + _t347 * 4) & 0x00000000;
																													}
																												}
																												_t347 = _t347 + 1;
																											} while (_t347 <  *((intOrPtr*)(_t359 + 0xd4)));
																											_t315 = _a4;
																											_t334 = _v32;
																											_t341 = _v36;
																											L102:
																											_t273 =  *((intOrPtr*)(_t315 + 0xc));
																											_t341 = _t341 + 1;
																											_t334 = _t334 + 0xe0;
																											_v36 = _t341;
																											_v32 = _t334;
																										} while (_t341 < _t273);
																										_t346 = _v28;
																										goto L104;
																										L105:
																										_t329 = _t329 + 1;
																										_t346 = _t346 + 0xe0;
																										_a8 = _t329;
																										_v28 = _t346;
																									} while (_t329 < _t273);
																									goto L106;
																								}
																								_t348 = 0x8007000e;
																								_t350 = 0x8007000e;
																								E011938BA(_t272, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\package.cpp", 0x100, 0x8007000e);
																								_push("Failed to allocate memory for patch sequence information to package lookup.");
																								L87:
																								_push(_t348);
																								goto L109;
																							}
																							_t348 = 0x8007000e;
																							_t350 = 0x8007000e;
																							E011938BA(_t269, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\package.cpp", 0xfd, 0x8007000e);
																							_push("Failed to allocate memory for MSP patch sequence information.");
																							goto L87;
																						}
																					}
																					 *(_t345 + 0x8c) = 4;
																					_t350 = E011B6EEC(_v8, _t345);
																					if(_t350 < 0) {
																						_push("Failed to parse MSU package.");
																						goto L108;
																					}
																					goto L66;
																				}
																				 *(_t345 + 0x8c) = 3;
																				_t350 = E011B63E9(_t315, _v8, _t345);
																				if(_t350 < 0) {
																					_push("Failed to parse MSP package.");
																					goto L108;
																				}
																				_v28 = _v28 + 1;
																				goto L66;
																			}
																			 *(_t345 + 0x8c) = _t326;
																			_t350 = E011B4844(_v8, _t345);
																			if(_t350 >= 0) {
																				goto L66;
																			}
																			_push("Failed to parse MSI package.");
																			goto L108;
																		}
																		 *(_t345 + 0x8c) = 1;
																		_t350 = E011B2596(_t325, _v8, _t345);
																		if(_t350 >= 0) {
																			goto L66;
																		}
																		_push("Failed to parse EXE package.");
																		goto L108;
																	}
																	if(_t350 < 0) {
																		_push("Failed to get @RollbackBoundaryBackward.");
																		goto L108;
																	}
																	_t350 = E0119D8EB(_t315, _v16, _t345 + 0x3c);
																	if(_t350 < 0) {
																		_push(_v16);
																		_push("Failed to find backward transaction boundary: %ls");
																		goto L119;
																	}
																	goto L55;
																}
																if(_t350 < 0) {
																	_push("Failed to get @RollbackBoundaryForward.");
																	goto L108;
																}
																_t350 = E0119D8EB(_t315, _v16, _t345 + 0x38);
																if(_t350 < 0) {
																	_push(_v16);
																	_push("Failed to find forward transaction boundary: %ls");
																	goto L119;
																}
																goto L52;
															} else {
																_push("Failed to get @InstallCondition.");
																goto L108;
															}
														} else {
															_push("Failed to get @RollbackLogPathVariable.");
															goto L108;
														}
													} else {
														_push("Failed to get @LogPathVariable.");
														goto L108;
													}
												}
												 *(_t345 + 0x20) = 1;
												goto L37;
											}
											 *(_t345 + 0x20) =  *(_t345 + 0x20) & 0x00000000;
											goto L37;
										}
										L122:
										_push("Failed to get next node.");
										goto L108;
									}
									_t348 = 0x8007000e;
									_t350 = 0x8007000e;
									E011938BA(_t221, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\package.cpp", 0x5f, 0x8007000e);
									_push("Failed to allocate memory for package structs.");
									goto L87;
								}
								_push("Failed to get package node count.");
								goto L108;
							} else {
								_push("Failed to select package nodes.");
								L108:
								_push(_t350);
								L109:
								E011CFB09();
								L124:
								L125:
								_t321 = _v20;
								if(_t321 != 0) {
									 *((intOrPtr*)( *_t321 + 8))(_t321);
								}
								_t322 = _v8;
								if(_t322 != 0) {
									 *((intOrPtr*)( *_t322 + 8))(_t322);
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
								}
								if(_v16 != 0) {
									E01192762(_v16);
								}
								return _t350;
							}
						}
						_t299 = E011939DF(_t208 << 3, 1);
						 *_t315 = _t299;
						if(_t299 != 0) {
							_t300 = _v24;
							_t349 = 0;
							 *((intOrPtr*)(_t315 + 4)) = _t300;
							if(_t300 == 0) {
								goto L17;
							} else {
								goto L9;
							}
							while(1) {
								L9:
								_v32 =  *_t315 + _t349 * 8;
								_t350 = E011D30E2(_t318, _v20,  &_v8,  &_v12);
								if(_t350 < 0) {
									goto L122;
								}
								_t350 = E011D2B5D(_v8, L"Id", _v32);
								if(_t350 < 0) {
									goto L121;
								}
								_t350 = E011D2D69(_t318, _v8, L"Vital", _v32 + 4);
								if(_t350 < 0) {
									goto L112;
								}
								_t318 = _v8;
								if(_t318 != 0) {
									 *((intOrPtr*)( *_t318 + 8))(_t318);
									_v8 = _v8 & 0x00000000;
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
									_v12 = _v12 & 0x00000000;
								}
								_t349 = _t349 + 1;
								if(_t349 < _v24) {
									continue;
								} else {
									goto L17;
								}
							}
							goto L122;
						}
						_t348 = 0x8007000e;
						_t350 = 0x8007000e;
						E011938BA(_t299, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\package.cpp", 0x34, 0x8007000e);
						_push("Failed to allocate memory for rollback boundary structs.");
						goto L87;
					}
					_push("Failed to get rollback bundary node count.");
					L2:
					_push(_t350);
					E011CFB09();
					goto L125;
				}
				_push("Failed to select rollback boundary nodes.");
				goto L2;
			}













































                                                            0x0119dee2
                                                            0x0119dee9
                                                            0x0119deed
                                                            0x0119def1
                                                            0x0119def5
                                                            0x0119def9
                                                            0x0119df0c
                                                            0x0119df10
                                                            0x0119df24
                                                            0x0119df2c
                                                            0x0119df31
                                                            0x0119df35
                                                            0x0119df3e
                                                            0x0119df41
                                                            0x0119df42
                                                            0x0119df48
                                                            0x0119e015
                                                            0x0119e015
                                                            0x0119e01a
                                                            0x0119e01f
                                                            0x0119e022
                                                            0x0119e022
                                                            0x0119e03b
                                                            0x0119e047
                                                            0x0119e04d
                                                            0x0119e04e
                                                            0x0119e058
                                                            0x0119e064
                                                            0x0119e069
                                                            0x0119e6be
                                                            0x0119e6be
                                                            0x00000000
                                                            0x0119e6be
                                                            0x0119e078
                                                            0x0119e07d
                                                            0x0119e082
                                                            0x0119e0a2
                                                            0x0119e0a5
                                                            0x0119e0a9
                                                            0x0119e0ae
                                                            0x0119e63b
                                                            0x0119e644
                                                            0x0119e648
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e64a
                                                            0x00000000
                                                            0x0119e64a
                                                            0x0119e0b4
                                                            0x0119e0b6
                                                            0x0119e0b9
                                                            0x0119e0c3
                                                            0x0119e0ce
                                                            0x0119e0d2
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e0e6
                                                            0x0119e0ea
                                                            0x0119e6b0
                                                            0x0119e6b0
                                                            0x00000000
                                                            0x0119e6b0
                                                            0x0119e101
                                                            0x0119e105
                                                            0x0119e6a9
                                                            0x00000000
                                                            0x0119e6a9
                                                            0x0119e126
                                                            0x0119e143
                                                            0x0119e15e
                                                            0x0119e162
                                                            0x0119e165
                                                            0x0119e691
                                                            0x0119e694
                                                            0x0119e699
                                                            0x0119e69e
                                                            0x0119e69e
                                                            0x0119e69f
                                                            0x00000000
                                                            0x0119e6a4
                                                            0x0119e16b
                                                            0x0119e16e
                                                            0x0119e17f
                                                            0x0119e183
                                                            0x0119e68a
                                                            0x00000000
                                                            0x0119e68a
                                                            0x0119e19a
                                                            0x0119e19e
                                                            0x0119e683
                                                            0x00000000
                                                            0x0119e683
                                                            0x0119e1b5
                                                            0x0119e1b9
                                                            0x0119e67c
                                                            0x00000000
                                                            0x0119e67c
                                                            0x0119e1d0
                                                            0x0119e1d4
                                                            0x0119e675
                                                            0x00000000
                                                            0x0119e675
                                                            0x0119e1eb
                                                            0x0119e1ef
                                                            0x0119e66e
                                                            0x00000000
                                                            0x0119e66e
                                                            0x0119e1fd
                                                            0x0119e211
                                                            0x0119e215
                                                            0x0119e667
                                                            0x0119e667
                                                            0x00000000
                                                            0x0119e667
                                                            0x0119e22c
                                                            0x0119e234
                                                            0x0119e24a
                                                            0x0119e24f
                                                            0x0119e257
                                                            0x0119e272
                                                            0x0119e27a
                                                            0x0119e295
                                                            0x0119e29d
                                                            0x0119e2be
                                                            0x0119e2cf
                                                            0x0119e2d7
                                                            0x0119e2f8
                                                            0x0119e313
                                                            0x0119e34c
                                                            0x0119e350
                                                            0x0119e353
                                                            0x0119e389
                                                            0x0119e3c2
                                                            0x0119e3e1
                                                            0x0119e3ed
                                                            0x0119e3f1
                                                            0x0119e660
                                                            0x00000000
                                                            0x0119e660
                                                            0x0119e400
                                                            0x0119e404
                                                            0x0119e659
                                                            0x00000000
                                                            0x0119e659
                                                            0x0119e40a
                                                            0x0119e40f
                                                            0x0119e414
                                                            0x0119e417
                                                            0x0119e417
                                                            0x0119e41f
                                                            0x0119e424
                                                            0x0119e42a
                                                            0x0119e42a
                                                            0x0119e434
                                                            0x0119e435
                                                            0x0119e43b
                                                            0x0119e43e
                                                            0x0119e444
                                                            0x00000000
                                                            0x0119e44a
                                                            0x0119e44a
                                                            0x0119e44f
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e45d
                                                            0x0119e462
                                                            0x0119e467
                                                            0x0119e4f6
                                                            0x0119e4fb
                                                            0x0119e500
                                                            0x0119e524
                                                            0x0119e527
                                                            0x0119e529
                                                            0x0119e52e
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e534
                                                            0x0119e536
                                                            0x0119e539
                                                            0x0119e53c
                                                            0x0119e53e
                                                            0x0119e548
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e55c
                                                            0x0119e55f
                                                            0x0119e569
                                                            0x0119e56c
                                                            0x0119e57a
                                                            0x0119e57d
                                                            0x0119e580
                                                            0x0119e585
                                                            0x0119e623
                                                            0x0119e623
                                                            0x00000000
                                                            0x0119e623
                                                            0x0119e58b
                                                            0x0119e58d
                                                            0x0119e590
                                                            0x0119e593
                                                            0x0119e59c
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e59e
                                                            0x0119e5a6
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e5a8
                                                            0x0119e5ab
                                                            0x0119e5ab
                                                            0x0119e5b5
                                                            0x0119e5d5
                                                            0x0119e5d8
                                                            0x0119e5e2
                                                            0x0119e5e7
                                                            0x0119e5f2
                                                            0x0119e5f2
                                                            0x0119e5e2
                                                            0x0119e5f6
                                                            0x0119e5f7
                                                            0x0119e5ff
                                                            0x0119e602
                                                            0x0119e605
                                                            0x0119e608
                                                            0x0119e608
                                                            0x0119e60b
                                                            0x0119e60c
                                                            0x0119e612
                                                            0x0119e615
                                                            0x0119e618
                                                            0x0119e620
                                                            0x00000000
                                                            0x0119e626
                                                            0x0119e626
                                                            0x0119e627
                                                            0x0119e62d
                                                            0x0119e630
                                                            0x0119e633
                                                            0x00000000
                                                            0x0119e539
                                                            0x0119e502
                                                            0x0119e512
                                                            0x0119e514
                                                            0x0119e519
                                                            0x0119e51e
                                                            0x0119e51e
                                                            0x00000000
                                                            0x0119e51e
                                                            0x0119e46d
                                                            0x0119e47d
                                                            0x0119e47f
                                                            0x0119e484
                                                            0x00000000
                                                            0x0119e484
                                                            0x0119e444
                                                            0x0119e3c5
                                                            0x0119e3d7
                                                            0x0119e3db
                                                            0x0119e4e4
                                                            0x00000000
                                                            0x0119e4e4
                                                            0x00000000
                                                            0x0119e3db
                                                            0x0119e38c
                                                            0x0119e39e
                                                            0x0119e3a2
                                                            0x0119e4da
                                                            0x00000000
                                                            0x0119e4da
                                                            0x0119e3a8
                                                            0x00000000
                                                            0x0119e3a8
                                                            0x0119e356
                                                            0x0119e364
                                                            0x0119e368
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e36a
                                                            0x00000000
                                                            0x0119e36a
                                                            0x0119e316
                                                            0x0119e328
                                                            0x0119e32c
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e332
                                                            0x00000000
                                                            0x0119e332
                                                            0x0119e2db
                                                            0x0119e4d0
                                                            0x00000000
                                                            0x0119e4d0
                                                            0x0119e2ee
                                                            0x0119e2f2
                                                            0x0119e4c3
                                                            0x0119e4c6
                                                            0x00000000
                                                            0x0119e4c6
                                                            0x00000000
                                                            0x0119e2f2
                                                            0x0119e2a1
                                                            0x0119e4b9
                                                            0x00000000
                                                            0x0119e4b9
                                                            0x0119e2b4
                                                            0x0119e2b8
                                                            0x0119e4ac
                                                            0x0119e4af
                                                            0x00000000
                                                            0x0119e4af
                                                            0x00000000
                                                            0x0119e4a2
                                                            0x0119e4a2
                                                            0x00000000
                                                            0x0119e4a2
                                                            0x0119e498
                                                            0x0119e498
                                                            0x00000000
                                                            0x0119e498
                                                            0x0119e48e
                                                            0x0119e48e
                                                            0x00000000
                                                            0x0119e48e
                                                            0x0119e234
                                                            0x0119e145
                                                            0x00000000
                                                            0x0119e145
                                                            0x0119e128
                                                            0x00000000
                                                            0x0119e128
                                                            0x0119e6b7
                                                            0x0119e6b7
                                                            0x00000000
                                                            0x0119e6b7
                                                            0x0119e084
                                                            0x0119e091
                                                            0x0119e093
                                                            0x0119e098
                                                            0x00000000
                                                            0x0119e098
                                                            0x0119e05a
                                                            0x00000000
                                                            0x0119e03d
                                                            0x0119e03d
                                                            0x0119e64f
                                                            0x0119e64f
                                                            0x0119e650
                                                            0x0119e650
                                                            0x0119e6c0
                                                            0x0119e6c2
                                                            0x0119e6c2
                                                            0x0119e6c7
                                                            0x0119e6cc
                                                            0x0119e6cc
                                                            0x0119e6cf
                                                            0x0119e6d4
                                                            0x0119e6d9
                                                            0x0119e6d9
                                                            0x0119e6e0
                                                            0x0119e6e5
                                                            0x0119e6e5
                                                            0x0119e6ef
                                                            0x0119e6f4
                                                            0x0119e6f4
                                                            0x0119e6fd
                                                            0x0119e6fd
                                                            0x0119e03b
                                                            0x0119df54
                                                            0x0119df59
                                                            0x0119df5d
                                                            0x0119df7d
                                                            0x0119df80
                                                            0x0119df82
                                                            0x0119df87
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119df8d
                                                            0x0119df8d
                                                            0x0119df92
                                                            0x0119dfa5
                                                            0x0119dfa9
                                                            0x00000000
                                                            0x00000000
                                                            0x0119dfbf
                                                            0x0119dfc3
                                                            0x00000000
                                                            0x00000000
                                                            0x0119dfdd
                                                            0x0119dfe1
                                                            0x00000000
                                                            0x00000000
                                                            0x0119dfe7
                                                            0x0119dfec
                                                            0x0119dff1
                                                            0x0119dff4
                                                            0x0119dff4
                                                            0x0119dffc
                                                            0x0119e001
                                                            0x0119e007
                                                            0x0119e007
                                                            0x0119e00b
                                                            0x0119e00f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119e00f
                                                            0x00000000
                                                            0x0119df8d
                                                            0x0119df5f
                                                            0x0119df6c
                                                            0x0119df6e
                                                            0x0119df73
                                                            0x00000000
                                                            0x0119df73
                                                            0x0119df37
                                                            0x0119df17
                                                            0x0119df17
                                                            0x0119df18
                                                            0x00000000
                                                            0x0119df1e
                                                            0x0119df12
                                                            0x00000000

                                                            APIs
                                                            • SysFreeString.OLEAUT32(00000000), ref: 0119E001
                                                            • SysFreeString.OLEAUT32(00000000), ref: 0119E6E5
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            Strings
                                                            • Failed to allocate memory for rollback boundary structs., xrefs: 0119DF73
                                                            • Failed to get @Vital., xrefs: 0119E667
                                                            • Failed to get package node count., xrefs: 0119E05A
                                                            • always, xrefs: 0119E150
                                                            • c:\agent\_work\66\s\src\burn\engine\package.cpp, xrefs: 0119DF67, 0119E08C, 0119E478, 0119E50D
                                                            • Failed to parse dependency providers., xrefs: 0119E659
                                                            • yes, xrefs: 0119E130
                                                            • Failed to parse MSP package., xrefs: 0119E4DA
                                                            • Size, xrefs: 0119E18D
                                                            • Failed to allocate memory for package structs., xrefs: 0119E098
                                                            • Failed to parse payload references., xrefs: 0119E660
                                                            • MsiPackage, xrefs: 0119E33E
                                                            • RollbackBoundary, xrefs: 0119DEFF
                                                            • Failed to get @RollbackBoundaryForward., xrefs: 0119E4B9
                                                            • Failed to parse EXE package., xrefs: 0119E332
                                                            • Failed to get @RollbackBoundaryBackward., xrefs: 0119E4D0
                                                            • Failed to get @Permanent., xrefs: 0119E66E
                                                            • LogPathVariable, xrefs: 0119E21F
                                                            • Failed to get @LogPathVariable., xrefs: 0119E48E
                                                            • Failed to get @CacheId., xrefs: 0119E68A
                                                            • MspPackage, xrefs: 0119E376
                                                            • Failed to get @RollbackLogPathVariable., xrefs: 0119E498
                                                            • InstallCondition, xrefs: 0119E265
                                                            • RollbackBoundaryBackward, xrefs: 0119E2C2
                                                            • Failed to find backward transaction boundary: %ls, xrefs: 0119E4C6
                                                            • Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage, xrefs: 0119E02A
                                                            • CacheId, xrefs: 0119E172
                                                            • RollbackLogPathVariable, xrefs: 0119E242
                                                            • Failed to allocate memory for MSP patch sequence information., xrefs: 0119E484
                                                            • Failed to get rollback bundary node count., xrefs: 0119DF37
                                                            • Invalid cache type: %ls, xrefs: 0119E699
                                                            • msi.dll, xrefs: 0119E171
                                                            • comres.dll, xrefs: 0119E1DD
                                                            • Failed to parse MSU package., xrefs: 0119E4E4
                                                            • Failed to parse target product codes., xrefs: 0119E64A
                                                            • InstallSize, xrefs: 0119E1A8
                                                            • Failed to select package nodes., xrefs: 0119E03D
                                                            • Failed to get @InstallSize., xrefs: 0119E67C
                                                            • wininet.dll, xrefs: 0119E203
                                                            • crypt32.dll, xrefs: 0119E264
                                                            • Failed to get next node., xrefs: 0119E6B7
                                                            • Failed to get @InstallCondition., xrefs: 0119E4A2
                                                            • Failed to get @Size., xrefs: 0119E683
                                                            • Failed to parse MSI package., xrefs: 0119E36A
                                                            • Cache, xrefs: 0119E0F4
                                                            • Failed to get @PerMachine., xrefs: 0119E675
                                                            • ExePackage, xrefs: 0119E300
                                                            • cabinet.dll, xrefs: 0119E1A7
                                                            • feclient.dll, xrefs: 0119E241
                                                            • MsuPackage, xrefs: 0119E3AF
                                                            • Failed to allocate memory for patch sequence information to package lookup., xrefs: 0119E519
                                                            • Failed to find forward transaction boundary: %ls, xrefs: 0119E4AF
                                                            • PerMachine, xrefs: 0119E1C3
                                                            • clbcatq.dll, xrefs: 0119E1C2
                                                            • Permanent, xrefs: 0119E1DE
                                                            • Failed to get @Id., xrefs: 0119E6B0
                                                            • Failed to get @Cache., xrefs: 0119E6A9
                                                            • Failed to select rollback boundary nodes., xrefs: 0119DF12
                                                            • RollbackBoundaryForward, xrefs: 0119E288
                                                            • Vital, xrefs: 0119DFD0, 0119E204
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeHeapString$AllocateProcess
                                                            • String ID: Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$Invalid cache type: %ls$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$always$c:\agent\_work\66\s\src\burn\engine\package.cpp$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msi.dll$wininet.dll$yes
                                                            • API String ID: 336948655-1842247414
                                                            • Opcode ID: 734f20bf1f673dd0cfafd1932f89a7220afc550a3f2b42bffe75eda25f977417
                                                            • Instruction ID: f785f3f057ef768491e3c4a1e4e5875ab99d520a9d2c26d299cea9caf3625ab2
                                                            • Opcode Fuzzy Hash: 734f20bf1f673dd0cfafd1932f89a7220afc550a3f2b42bffe75eda25f977417
                                                            • Instruction Fuzzy Hash: BF32C431E05216FBDF2DDA55CC41BADBAB5BF04B20F154269E931BB290D770AA02CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119F981 Relevance: 114.2, APIs: 3, Strings: 62, Instructions: 445COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 220 119f981-119f9b2 call 11d3209 223 119f9b4 220->223 224 119f9b6-119f9b8 220->224 223->224 225 119f9ba-119f9c7 call 11cfb09 224->225 226 119f9cc-119f9e5 call 11d2b5d 224->226 231 119feb4-119feb9 225->231 232 119f9f1-119fa06 call 11d2b5d 226->232 233 119f9e7-119f9ec 226->233 236 119febb-119febd 231->236 237 119fec1-119fec6 231->237 244 119fa08-119fa0d 232->244 245 119fa12-119fa1f call 119e9fc 232->245 234 119feab-119feb2 call 11cfb09 233->234 250 119feb3 234->250 236->237 238 119fec8-119feca 237->238 239 119fece-119fed3 237->239 238->239 242 119fedb-119fedf 239->242 243 119fed5-119fed7 239->243 247 119fee9-119feee 242->247 248 119fee1-119fee4 call 1192762 242->248 243->242 244->234 253 119fa2b-119fa40 call 11d2b5d 245->253 254 119fa21-119fa26 245->254 248->247 250->231 257 119fa4c-119fa5e call 11d44b2 253->257 258 119fa42-119fa47 253->258 254->234 261 119fa6d-119fa82 call 11d2b5d 257->261 262 119fa60-119fa68 257->262 258->234 267 119fa8e-119faa3 call 11d2b5d 261->267 268 119fa84-119fa89 261->268 263 119fd37-119fd40 call 11cfb09 262->263 263->250 272 119faaf-119fac1 call 11d2d69 267->272 273 119faa5-119faaa 267->273 268->234 276 119facd-119fae3 call 11d3209 272->276 277 119fac3-119fac8 272->277 273->234 280 119fae9-119faeb 276->280 281 119fd92-119fdac call 119ec76 276->281 277->234 282 119faed-119faf2 280->282 283 119faf7-119fb0c call 11d2d69 280->283 288 119fdb8-119fdd0 call 11d3209 281->288 289 119fdae-119fdb3 281->289 282->234 290 119fb18-119fb2d call 11d2b5d 283->290 291 119fb0e-119fb13 283->291 296 119fe9a-119fe9b call 119f0a6 288->296 297 119fdd6-119fdd8 288->297 289->234 299 119fb3d-119fb52 call 11d2b5d 290->299 300 119fb2f-119fb31 290->300 291->234 305 119fea0-119fea4 296->305 301 119fdda-119fddf 297->301 302 119fde4-119fe02 call 11d2b5d 297->302 310 119fb62-119fb77 call 11d2b5d 299->310 311 119fb54-119fb56 299->311 300->299 306 119fb33-119fb38 300->306 301->234 312 119fe0e-119fe26 call 11d2b5d 302->312 313 119fe04-119fe09 302->313 305->250 309 119fea6 305->309 306->234 309->234 321 119fb79-119fb7b 310->321 322 119fb87-119fb9c call 11d2b5d 310->322 311->310 314 119fb58-119fb5d 311->314 319 119fe28-119fe2a 312->319 320 119fe33-119fe4b call 11d2b5d 312->320 313->234 314->234 319->320 323 119fe2c-119fe31 319->323 329 119fe58-119fe70 call 11d2b5d 320->329 330 119fe4d-119fe4f 320->330 321->322 324 119fb7d-119fb82 321->324 331 119fbac-119fbc1 call 11d2b5d 322->331 332 119fb9e-119fba0 322->332 323->234 324->234 339 119fe79-119fe91 call 11d2b5d 329->339 340 119fe72-119fe77 329->340 330->329 333 119fe51-119fe56 330->333 341 119fbd1-119fbdd call 11d2b5d 331->341 342 119fbc3-119fbc5 331->342 332->331 334 119fba2-119fba7 332->334 333->234 334->234 339->296 348 119fe93-119fe98 339->348 340->234 347 119fbe2-119fbe6 341->347 342->341 344 119fbc7-119fbcc 342->344 344->234 349 119fbe8-119fbea 347->349 350 119fbf6-119fc0b call 11d2b5d 347->350 348->234 349->350 351 119fbec-119fbf1 349->351 354 119fc1b-119fc30 call 11d2b5d 350->354 355 119fc0d-119fc0f 350->355 351->234 359 119fc40-119fc58 call 11d2b5d 354->359 360 119fc32-119fc34 354->360 355->354 356 119fc11-119fc16 355->356 356->234 364 119fc68-119fc80 call 11d2b5d 359->364 365 119fc5a-119fc5c 359->365 360->359 361 119fc36-119fc3b 360->361 361->234 369 119fc90-119fca5 call 11d2b5d 364->369 370 119fc82-119fc84 364->370 365->364 366 119fc5e-119fc63 365->366 366->234 374 119fcab-119fcc8 CompareStringW 369->374 375 119fd45-119fd47 369->375 370->369 371 119fc86-119fc8b 370->371 371->234 376 119fcca-119fcd0 374->376 377 119fcd2-119fce7 CompareStringW 374->377 378 119fd49-119fd50 375->378 379 119fd52-119fd54 375->379 380 119fd13-119fd18 376->380 381 119fce9-119fcf3 377->381 382 119fcf5-119fd0a CompareStringW 377->382 378->379 383 119fd60-119fd78 call 11d2d69 379->383 384 119fd56-119fd5b 379->384 380->379 381->380 386 119fd1a-119fd32 call 11938ba 382->386 387 119fd0c 382->387 383->281 390 119fd7a-119fd7c 383->390 384->234 386->263 387->380 392 119fd88 390->392 393 119fd7e-119fd83 390->393 392->281 393->234
                                                            C-Code - Quality: 67%
                                                            			E0119F981(void* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				short* _v16;
				void* _v20;
				void* _t112;
				void* _t145;
				int _t158;
				void* _t164;
				signed int _t166;
				intOrPtr* _t167;
				intOrPtr* _t168;
				intOrPtr* _t169;
				void* _t174;
				intOrPtr _t175;
				void* _t177;
				void* _t186;
				void* _t188;

				_t174 = __edi;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				_t177 = E011D3209(_a8, L"Registration",  &_v12);
				_t164 = 0x80070490;
				if(_t177 == 1) {
					_t177 = 0x80070490;
				}
				if(_t177 >= 0) {
					_push(_t174);
					_t175 = _a4;
					_t8 = _t175 + 0x10; // 0x1195492
					if(E011D2B5D(_v12, L"Id", _t8) >= 0) {
						_t10 = _t175 + 0x14; // 0x1195496
						if(E011D2B5D(_v12, L"Tag", _t10) >= 0) {
							if(E0119E9FC(_t175, _t175, _a8) >= 0) {
								if(E011D2B5D(_v12, L"Version",  &_v16) >= 0) {
									_t15 = _t175 + 0x38; // 0x11954ba
									if(E011D44B2(_v16, 0, _t15) >= 0) {
										_t18 = _t175 + 0x44; // 0x11954c6
										if(E011D2B5D(_v12, L"ProviderKey", _t18) >= 0) {
											_t20 = _t175 + 0x48; // 0x11954ca
											if(E011D2B5D(_v12, L"ExecutableName", _t20) >= 0) {
												if(E011D2D69(_t166, _v12, L"PerMachine", _t175) >= 0) {
													_t186 = E011D3209(_v12, L"Arp",  &_v8);
													if(_t186 == 1) {
														L73:
														_t62 = _t175 + 0x98; // 0x119551a
														_t63 = _t175 + 0x94; // 0x1195516
														if(E0119EC76(_v12, _t63, _t62) >= 0) {
															_t188 = E011D3209(_v12, L"Update",  &_v20);
															if(_t188 == 1) {
																L90:
																_t112 = E0119F0A6(_t166, _t175); // executed
																_t188 = _t112;
																if(_t188 >= 0) {
																	L93:
																	goto L94;
																}
																_push("Failed to set registration paths.");
																L92:
																_push(_t188);
																E011CFB09();
																goto L93;
															}
															if(_t188 >= 0) {
																 *((intOrPtr*)(_t175 + 0x9c)) = 1;
																_t68 = _t175 + 0xa0; // 0x1195522
																_t188 = E011D2B5D(_v20, L"Manufacturer", _t68);
																if(_t188 >= 0) {
																	_t70 = _t175 + 0xa4; // 0x1195526
																	_t188 = E011D2B5D(_v20, L"Department", _t70);
																	if(_t188 == _t164 || _t188 >= 0) {
																		_t72 = _t175 + 0xa8; // 0x119552a
																		_t188 = E011D2B5D(_v20, L"ProductFamily", _t72);
																		if(_t188 == _t164 || _t188 >= 0) {
																			_t74 = _t175 + 0xac; // 0x119552e
																			_t188 = E011D2B5D(_v20, L"Name", _t74);
																			if(_t188 >= 0) {
																				_t76 = _t175 + 0xb0; // 0x1195532
																				_t188 = E011D2B5D(_v20, L"Classification", _t76);
																				if(_t188 >= 0) {
																					goto L90;
																				}
																				_push("Failed to get @Classification.");
																				goto L92;
																			}
																			_push("Failed to get @Name.");
																		} else {
																			_push("Failed to get @ProductFamily.");
																		}
																	} else {
																		_push("Failed to get @Department.");
																	}
																	goto L92;
																}
																_push("Failed to get @Manufacturer.");
																goto L92;
															}
															_push("Failed to select Update node.");
															goto L92;
														}
														_push("Failed to parse software tag.");
														goto L92;
													}
													if(_t186 >= 0) {
														_t25 = _t175 + 4; // 0x1195486
														_t188 = E011D2D69(_t166, _v8, L"Register", _t25);
														if(_t188 >= 0) {
															_t27 = _t175 + 0x60; // 0x11954e2
															_t188 = E011D2B5D(_v8, L"DisplayName", _t27);
															if(_t188 == _t164 || _t188 >= 0) {
																_t29 = _t175 + 0x64; // 0x11954e6
																_t188 = E011D2B5D(_v8, L"DisplayVersion", _t29);
																if(_t188 == _t164 || _t188 >= 0) {
																	_t31 = _t175 + 0x68; // 0x11954ea
																	_t188 = E011D2B5D(_v8, L"Publisher", _t31);
																	if(_t188 == _t164 || _t188 >= 0) {
																		_t33 = _t175 + 0x6c; // 0x11954ee
																		_t188 = E011D2B5D(_v8, L"HelpLink", _t33);
																		if(_t188 == _t164 || _t188 >= 0) {
																			_t35 = _t175 + 0x70; // 0x11954f2
																			_t188 = E011D2B5D(_v8, L"HelpTelephone", _t35);
																			if(_t188 == _t164 || _t188 >= 0) {
																				_t37 = _t175 + 0x74; // 0x11954f6
																				_t145 = E011D2B5D(_v8, L"AboutUrl", _t37); // executed
																				_t188 = _t145;
																				if(_t188 == _t164 || _t188 >= 0) {
																					_t39 = _t175 + 0x78; // 0x11954fa
																					_t188 = E011D2B5D(_v8, L"UpdateUrl", _t39);
																					if(_t188 == _t164 || _t188 >= 0) {
																						_t41 = _t175 + 0x7c; // 0x11954fe
																						_t188 = E011D2B5D(_v8, L"ParentDisplayName", _t41);
																						if(_t188 == _t164 || _t188 >= 0) {
																							_t43 = _t175 + 0x80; // 0x1195502
																							_t188 = E011D2B5D(_v8, L"Comments", _t43);
																							if(_t188 == _t164 || _t188 >= 0) {
																								_t45 = _t175 + 0x84; // 0x1195506
																								_t188 = E011D2B5D(_v8, L"Contact", _t45);
																								if(_t188 == _t164 || _t188 >= 0) {
																									_t188 = E011D2B5D(_v8, L"DisableModify",  &_v16);
																									if(_t188 < 0) {
																										if(_t188 == _t164) {
																											 *(_t175 + 0x88) =  *(_t175 + 0x88) & 0x00000000;
																											_t188 = 0;
																										}
																										L67:
																										if(_t188 >= 0) {
																											_t59 = _t175 + 0x90; // 0x1195512
																											_t188 = E011D2D69(_t166, _v8, L"DisableRemove", _t59);
																											if(_t188 == _t164) {
																												goto L73;
																											}
																											if(_t188 >= 0) {
																												 *(_t175 + 0x8c) = 1;
																												goto L73;
																											}
																											_push("Failed to get @DisableRemove.");
																											goto L92;
																										}
																										_push("Failed to get @DisableModify.");
																										goto L92;
																									}
																									_t158 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"button", 0xffffffff);
																									_t166 = 2;
																									if(_t158 != _t166) {
																										if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
																											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
																												_t188 = 0x8000ffff;
																												E011938BA(_t160, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\registration.cpp", 0xfc, 0x8000ffff);
																												_push(_v16);
																												_push("Invalid modify disabled type: %ls");
																												L64:
																												_push(_t188);
																												E011CFB09();
																												goto L93;
																											}
																											 *(_t175 + 0x88) =  *(_t175 + 0x88) & 0x00000000;
																											L62:
																											_t164 = 0x80070490;
																											goto L67;
																										}
																										 *(_t175 + 0x88) = 1;
																										goto L62;
																									}
																									 *(_t175 + 0x88) = _t166;
																									goto L62;
																								} else {
																									_push("Failed to get @Contact.");
																									goto L92;
																								}
																							} else {
																								_push("Failed to get @Comments.");
																								goto L92;
																							}
																						} else {
																							_push("Failed to get @ParentDisplayName.");
																							goto L92;
																						}
																					} else {
																						_push("Failed to get @UpdateUrl.");
																						goto L92;
																					}
																				} else {
																					_push("Failed to get @AboutUrl.");
																					goto L92;
																				}
																			} else {
																				_push("Failed to get @HelpTelephone.");
																				goto L92;
																			}
																		} else {
																			_push("Failed to get @HelpLink.");
																			goto L92;
																		}
																	} else {
																		_push("Failed to get @Publisher.");
																		goto L92;
																	}
																} else {
																	_push("Failed to get @DisplayVersion.");
																	goto L92;
																}
															} else {
																_push("Failed to get @DisplayName.");
																goto L92;
															}
														}
														_push("Failed to get @Register.");
														goto L92;
													}
													_push("Failed to select ARP node.");
													goto L92;
												}
												_push("Failed to get @PerMachine.");
												goto L92;
											}
											_push("Failed to get @ExecutableName.");
											goto L92;
										}
										_push("Failed to get @ProviderKey.");
										goto L92;
									}
									_push(_v16);
									_push("Failed to parse @Version: %ls");
									goto L64;
								}
								_push("Failed to get @Version.");
								goto L92;
							}
							_push("Failed to parse related bundles");
							goto L92;
						}
						_push("Failed to get @Tag.");
						goto L92;
					}
					_push("Failed to get @Id.");
					goto L92;
				} else {
					_push("Failed to select registration node.");
					_push(_t177);
					E011CFB09();
					L94:
					_t167 = _v12;
					if(_t167 != 0) {
						 *((intOrPtr*)( *_t167 + 8))(_t167);
					}
					_t168 = _v8;
					if(_t168 != 0) {
						 *((intOrPtr*)( *_t168 + 8))(_t168);
					}
					_t169 = _v20;
					if(_t169 != 0) {
						 *((intOrPtr*)( *_t169 + 8))(_t169);
					}
					if(_v16 != 0) {
						E01192762(_v16);
					}
					return _t188;
				}
			}




















                                                            0x0119f981
                                                            0x0119f98b
                                                            0x0119f98e
                                                            0x0119f991
                                                            0x0119f994
                                                            0x0119f9a8
                                                            0x0119f9aa
                                                            0x0119f9b2
                                                            0x0119f9b4
                                                            0x0119f9b4
                                                            0x0119f9b8
                                                            0x0119f9cc
                                                            0x0119f9cd
                                                            0x0119f9d0
                                                            0x0119f9e5
                                                            0x0119f9f1
                                                            0x0119fa06
                                                            0x0119fa1f
                                                            0x0119fa40
                                                            0x0119fa4c
                                                            0x0119fa5e
                                                            0x0119fa6d
                                                            0x0119fa82
                                                            0x0119fa8e
                                                            0x0119faa3
                                                            0x0119fac1
                                                            0x0119fade
                                                            0x0119fae3
                                                            0x0119fd92
                                                            0x0119fd92
                                                            0x0119fd99
                                                            0x0119fdac
                                                            0x0119fdc9
                                                            0x0119fdd0
                                                            0x0119fe9a
                                                            0x0119fe9b
                                                            0x0119fea0
                                                            0x0119fea4
                                                            0x0119feb3
                                                            0x00000000
                                                            0x0119feb3
                                                            0x0119fea6
                                                            0x0119feab
                                                            0x0119feab
                                                            0x0119feac
                                                            0x00000000
                                                            0x0119feb2
                                                            0x0119fdd8
                                                            0x0119fde4
                                                            0x0119fdea
                                                            0x0119fdfe
                                                            0x0119fe02
                                                            0x0119fe0e
                                                            0x0119fe22
                                                            0x0119fe26
                                                            0x0119fe33
                                                            0x0119fe47
                                                            0x0119fe4b
                                                            0x0119fe58
                                                            0x0119fe6c
                                                            0x0119fe70
                                                            0x0119fe79
                                                            0x0119fe8d
                                                            0x0119fe91
                                                            0x00000000
                                                            0x00000000
                                                            0x0119fe93
                                                            0x00000000
                                                            0x0119fe93
                                                            0x0119fe72
                                                            0x0119fe51
                                                            0x0119fe51
                                                            0x0119fe51
                                                            0x0119fe2c
                                                            0x0119fe2c
                                                            0x0119fe2c
                                                            0x00000000
                                                            0x0119fe26
                                                            0x0119fe04
                                                            0x00000000
                                                            0x0119fe04
                                                            0x0119fdda
                                                            0x00000000
                                                            0x0119fdda
                                                            0x0119fdae
                                                            0x00000000
                                                            0x0119fdae
                                                            0x0119faeb
                                                            0x0119faf7
                                                            0x0119fb08
                                                            0x0119fb0c
                                                            0x0119fb18
                                                            0x0119fb29
                                                            0x0119fb2d
                                                            0x0119fb3d
                                                            0x0119fb4e
                                                            0x0119fb52
                                                            0x0119fb62
                                                            0x0119fb73
                                                            0x0119fb77
                                                            0x0119fb87
                                                            0x0119fb98
                                                            0x0119fb9c
                                                            0x0119fbac
                                                            0x0119fbbd
                                                            0x0119fbc1
                                                            0x0119fbd1
                                                            0x0119fbdd
                                                            0x0119fbe2
                                                            0x0119fbe6
                                                            0x0119fbf6
                                                            0x0119fc07
                                                            0x0119fc0b
                                                            0x0119fc1b
                                                            0x0119fc2c
                                                            0x0119fc30
                                                            0x0119fc40
                                                            0x0119fc54
                                                            0x0119fc58
                                                            0x0119fc68
                                                            0x0119fc7c
                                                            0x0119fc80
                                                            0x0119fca1
                                                            0x0119fca5
                                                            0x0119fd47
                                                            0x0119fd49
                                                            0x0119fd50
                                                            0x0119fd50
                                                            0x0119fd52
                                                            0x0119fd54
                                                            0x0119fd60
                                                            0x0119fd74
                                                            0x0119fd78
                                                            0x00000000
                                                            0x00000000
                                                            0x0119fd7c
                                                            0x0119fd88
                                                            0x00000000
                                                            0x0119fd88
                                                            0x0119fd7e
                                                            0x00000000
                                                            0x0119fd7e
                                                            0x0119fd56
                                                            0x00000000
                                                            0x0119fd56
                                                            0x0119fcc1
                                                            0x0119fcc5
                                                            0x0119fcc8
                                                            0x0119fce7
                                                            0x0119fd0a
                                                            0x0119fd1a
                                                            0x0119fd2a
                                                            0x0119fd2f
                                                            0x0119fd32
                                                            0x0119fd37
                                                            0x0119fd37
                                                            0x0119fd38
                                                            0x00000000
                                                            0x0119fd3d
                                                            0x0119fd0c
                                                            0x0119fd13
                                                            0x0119fd13
                                                            0x00000000
                                                            0x0119fd13
                                                            0x0119fce9
                                                            0x00000000
                                                            0x0119fce9
                                                            0x0119fcca
                                                            0x00000000
                                                            0x0119fc86
                                                            0x0119fc86
                                                            0x00000000
                                                            0x0119fc86
                                                            0x0119fc5e
                                                            0x0119fc5e
                                                            0x00000000
                                                            0x0119fc5e
                                                            0x0119fc36
                                                            0x0119fc36
                                                            0x00000000
                                                            0x0119fc36
                                                            0x0119fc11
                                                            0x0119fc11
                                                            0x00000000
                                                            0x0119fc11
                                                            0x0119fbec
                                                            0x0119fbec
                                                            0x00000000
                                                            0x0119fbec
                                                            0x0119fbc7
                                                            0x0119fbc7
                                                            0x00000000
                                                            0x0119fbc7
                                                            0x0119fba2
                                                            0x0119fba2
                                                            0x00000000
                                                            0x0119fba2
                                                            0x0119fb7d
                                                            0x0119fb7d
                                                            0x00000000
                                                            0x0119fb7d
                                                            0x0119fb58
                                                            0x0119fb58
                                                            0x00000000
                                                            0x0119fb58
                                                            0x0119fb33
                                                            0x0119fb33
                                                            0x00000000
                                                            0x0119fb33
                                                            0x0119fb2d
                                                            0x0119fb0e
                                                            0x00000000
                                                            0x0119fb0e
                                                            0x0119faed
                                                            0x00000000
                                                            0x0119faed
                                                            0x0119fac3
                                                            0x00000000
                                                            0x0119fac3
                                                            0x0119faa5
                                                            0x00000000
                                                            0x0119faa5
                                                            0x0119fa84
                                                            0x00000000
                                                            0x0119fa84
                                                            0x0119fa60
                                                            0x0119fa63
                                                            0x00000000
                                                            0x0119fa63
                                                            0x0119fa42
                                                            0x00000000
                                                            0x0119fa42
                                                            0x0119fa21
                                                            0x00000000
                                                            0x0119fa21
                                                            0x0119fa08
                                                            0x00000000
                                                            0x0119fa08
                                                            0x0119f9e7
                                                            0x00000000
                                                            0x0119f9ba
                                                            0x0119f9ba
                                                            0x0119f9bf
                                                            0x0119f9c0
                                                            0x0119feb4
                                                            0x0119feb4
                                                            0x0119feb9
                                                            0x0119febe
                                                            0x0119febe
                                                            0x0119fec1
                                                            0x0119fec6
                                                            0x0119fecb
                                                            0x0119fecb
                                                            0x0119fece
                                                            0x0119fed3
                                                            0x0119fed8
                                                            0x0119fed8
                                                            0x0119fedf
                                                            0x0119fee4
                                                            0x0119fee4
                                                            0x0119feee
                                                            0x0119feee

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: StringVariant$AllocClearFreeInit
                                                            • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$c:\agent\_work\66\s\src\burn\engine\registration.cpp$yes$@
                                                            • API String ID: 760788290-3384854740
                                                            • Opcode ID: f19b522005f0c8b80f2eb9c646ea1ca912eac3529b113db281da80e6efbeb88f
                                                            • Instruction ID: 5b58988cedccbb34eb68218d059b5bf915682da2ee89c9526727f32a600b5d43
                                                            • Opcode Fuzzy Hash: f19b522005f0c8b80f2eb9c646ea1ca912eac3529b113db281da80e6efbeb88f
                                                            • Instruction Fuzzy Hash: 44E1B732F40A77BBDF2E9AA1CC45FAD7EA4AB08A14F020225F931F7151D7B1AD464781
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119B45A Relevance: 95.1, APIs: 24, Strings: 30, Instructions: 577fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 394 119b45a-119b4cf call 11bf600 * 2 399 119b4d1-119b4db 394->399 400 119b507-119b50d 394->400 406 119b4e8 399->406 407 119b4dd-119b4e6 399->407 401 119b50f 400->401 402 119b511-119b523 SetFilePointerEx 400->402 401->402 403 119b525-119b52f 402->403 404 119b557-119b571 ReadFile 402->404 416 119b53c 403->416 417 119b531-119b53a 403->417 408 119b5a8-119b5af 404->408 409 119b573-119b57d 404->409 413 119b4ea 406->413 414 119b4ef-119b4fc call 11938ba 406->414 407->406 411 119b5b5-119b5be 408->411 412 119bba6-119bbba call 11938ba 408->412 421 119b58a 409->421 422 119b57f-119b588 409->422 411->412 419 119b5c4-119b5d4 SetFilePointerEx 411->419 434 119bbbf 412->434 413->414 429 119b501-119b502 414->429 423 119b53e 416->423 424 119b543-119b555 call 11938ba 416->424 417->416 426 119b60b-119b623 ReadFile 419->426 427 119b5d6-119b5e0 419->427 430 119b58c 421->430 431 119b591-119b5a3 call 11938ba 421->431 422->421 423->424 424->429 432 119b65a-119b661 426->432 433 119b625-119b62f 426->433 447 119b5ed 427->447 448 119b5e2-119b5eb 427->448 438 119bbc0-119bbc6 call 11cfb09 429->438 430->431 431->429 436 119bb8b-119bba4 call 11938ba 432->436 437 119b667-119b671 432->437 452 119b63c 433->452 453 119b631-119b63a 433->453 434->438 436->434 437->436 442 119b677-119b69a SetFilePointerEx 437->442 462 119bbc7-119bbd7 call 11bdd1f 438->462 449 119b69c-119b6a6 442->449 450 119b6d1-119b6e9 ReadFile 442->450 455 119b5ef 447->455 456 119b5f4-119b601 call 11938ba 447->456 448->447 472 119b6a8-119b6b1 449->472 473 119b6b3 449->473 460 119b6eb-119b6f5 450->460 461 119b720-119b738 ReadFile 450->461 458 119b63e 452->458 459 119b643-119b650 call 11938ba 452->459 453->452 455->456 456->426 458->459 459->432 476 119b702 460->476 477 119b6f7-119b700 460->477 465 119b73a-119b744 461->465 466 119b76f-119b78a SetFilePointerEx 461->466 487 119b751 465->487 488 119b746-119b74f 465->488 470 119b78c-119b796 466->470 471 119b7c4-119b7e3 ReadFile 466->471 493 119b798-119b7a1 470->493 494 119b7a3 470->494 481 119b7e9-119b7eb 471->481 482 119bb4c-119bb56 471->482 472->473 478 119b6ba-119b6c7 call 11938ba 473->478 479 119b6b5 473->479 483 119b709-119b716 call 11938ba 476->483 484 119b704 476->484 477->476 478->450 479->478 489 119b7ec-119b7f3 481->489 505 119bb58-119bb61 482->505 506 119bb63 482->506 483->461 484->483 497 119b758-119b765 call 11938ba 487->497 498 119b753 487->498 488->487 490 119b7f9-119b805 489->490 491 119bb27-119bb44 call 11938ba 489->491 499 119b810-119b819 490->499 500 119b807-119b80e 490->500 519 119bb49-119bb4a 491->519 493->494 503 119b7aa-119b7ba call 11938ba 494->503 504 119b7a5 494->504 497->466 498->497 510 119baea-119bb01 call 11938ba 499->510 511 119b81f-119b845 ReadFile 499->511 500->499 509 119b853-119b85a 500->509 503->471 504->503 505->506 514 119bb6a-119bb80 call 11938ba 506->514 515 119bb65 506->515 517 119b85c-119b87e call 11938ba 509->517 518 119b883-119b89a call 11939df 509->518 531 119bb06-119bb0c call 11cfb09 510->531 511->482 516 119b84b-119b851 511->516 525 119bb81-119bb89 call 11cfb09 514->525 515->514 516->489 517->519 533 119b89c-119b8b9 call 11938ba 518->533 534 119b8be-119b8d3 SetFilePointerEx 518->534 519->525 525->462 543 119bb12-119bb13 531->543 533->438 536 119b913-119b938 ReadFile 534->536 537 119b8d5-119b8df 534->537 540 119b93a-119b944 536->540 541 119b96f-119b97b 536->541 549 119b8ec 537->549 550 119b8e1-119b8ea 537->550 555 119b951 540->555 556 119b946-119b94f 540->556 546 119b97d-119b999 call 11938ba 541->546 547 119b99e-119b9a2 541->547 544 119bb14-119bb16 543->544 544->462 548 119bb1c-119bb22 call 1193aa4 544->548 546->531 552 119b9dd-119b9f0 call 11d4224 547->552 553 119b9a4-119b9d8 call 11938ba call 11cfb09 547->553 548->462 559 119b8ee 549->559 560 119b8f3-119b903 call 11938ba 549->560 550->549 569 119b9fc-119ba06 552->569 570 119b9f2-119b9f7 552->570 553->544 563 119b958-119b96d call 11938ba 555->563 564 119b953 555->564 556->555 559->560 574 119b908-119b90e call 11cfb09 560->574 563->574 564->563 575 119ba08-119ba0e 569->575 576 119ba10-119ba18 569->576 570->574 574->543 579 119ba29-119ba89 call 11939df 575->579 580 119ba1a-119ba22 576->580 581 119ba24-119ba27 576->581 586 119ba8b-119baa7 call 11938ba 579->586 587 119baad-119bace call 11beb00 call 119b1d7 579->587 580->579 581->579 586->587 587->544 594 119bad0-119bae0 call 11938ba 587->594 594->510
                                                            C-Code - Quality: 73%
                                                            			E0119B45A(union _LARGE_INTEGER* __edx, signed short _a4, void* _a8, void* _a12) {
				signed int _v8;
				union _LARGE_INTEGER _v12;
				void _v72;
				signed short _v300;
				signed int _v314;
				void _v320;
				union _LARGE_INTEGER _v340;
				long _v344;
				void _v360;
				long _v364;
				union _LARGE_INTEGER* _v368;
				intOrPtr _v372;
				void _v376;
				void _v380;
				struct _OVERLAPPED* _v384;
				union _LARGE_INTEGER* _v388;
				char _v392;
				intOrPtr _v396;
				union _LARGE_INTEGER _v400;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t100;
				void* _t108;
				signed short _t109;
				signed short _t118;
				signed short _t121;
				union _LARGE_INTEGER _t124;
				signed short _t125;
				signed short _t128;
				signed short _t131;
				signed short _t134;
				signed short _t137;
				intOrPtr* _t142;
				signed short _t151;
				signed short _t155;
				signed short _t158;
				signed short _t160;
				signed int _t213;
				void* _t215;
				signed short _t226;
				signed short _t230;
				signed short _t231;
				union _LARGE_INTEGER* _t232;
				void* _t233;
				void* _t236;
				signed short _t237;
				signed short _t241;
				signed int _t255;
				signed short _t264;

				_t232 = __edx;
				_t100 =  *0x11fa008; // 0x295f764a
				_v8 = _t100 ^ _t255;
				_t212 = _a4;
				_v364 = 0;
				_v392 = 0;
				_v388 = 0;
				E011BF600(_t233,  &_v72, 0, 0x40);
				E011BF600(_t233,  &_v320, 0, 0xf8);
				_v376 = 0;
				_v380 = 0;
				_v368 = 0;
				_t213 = 0xa;
				memset( &_v360, 0, _t213 << 2);
				_t215 = _a8;
				 *_t212 = _t215;
				if(_t215 != 0xffffffff) {
					_t108 = _a12;
					__eflags = _t108 - 0xffffffff;
					if(_t108 == 0xffffffff) {
						_t108 = _t215;
					}
					_t236 = SetFilePointerEx;
					_push(0);
					 *(_t212 + 4) = _t108;
					_t109 = SetFilePointerEx(_t215, 0, 0, 0); // executed
					__eflags = _t109;
					if(_t109 != 0) {
						_t112 = ReadFile( *_t212,  &_v72, 0x40,  &_v364, 0); // executed
						__eflags = _t112;
						if(_t112 != 0) {
							__eflags = _v364 - 0x40;
							if(_v364 < 0x40) {
								L116:
								_t236 = 0x8007000d;
								_t241 = 0x8007000d;
								E011938BA(_t112, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x4e, 0x8007000d);
								_push("Failed to find valid DOS image header in buffer.");
								L117:
								_push(_t236);
								goto L118;
							}
							_t112 = 0x5a4d;
							__eflags = 0x5a4d - _v72;
							if(0x5a4d != _v72) {
								goto L116;
							}
							_push(0);
							asm("cdq");
							_t118 = SetFilePointerEx( *_t212, _v12.LowPart, _t232, 0); // executed
							__eflags = _t118;
							if(_t118 != 0) {
								_t121 = ReadFile( *_t212,  &_v320, 0x18,  &_v364, 0); // executed
								__eflags = _t121;
								if(_t121 != 0) {
									__eflags = _v364 - 0x18;
									if(_v364 < 0x18) {
										L115:
										_t236 = 0x8007000d;
										_t241 = 0x8007000d;
										E011938BA(_t121, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x64, 0x8007000d);
										_push("Failed to find valid NT image header in buffer.");
										goto L117;
									}
									__eflags = _v320 - 0x4550;
									if(_v320 != 0x4550) {
										goto L115;
									}
									_t26 = _v12.LowPart + 0x58; // 0x58
									_t124 = _v12.LowPart + 0x98;
									_v396 = _t26;
									_push(0);
									_v400.LowPart = _t124;
									_t125 = SetFilePointerEx( *_t212, _t124, 0, 0); // executed
									__eflags = _t125;
									if(_t125 != 0) {
										_t128 = ReadFile( *_t212,  &_v376, 4,  &_v364, 0);
										__eflags = _t128;
										if(_t128 != 0) {
											_t131 = ReadFile( *_t212,  &_v380, 4,  &_v364, 0);
											__eflags = _t131;
											if(_t131 != 0) {
												_push(0);
												_t134 = SetFilePointerEx( *_t212, _v12 + (_v300 & 0x0000ffff) + 0x18, 0, 0); // executed
												__eflags = _t134;
												if(_t134 != 0) {
													_t236 = 0;
													_v384 = 0;
													_t137 = ReadFile( *_t212,  &_v360, 0x28,  &_v364, 0);
													__eflags = _t137;
													if(_t137 == 0) {
														L109:
														_t241 = GetLastError();
														__eflags = _t241;
														if(__eflags > 0) {
															_t241 = _t241 & 0x0000ffff | 0x80070000;
															__eflags = _t241;
														}
														if(__eflags >= 0) {
															_t241 = 0x80004005;
														}
														E011938BA(_t138, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x8d, _t241);
														_push(_t236);
														_push("Failed to read image section header, index: %u");
														_push(_t241);
														L114:
														E011CFB09();
														goto L119;
													}
													_t226 = 1;
													__eflags = 1;
													while(1) {
														__eflags = _v364 - 0x28;
														if(_v364 < 0x28) {
															break;
														}
														_t142 =  &_v360;
														__eflags =  *_t142 - 0x7869772e;
														if( *_t142 != 0x7869772e) {
															L66:
															_t143 = _v314 & 0x0000ffff;
															__eflags = _t226 - (_v314 & 0x0000ffff);
															if(_t226 >= (_v314 & 0x0000ffff)) {
																_t237 = 0x8007000d;
																_t241 = 0x8007000d;
																E011938BA(_t143, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xa0, 0x8007000d);
																_push("Failed to find Burn section.");
																L103:
																_push(_t237);
																E011CFB09();
																_t236 = _v368;
																L104:
																L105:
																__eflags = _t236;
																if(_t236 != 0) {
																	E01193AA4(_t236);
																}
																goto L119;
															}
															_t236 = _t236 + 1;
															_v384 = _t236;
															_v372 = _t226 + 1;
															_t137 = ReadFile( *_t212,  &_v360, 0x28,  &_v364, 0);
															__eflags = _t137;
															if(_t137 == 0) {
																goto L109;
															}
															_t226 = _v372;
															continue;
														}
														__eflags =  *((intOrPtr*)(_t142 + 4)) - 0x6e727562;
														if( *((intOrPtr*)(_t142 + 4)) == 0x6e727562) {
															__eflags = _v344 - 0x34;
															if(_v344 >= 0x34) {
																_t236 = E011939DF(_v344, 1);
																_v368 = _t236;
																__eflags = _t236;
																if(_t236 != 0) {
																	_push(0);
																	_t151 = SetFilePointerEx( *_t212, _v340.LowPart, 0, 0); // executed
																	__eflags = _t151;
																	if(_t151 != 0) {
																		_v372 = _v340 + 0x1c;
																		_t155 = ReadFile( *_t212, _t236, _v344,  &_v364, 0);
																		__eflags = _t155;
																		if(_t155 != 0) {
																			_t156 = _v344;
																			__eflags = _v344 - _v364;
																			if(_v344 <= _v364) {
																				__eflags =  *((intOrPtr*)(_t236 + 4)) - 2;
																				if( *((intOrPtr*)(_t236 + 4)) == 2) {
																					_t158 = E011D4224(_t226,  *(_t212 + 4),  &_v392);
																					__eflags = _t158;
																					if(_t158 >= 0) {
																						_t232 =  *(_t236 + 0x18);
																						 *(_t212 + 8) = _t232;
																						__eflags =  *(_t236 + 0x20);
																						if( *(_t236 + 0x20) == 0) {
																							_t230 = _v376;
																							__eflags = _t230;
																							if(_t230 == 0) {
																								_t160 =  *((intOrPtr*)(_t236 + 0x30)) + _t232;
																								__eflags = _t160;
																							} else {
																								_t160 = _v380 + _t230;
																							}
																						} else {
																							_t160 =  *((intOrPtr*)(_t236 + 0x24)) +  *(_t236 + 0x20);
																						}
																						 *(_t212 + 0xc) = _t160;
																						 *((intOrPtr*)(_t212 + 0x10)) = _v392;
																						 *((intOrPtr*)(_t212 + 0x14)) = _v388;
																						 *((intOrPtr*)(_t212 + 0x18)) = _v396;
																						 *(_t212 + 0x1c) = _v400;
																						 *((intOrPtr*)(_t212 + 0x20)) = _v372;
																						 *((intOrPtr*)(_t212 + 0x24)) =  *((intOrPtr*)(_t236 + 0x1c));
																						 *(_t212 + 0x28) =  *(_t236 + 0x20);
																						 *((intOrPtr*)(_t212 + 0x2c)) =  *((intOrPtr*)(_t236 + 0x24));
																						 *((intOrPtr*)(_t212 + 0x30)) =  *((intOrPtr*)(_t236 + 0x28));
																						 *(_t212 + 0x34) =  *(_t236 + 0x2c);
																						_t231 = E011939DF( *(_t236 + 0x2c) << 2, 1);
																						 *(_t212 + 0x38) = _t231;
																						__eflags = _t231;
																						if(_t231 != 0) {
																							_t95 = _t236 + 0x30; // 0x30
																							E011BEB00(_t231, _t95,  *(_t212 + 0x34) << 2);
																							_t96 = _t236 + 8; // 0x8
																							_t241 = E0119B1D7(_t96);
																							__eflags = _t241;
																							if(_t241 >= 0) {
																								goto L105;
																							}
																							E011938BA(_t178, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xf5, _t241);
																							_push("PE Header from file didn\'t match PE Header in memory.");
																							L79:
																							_push(_t241);
																							goto L80;
																						} else {
																							_t212 = 0x8007000e;
																							_t241 = 0x8007000e;
																							E011938BA(_t172, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xef, 0x8007000e);
																							_push("Failed to allocate memory for container sizes.");
																							_push(0x8007000e);
																							L80:
																							E011CFB09();
																							goto L104;
																						}
																					}
																					_push("Failed to get total size of bundle.");
																					goto L79;
																				}
																				_t241 = 0x8007000d;
																				E011938BA(_t156, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xcc, 0x8007000d);
																				E011CFB09(0x8007000d, "Failed to read section info, unsupported version: %08x", _v368->LowPart.HighPart);
																				_t236 = _v368;
																				goto L105;
																			}
																			_t237 = 0x8007000d;
																			_t241 = 0x8007000d;
																			E011938BA(_t156, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xc5, 0x8007000d);
																			_push("Failed to read complete section info.");
																			goto L103;
																		}
																		_t241 = GetLastError();
																		__eflags = _t241;
																		if(__eflags > 0) {
																			_t241 = _t241 & 0x0000ffff | 0x80070000;
																			__eflags = _t241;
																		}
																		if(__eflags >= 0) {
																			_t241 = 0x80004005;
																		}
																		E011938BA(_t188, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xc0, _t241);
																		_push("Failed to read section info.");
																		goto L79;
																	}
																	_t241 = GetLastError();
																	__eflags = _t241;
																	if(__eflags > 0) {
																		_t241 = _t241 & 0x0000ffff | 0x80070000;
																		__eflags = _t241;
																	}
																	if(__eflags >= 0) {
																		_t241 = 0x80004005;
																	}
																	E011938BA(_t190, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xb7, _t241);
																	_push("Failed to seek to section info.");
																	goto L79;
																}
																_t212 = 0x8007000e;
																_t241 = 0x8007000e;
																E011938BA(_t149, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xb1, 0x8007000e);
																_push("Failed to allocate buffer for section info.");
																_push(0x8007000e);
																goto L118;
															}
															_t236 = 0x8007000d;
															_t241 = 0x8007000d;
															E011938BA(_t142, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xac, 0x8007000d);
															_push(_v344);
															_push("Failed to read section info, data to short: %u");
															L108:
															_push(_t236);
															goto L114;
														}
														goto L66;
													}
													_t236 = 0x8007000d;
													_t241 = 0x8007000d;
													E011938BA(_t137, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x92, 0x8007000d);
													_push(_v384);
													_push("Failed to read complete image section header, index: %u");
													goto L108;
												}
												_t241 = GetLastError();
												__eflags = _t241;
												if(__eflags > 0) {
													_t241 = _t241 & 0x0000ffff | 0x80070000;
													__eflags = _t241;
												}
												if(__eflags >= 0) {
													_t241 = 0x80004005;
												}
												E011938BA(_t194, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x84, _t241);
												_push("Failed to seek past optional headers.");
												goto L6;
											}
											_t241 = GetLastError();
											__eflags = _t241;
											if(__eflags > 0) {
												_t241 = _t241 & 0x0000ffff | 0x80070000;
												__eflags = _t241;
											}
											if(__eflags >= 0) {
												_t241 = 0x80004005;
											}
											E011938BA(_t196, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x79, _t241);
											_push("Failed to read signature size.");
											goto L6;
										}
										_t241 = GetLastError();
										__eflags = _t241;
										if(__eflags > 0) {
											_t241 = _t241 & 0x0000ffff | 0x80070000;
											__eflags = _t241;
										}
										if(__eflags >= 0) {
											_t241 = 0x80004005;
										}
										E011938BA(_t198, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x74, _t241);
										_push("Failed to read signature offset.");
										goto L6;
									}
									_t241 = GetLastError();
									__eflags = _t241;
									if(__eflags > 0) {
										_t241 = _t241 & 0x0000ffff | 0x80070000;
										__eflags = _t241;
									}
									if(__eflags >= 0) {
										_t241 = 0x80004005;
									}
									E011938BA(_t200, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x6f, _t241);
									_push("Failed to seek to section info.");
									goto L6;
								}
								_t241 = GetLastError();
								__eflags = _t241;
								if(__eflags > 0) {
									_t241 = _t241 & 0x0000ffff | 0x80070000;
									__eflags = _t241;
								}
								if(__eflags >= 0) {
									_t241 = 0x80004005;
								}
								E011938BA(_t202, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x5f, _t241);
								_push("Failed to read NT header.");
								goto L6;
							}
							_t241 = GetLastError();
							__eflags = _t241;
							if(__eflags > 0) {
								_t241 = _t241 & 0x0000ffff | 0x80070000;
								__eflags = _t241;
							}
							if(__eflags >= 0) {
								_t241 = 0x80004005;
							}
							E011938BA(_t204, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x59, _t241);
							_push("Failed to seek to NT header.");
							goto L6;
						}
						_t241 = GetLastError();
						__eflags = _t241;
						if(__eflags > 0) {
							_t241 = _t241 & 0x0000ffff | 0x80070000;
							__eflags = _t241;
						}
						if(__eflags >= 0) {
							_t241 = 0x80004005;
						}
						E011938BA(_t206, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x49, _t241);
						_push("Failed to read DOS header.");
						goto L6;
					} else {
						_t241 = GetLastError();
						__eflags = _t241;
						if(__eflags > 0) {
							_t241 = _t241 & 0x0000ffff | 0x80070000;
							__eflags = _t241;
						}
						if(__eflags >= 0) {
							_t241 = 0x80004005;
						}
						E011938BA(_t208, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x43, _t241);
						_push("Failed to seek to start of file.");
						L6:
						_push(_t241);
						L118:
						E011CFB09();
						L119:
						return E011BDD1F(_t212, _v8 ^ _t255, _t232, _t236, _t241);
					}
				}
				_t241 = GetLastError();
				if(_t241 > 0) {
					_t241 = _t241 & 0x0000ffff | 0x80070000;
					_t264 = _t241;
				}
				if(_t264 >= 0) {
					_t241 = 0x80004005;
				}
				E011938BA(_t210, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x3a, _t241);
				_push("Failed to open handle to engine process path.");
				goto L6;
			}





















































                                                            0x0119b45a
                                                            0x0119b463
                                                            0x0119b46a
                                                            0x0119b46e
                                                            0x0119b47c
                                                            0x0119b482
                                                            0x0119b488
                                                            0x0119b48e
                                                            0x0119b4a0
                                                            0x0119b4a8
                                                            0x0119b4b0
                                                            0x0119b4bc
                                                            0x0119b4c4
                                                            0x0119b4c5
                                                            0x0119b4c7
                                                            0x0119b4ca
                                                            0x0119b4cf
                                                            0x0119b507
                                                            0x0119b50a
                                                            0x0119b50d
                                                            0x0119b50f
                                                            0x0119b50f
                                                            0x0119b511
                                                            0x0119b517
                                                            0x0119b51c
                                                            0x0119b51f
                                                            0x0119b521
                                                            0x0119b523
                                                            0x0119b56d
                                                            0x0119b56f
                                                            0x0119b571
                                                            0x0119b5a8
                                                            0x0119b5af
                                                            0x0119bba6
                                                            0x0119bba6
                                                            0x0119bbb3
                                                            0x0119bbb5
                                                            0x0119bbba
                                                            0x0119bbbf
                                                            0x0119bbbf
                                                            0x00000000
                                                            0x0119bbbf
                                                            0x0119b5b5
                                                            0x0119b5ba
                                                            0x0119b5be
                                                            0x00000000
                                                            0x00000000
                                                            0x0119b5c7
                                                            0x0119b5cb
                                                            0x0119b5d0
                                                            0x0119b5d2
                                                            0x0119b5d4
                                                            0x0119b61f
                                                            0x0119b621
                                                            0x0119b623
                                                            0x0119b65a
                                                            0x0119b661
                                                            0x0119bb8b
                                                            0x0119bb8b
                                                            0x0119bb98
                                                            0x0119bb9a
                                                            0x0119bb9f
                                                            0x00000000
                                                            0x0119bb9f
                                                            0x0119b667
                                                            0x0119b671
                                                            0x00000000
                                                            0x00000000
                                                            0x0119b67a
                                                            0x0119b67d
                                                            0x0119b682
                                                            0x0119b68a
                                                            0x0119b690
                                                            0x0119b696
                                                            0x0119b698
                                                            0x0119b69a
                                                            0x0119b6e5
                                                            0x0119b6e7
                                                            0x0119b6e9
                                                            0x0119b734
                                                            0x0119b736
                                                            0x0119b738
                                                            0x0119b780
                                                            0x0119b786
                                                            0x0119b788
                                                            0x0119b78a
                                                            0x0119b7c4
                                                            0x0119b7d6
                                                            0x0119b7df
                                                            0x0119b7e1
                                                            0x0119b7e3
                                                            0x0119bb4c
                                                            0x0119bb52
                                                            0x0119bb54
                                                            0x0119bb56
                                                            0x0119bb5b
                                                            0x0119bb61
                                                            0x0119bb61
                                                            0x0119bb63
                                                            0x0119bb65
                                                            0x0119bb65
                                                            0x0119bb75
                                                            0x0119bb7a
                                                            0x0119bb7b
                                                            0x0119bb80
                                                            0x0119bb81
                                                            0x0119bb81
                                                            0x00000000
                                                            0x0119bb86
                                                            0x0119b7eb
                                                            0x0119b7eb
                                                            0x0119b7ec
                                                            0x0119b7ec
                                                            0x0119b7f3
                                                            0x00000000
                                                            0x00000000
                                                            0x0119b7f9
                                                            0x0119b7ff
                                                            0x0119b805
                                                            0x0119b810
                                                            0x0119b810
                                                            0x0119b817
                                                            0x0119b819
                                                            0x0119baea
                                                            0x0119bafa
                                                            0x0119bafc
                                                            0x0119bb01
                                                            0x0119bb06
                                                            0x0119bb06
                                                            0x0119bb07
                                                            0x0119bb0c
                                                            0x0119bb12
                                                            0x0119bb14
                                                            0x0119bb14
                                                            0x0119bb16
                                                            0x0119bb1d
                                                            0x0119bb1d
                                                            0x00000000
                                                            0x0119bb16
                                                            0x0119b827
                                                            0x0119b831
                                                            0x0119b83b
                                                            0x0119b841
                                                            0x0119b843
                                                            0x0119b845
                                                            0x00000000
                                                            0x00000000
                                                            0x0119b84b
                                                            0x00000000
                                                            0x0119b84b
                                                            0x0119b807
                                                            0x0119b80e
                                                            0x0119b853
                                                            0x0119b85a
                                                            0x0119b890
                                                            0x0119b892
                                                            0x0119b898
                                                            0x0119b89a
                                                            0x0119b8c0
                                                            0x0119b8cb
                                                            0x0119b8d1
                                                            0x0119b8d3
                                                            0x0119b91e
                                                            0x0119b934
                                                            0x0119b936
                                                            0x0119b938
                                                            0x0119b96f
                                                            0x0119b975
                                                            0x0119b97b
                                                            0x0119b99e
                                                            0x0119b9a2
                                                            0x0119b9e7
                                                            0x0119b9ee
                                                            0x0119b9f0
                                                            0x0119b9fc
                                                            0x0119b9ff
                                                            0x0119ba02
                                                            0x0119ba06
                                                            0x0119ba10
                                                            0x0119ba16
                                                            0x0119ba18
                                                            0x0119ba27
                                                            0x0119ba27
                                                            0x0119ba1a
                                                            0x0119ba20
                                                            0x0119ba20
                                                            0x0119ba08
                                                            0x0119ba0b
                                                            0x0119ba0b
                                                            0x0119ba29
                                                            0x0119ba32
                                                            0x0119ba3b
                                                            0x0119ba44
                                                            0x0119ba4d
                                                            0x0119ba56
                                                            0x0119ba5c
                                                            0x0119ba62
                                                            0x0119ba68
                                                            0x0119ba6e
                                                            0x0119ba74
                                                            0x0119ba82
                                                            0x0119ba84
                                                            0x0119ba87
                                                            0x0119ba89
                                                            0x0119bab4
                                                            0x0119bab9
                                                            0x0119bac1
                                                            0x0119baca
                                                            0x0119bacc
                                                            0x0119bace
                                                            0x00000000
                                                            0x00000000
                                                            0x0119badb
                                                            0x0119bae0
                                                            0x0119b908
                                                            0x0119b908
                                                            0x00000000
                                                            0x0119ba8b
                                                            0x0119ba8b
                                                            0x0119ba9b
                                                            0x0119ba9d
                                                            0x0119baa2
                                                            0x0119baa7
                                                            0x0119b909
                                                            0x0119b909
                                                            0x00000000
                                                            0x0119b909
                                                            0x0119ba89
                                                            0x0119b9f2
                                                            0x00000000
                                                            0x0119b9f2
                                                            0x0119b9b4
                                                            0x0119b9b6
                                                            0x0119b9ca
                                                            0x0119b9cf
                                                            0x00000000
                                                            0x0119b9d5
                                                            0x0119b97d
                                                            0x0119b98d
                                                            0x0119b98f
                                                            0x0119b994
                                                            0x00000000
                                                            0x0119b994
                                                            0x0119b940
                                                            0x0119b942
                                                            0x0119b944
                                                            0x0119b949
                                                            0x0119b94f
                                                            0x0119b94f
                                                            0x0119b951
                                                            0x0119b953
                                                            0x0119b953
                                                            0x0119b963
                                                            0x0119b968
                                                            0x00000000
                                                            0x0119b968
                                                            0x0119b8db
                                                            0x0119b8dd
                                                            0x0119b8df
                                                            0x0119b8e4
                                                            0x0119b8ea
                                                            0x0119b8ea
                                                            0x0119b8ec
                                                            0x0119b8ee
                                                            0x0119b8ee
                                                            0x0119b8fe
                                                            0x0119b903
                                                            0x00000000
                                                            0x0119b903
                                                            0x0119b89c
                                                            0x0119b8ac
                                                            0x0119b8ae
                                                            0x0119b8b3
                                                            0x0119b8b8
                                                            0x00000000
                                                            0x0119b8b8
                                                            0x0119b85c
                                                            0x0119b86c
                                                            0x0119b86e
                                                            0x0119b873
                                                            0x0119b879
                                                            0x0119bb49
                                                            0x0119bb49
                                                            0x00000000
                                                            0x0119bb49
                                                            0x00000000
                                                            0x0119b80e
                                                            0x0119bb27
                                                            0x0119bb37
                                                            0x0119bb39
                                                            0x0119bb3e
                                                            0x0119bb44
                                                            0x00000000
                                                            0x0119bb44
                                                            0x0119b792
                                                            0x0119b794
                                                            0x0119b796
                                                            0x0119b79b
                                                            0x0119b7a1
                                                            0x0119b7a1
                                                            0x0119b7a3
                                                            0x0119b7a5
                                                            0x0119b7a5
                                                            0x0119b7b5
                                                            0x0119b7ba
                                                            0x00000000
                                                            0x0119b7ba
                                                            0x0119b740
                                                            0x0119b742
                                                            0x0119b744
                                                            0x0119b749
                                                            0x0119b74f
                                                            0x0119b74f
                                                            0x0119b751
                                                            0x0119b753
                                                            0x0119b753
                                                            0x0119b760
                                                            0x0119b765
                                                            0x00000000
                                                            0x0119b765
                                                            0x0119b6f1
                                                            0x0119b6f3
                                                            0x0119b6f5
                                                            0x0119b6fa
                                                            0x0119b700
                                                            0x0119b700
                                                            0x0119b702
                                                            0x0119b704
                                                            0x0119b704
                                                            0x0119b711
                                                            0x0119b716
                                                            0x00000000
                                                            0x0119b716
                                                            0x0119b6a2
                                                            0x0119b6a4
                                                            0x0119b6a6
                                                            0x0119b6ab
                                                            0x0119b6b1
                                                            0x0119b6b1
                                                            0x0119b6b3
                                                            0x0119b6b5
                                                            0x0119b6b5
                                                            0x0119b6c2
                                                            0x0119b6c7
                                                            0x00000000
                                                            0x0119b6c7
                                                            0x0119b62b
                                                            0x0119b62d
                                                            0x0119b62f
                                                            0x0119b634
                                                            0x0119b63a
                                                            0x0119b63a
                                                            0x0119b63c
                                                            0x0119b63e
                                                            0x0119b63e
                                                            0x0119b64b
                                                            0x0119b650
                                                            0x00000000
                                                            0x0119b650
                                                            0x0119b5dc
                                                            0x0119b5de
                                                            0x0119b5e0
                                                            0x0119b5e5
                                                            0x0119b5eb
                                                            0x0119b5eb
                                                            0x0119b5ed
                                                            0x0119b5ef
                                                            0x0119b5ef
                                                            0x0119b5fc
                                                            0x0119b601
                                                            0x00000000
                                                            0x0119b601
                                                            0x0119b579
                                                            0x0119b57b
                                                            0x0119b57d
                                                            0x0119b582
                                                            0x0119b588
                                                            0x0119b588
                                                            0x0119b58a
                                                            0x0119b58c
                                                            0x0119b58c
                                                            0x0119b599
                                                            0x0119b59e
                                                            0x00000000
                                                            0x0119b525
                                                            0x0119b52b
                                                            0x0119b52d
                                                            0x0119b52f
                                                            0x0119b534
                                                            0x0119b53a
                                                            0x0119b53a
                                                            0x0119b53c
                                                            0x0119b53e
                                                            0x0119b53e
                                                            0x0119b54b
                                                            0x0119b550
                                                            0x0119b501
                                                            0x0119b501
                                                            0x0119bbc0
                                                            0x0119bbc0
                                                            0x0119bbc7
                                                            0x0119bbd7
                                                            0x0119bbd7
                                                            0x0119b523
                                                            0x0119b4d7
                                                            0x0119b4db
                                                            0x0119b4e0
                                                            0x0119b4e6
                                                            0x0119b4e6
                                                            0x0119b4e8
                                                            0x0119b4ea
                                                            0x0119b4ea
                                                            0x0119b4f7
                                                            0x0119b4fc
                                                            0x00000000

                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,?,00000000,77D59EB0,00000000), ref: 0119B4D1
                                                            • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B51F
                                                            • GetLastError.KERNEL32(?,?,?,00000000,77D59EB0,00000000), ref: 0119B525
                                                            • ReadFile.KERNELBASE(00000000,011944B0,00000040,?,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B56D
                                                            • GetLastError.KERNEL32(?,?,?,00000000,77D59EB0,00000000), ref: 0119B573
                                                            • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B5D0
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B5D6
                                                            • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B61F
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B625
                                                            • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B696
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B69C
                                                            • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B6E5
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B6EB
                                                            • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B734
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B73A
                                                            • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B786
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B78C
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • ReadFile.KERNEL32(00000000,?,00000028,00000018,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B7DF
                                                            • ReadFile.KERNEL32(00000000,?,00000028,00000028,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B841
                                                            • SetFilePointerEx.KERNELBASE(00000000,?,00000000,00000000,00000000,00000034,00000001,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B8CB
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B8D5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: File$ErrorLast$Read$Pointer$Heap$AllocateProcess
                                                            • String ID: ($.wix$4$@Mqt$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$Jv_)$PE$PE Header from file didn't match PE Header in memory.$burn$c:\agent\_work\66\s\src\burn\engine\section.cpp
                                                            • API String ID: 3411815225-2141351751
                                                            • Opcode ID: e0a5de0733557e23523899ccb67404348f6c90b66c56cf08c130ba4c3a8d86d2
                                                            • Instruction ID: f07970cb9e48a850878508182cf2ff62f0d3e3e01ca72a046ad468ce3c847455
                                                            • Opcode Fuzzy Hash: e0a5de0733557e23523899ccb67404348f6c90b66c56cf08c130ba4c3a8d86d2
                                                            • Instruction Fuzzy Hash: B012FA72D45236ABEF3C9A659C45FAA7A78AF00B10F0101A9FD25BF280D7749D40CBD6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B0ABB Relevance: 56.3, APIs: 20, Strings: 12, Instructions: 306synchronizationCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 597 11b0abb-11b0ad2 SetEvent 598 11b0b14-11b0b22 WaitForSingleObject 597->598 599 11b0ad4-11b0ade 597->599 600 11b0b59-11b0b64 ResetEvent 598->600 601 11b0b24-11b0b2e 598->601 605 11b0aeb 599->605 606 11b0ae0-11b0ae9 599->606 602 11b0b9e-11b0ba4 600->602 603 11b0b66-11b0b70 600->603 614 11b0b3b 601->614 615 11b0b30-11b0b39 601->615 608 11b0bd7-11b0bf0 call 11922b5 602->608 609 11b0ba6-11b0ba9 602->609 622 11b0b7d 603->622 623 11b0b72-11b0b7b 603->623 610 11b0aed 605->610 611 11b0af2-11b0b02 call 11938ba 605->611 606->605 631 11b0c08-11b0c13 SetEvent 608->631 632 11b0bf2-11b0c03 call 11cfb09 608->632 616 11b0bab-11b0bc8 call 11938ba 609->616 617 11b0bcd-11b0bd2 609->617 610->611 637 11b0b07-11b0b0f call 11cfb09 611->637 624 11b0b3d 614->624 625 11b0b42-11b0b57 call 11938ba 614->625 615->614 635 11b0e83-11b0e89 call 11cfb09 616->635 619 11b0e8d-11b0e92 617->619 628 11b0e97-11b0e9d 619->628 629 11b0e94 619->629 633 11b0b7f 622->633 634 11b0b84-11b0b99 call 11938ba 622->634 623->622 624->625 625->637 629->628 639 11b0c4d-11b0c5b WaitForSingleObject 631->639 640 11b0c15-11b0c1f 631->640 650 11b0e8a-11b0e8c 632->650 633->634 634->637 635->650 637->619 643 11b0c5d-11b0c67 639->643 644 11b0c95-11b0ca0 ResetEvent 639->644 657 11b0c2c 640->657 658 11b0c21-11b0c2a 640->658 660 11b0c69-11b0c72 643->660 661 11b0c74 643->661 652 11b0cda-11b0ce1 644->652 653 11b0ca2-11b0cac 644->653 650->619 655 11b0ce3-11b0ce6 652->655 656 11b0d50-11b0d73 CreateFileW 652->656 669 11b0cb9 653->669 670 11b0cae-11b0cb7 653->670 664 11b0ce8-11b0ceb 655->664 665 11b0d13-11b0d17 call 11939df 655->665 662 11b0db0-11b0dc4 SetFilePointerEx 656->662 663 11b0d75-11b0d7f 656->663 666 11b0c2e 657->666 667 11b0c33-11b0c48 call 11938ba 657->667 658->657 660->661 674 11b0c7b-11b0c90 call 11938ba 661->674 675 11b0c76 661->675 672 11b0dfe-11b0e09 SetEndOfFile 662->672 673 11b0dc6-11b0dd0 662->673 694 11b0d8c 663->694 695 11b0d81-11b0d8a 663->695 676 11b0ced-11b0cf0 664->676 677 11b0d0c-11b0d0e 664->677 678 11b0d1c-11b0d21 665->678 666->667 690 11b0e82 667->690 680 11b0cbb 669->680 681 11b0cc0-11b0cd5 call 11938ba 669->681 670->669 686 11b0e0b-11b0e15 672->686 687 11b0e40-11b0e4d SetFilePointerEx 672->687 698 11b0ddd 673->698 699 11b0dd2-11b0ddb 673->699 674->690 675->674 684 11b0d02-11b0d07 676->684 685 11b0cf2-11b0cf8 676->685 677->619 688 11b0d23-11b0d3d call 11938ba 678->688 689 11b0d42-11b0d4b 678->689 680->681 681->690 684->650 685->684 709 11b0e22 686->709 710 11b0e17-11b0e20 686->710 687->650 693 11b0e4f-11b0e59 687->693 688->690 689->650 690->635 714 11b0e5b-11b0e64 693->714 715 11b0e66 693->715 701 11b0d8e 694->701 702 11b0d93-11b0da6 call 11938ba 694->702 695->694 705 11b0ddf 698->705 706 11b0de4-11b0df9 call 11938ba 698->706 699->698 701->702 702->662 705->706 706->690 711 11b0e29-11b0e3e call 11938ba 709->711 712 11b0e24 709->712 710->709 711->690 712->711 714->715 719 11b0e68 715->719 720 11b0e6d-11b0e7d call 11938ba 715->720 719->720 720->690
                                                            C-Code - Quality: 61%
                                                            			E011B0ABB(union _LARGE_INTEGER* __edx, intOrPtr _a4, union _LARGE_INTEGER* _a8) {
				long _t25;
				signed short _t26;
				signed short _t28;
				signed short _t30;
				long _t31;
				signed short _t32;
				signed short _t35;
				signed short _t38;
				signed short _t39;
				signed short _t41;
				signed short _t53;
				signed short _t54;
				signed short _t57;
				signed int _t74;
				union _LARGE_INTEGER* _t75;
				signed short _t78;
				void* _t79;
				union _LARGE_INTEGER* _t84;
				intOrPtr _t85;
				signed short _t86;
				signed short _t101;

				_t84 = __edx;
				_t85 = _a4;
				_t74 = 1;
				if(SetEvent( *(_t85 + 0x28)) != 0) {
					_t25 = WaitForSingleObject( *(_t85 + 0x24), 0xffffffff);
					__eflags = _t25 - 0xffffffff;
					if(_t25 != 0xffffffff) {
						_t26 = ResetEvent( *(_t85 + 0x24));
						__eflags = _t26;
						if(_t26 != 0) {
							_t28 =  *(_t85 + 0x2c) - 1;
							__eflags = _t28;
							if(_t28 == 0) {
								_t75 = _a8;
								_t86 = E011922B5(_t84,  *((intOrPtr*)(_t85 + 0x34)), _t75->LowPart.HighPart, 0, 0xfde9);
								__eflags = _t86;
								if(_t86 >= 0) {
									_t30 = SetEvent( *(_t85 + 0x28));
									__eflags = _t30;
									if(_t30 != 0) {
										_t31 = WaitForSingleObject( *(_t85 + 0x24), 0xffffffff);
										__eflags = _t31 - 0xffffffff;
										if(_t31 != 0xffffffff) {
											_t32 = ResetEvent( *(_t85 + 0x24));
											__eflags = _t32;
											if(_t32 != 0) {
												_t35 =  *(_t85 + 0x2c);
												__eflags = _t35;
												if(_t35 == 0) {
													_t79 = CreateFileW( *(_t85 + 0x38), 0x40000000, 1, 0, 2, 0x80, 0);
													 *(_t85 + 0x3c) = _t79;
													__eflags = _t79 - 0xffffffff;
													if(_t79 != 0xffffffff) {
														_push(0);
														asm("cdq");
														_t38 = SetFilePointerEx(_t79, _t75->LowPart, _t84, 0);
														__eflags = _t38;
														if(_t38 != 0) {
															_t39 = SetEndOfFile( *(_t85 + 0x3c));
															__eflags = _t39;
															if(_t39 != 0) {
																_push(0);
																_t41 = SetFilePointerEx( *(_t85 + 0x3c), 0, 0, 0);
																__eflags = _t41;
																if(_t41 == 0) {
																	_t86 = GetLastError();
																	__eflags = _t86;
																	if(__eflags > 0) {
																		_t86 = _t86 & 0x0000ffff | 0x80070000;
																		__eflags = _t86;
																	}
																	if(__eflags >= 0) {
																		_t86 = 0x80004005;
																	}
																	E011938BA(_t43, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x24f, _t86);
																	_push("Failed to set file pointer to beginning of file.");
																	goto L79;
																}
															} else {
																_t86 = GetLastError();
																__eflags = _t86;
																if(__eflags > 0) {
																	_t86 = _t86 & 0x0000ffff | 0x80070000;
																	__eflags = _t86;
																}
																if(__eflags >= 0) {
																	_t86 = 0x80004005;
																}
																E011938BA(_t46, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x249, _t86);
																_push("Failed to set end of file.");
																goto L79;
															}
														} else {
															_t86 = GetLastError();
															__eflags = _t86;
															if(__eflags > 0) {
																_t86 = _t86 & 0x0000ffff | 0x80070000;
																__eflags = _t86;
															}
															if(__eflags >= 0) {
																_t86 = 0x80004005;
															}
															E011938BA(_t48, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x244, _t86);
															_push("Failed to set file pointer to end of file.");
															goto L79;
														}
													} else {
														_t86 = GetLastError();
														__eflags = _t86;
														if(__eflags > 0) {
															_t86 = _t86 & 0x0000ffff | 0x80070000;
															__eflags = _t86;
														}
														if(__eflags >= 0) {
															_t86 = 0x80004005;
														}
														E011938BA(_t50, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x23d, _t86);
														_push( *(_t85 + 0x38));
														_push("Failed to create file: %ls");
														goto L26;
													}
													goto L81;
												} else {
													_t53 = _t35 - 1;
													__eflags = _t53;
													if(_t53 == 0) {
														_t54 = E011939DF(_t75->LowPart, 1); // executed
														 *(_t85 + 0x40) = _t54;
														__eflags = _t54;
														if(_t54 != 0) {
															 *(_t85 + 0x48) =  *(_t85 + 0x48) & 0x00000000;
															 *(_t85 + 0x44) =  *_t75;
														} else {
															_t86 = 0x8007000e;
															E011938BA(_t54, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x257, 0x8007000e);
															_push("Failed to allocate buffer for stream.");
															goto L79;
														}
														goto L81;
													} else {
														_t57 = _t53 - 1;
														__eflags = _t57;
														if(_t57 == 0) {
															_t74 = 0;
														} else {
															_t58 = _t57 == 1;
															__eflags = _t57 == 1;
															if(_t57 == 1) {
																_t86 = 0x80004004;
															} else {
																_t78 = 0x8007139f;
																_push(0x8007139f);
																_push(0x268);
																goto L22;
															}
															goto L81;
														}
													}
												}
											} else {
												_t86 = GetLastError();
												__eflags = _t86;
												if(__eflags > 0) {
													_t86 = _t86 & 0x0000ffff | 0x80070000;
													__eflags = _t86;
												}
												if(__eflags >= 0) {
													_t86 = 0x80004005;
												}
												E011938BA(_t60, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x232, _t86);
												_push("Failed to reset begin operation event.");
												goto L79;
											}
										} else {
											_t86 = GetLastError();
											__eflags = _t86;
											if(__eflags > 0) {
												_t86 = _t86 & 0x0000ffff | 0x80070000;
												__eflags = _t86;
											}
											if(__eflags >= 0) {
												_t86 = 0x80004005;
											}
											E011938BA(_t62, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x22d, _t86);
											_push("Failed to wait for begin operation event.");
											goto L79;
										}
									} else {
										_t86 = GetLastError();
										__eflags = _t86;
										if(__eflags > 0) {
											_t86 = _t86 & 0x0000ffff | 0x80070000;
											__eflags = _t86;
										}
										if(__eflags >= 0) {
											_t86 = 0x80004005;
										}
										E011938BA(_t64, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x227, _t86);
										_push("Failed to set operation complete event.");
										L79:
										_push(_t86);
										goto L80;
									}
								} else {
									_push(_t75->LowPart.HighPart);
									_push("Failed to copy stream name: %ls");
									L26:
									_push(_t86);
									E011CFB09();
									goto L81;
								}
							} else {
								_t58 = _t28 == 4;
								__eflags = _t28 == 4;
								if(_t28 == 4) {
									_t86 = 0x80004004;
								} else {
									_t78 = 0x8007139f;
									_push(0x8007139f);
									_push(0x21d);
									L22:
									_push("c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp");
									_t86 = _t78;
									E011938BA(_t58);
									_push("Invalid operation for this state.");
									_push(_t78);
									L80:
									E011CFB09();
									L81:
									_t74 = 1;
									__eflags = 1;
								}
							}
						} else {
							_t86 = GetLastError();
							__eflags = _t86;
							if(__eflags > 0) {
								_t86 = _t86 & 0x0000ffff | 0x80070000;
								__eflags = _t86;
							}
							if(__eflags >= 0) {
								_t86 = 0x80004005;
							}
							E011938BA(_t66, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x20f, _t86);
							_push("Failed to reset begin operation event.");
							goto L6;
						}
					} else {
						_t86 = GetLastError();
						__eflags = _t86;
						if(__eflags > 0) {
							_t86 = _t86 & 0x0000ffff | 0x80070000;
							__eflags = _t86;
						}
						if(__eflags >= 0) {
							_t86 = 0x80004005;
						}
						E011938BA(_t69, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x20a, _t86);
						_push("Failed to wait for begin operation event.");
						goto L6;
					}
				} else {
					_t86 = GetLastError();
					if(_t86 > 0) {
						_t86 = _t86 & 0x0000ffff | 0x80070000;
						_t101 = _t86;
					}
					if(_t101 >= 0) {
						_t86 = 0x80004005;
					}
					E011938BA(_t71, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x204, _t86);
					_push("Failed to set operation complete event.");
					L6:
					_push(_t86);
					E011CFB09();
				}
				 *(_t85 + 0x30) = _t86;
				if(_t86 < 0) {
					_t74 = _t74 | 0xffffffff;
				}
				return _t74;
			}
























                                                            0x011b0abb
                                                            0x011b0ac1
                                                            0x011b0ac6
                                                            0x011b0ad2
                                                            0x011b0b19
                                                            0x011b0b1f
                                                            0x011b0b22
                                                            0x011b0b5c
                                                            0x011b0b62
                                                            0x011b0b64
                                                            0x011b0ba1
                                                            0x011b0ba1
                                                            0x011b0ba4
                                                            0x011b0bd7
                                                            0x011b0bec
                                                            0x011b0bee
                                                            0x011b0bf0
                                                            0x011b0c0b
                                                            0x011b0c11
                                                            0x011b0c13
                                                            0x011b0c52
                                                            0x011b0c58
                                                            0x011b0c5b
                                                            0x011b0c98
                                                            0x011b0c9e
                                                            0x011b0ca0
                                                            0x011b0cde
                                                            0x011b0cde
                                                            0x011b0ce1
                                                            0x011b0d6b
                                                            0x011b0d6d
                                                            0x011b0d70
                                                            0x011b0d73
                                                            0x011b0db8
                                                            0x011b0dbc
                                                            0x011b0dc0
                                                            0x011b0dc2
                                                            0x011b0dc4
                                                            0x011b0e01
                                                            0x011b0e07
                                                            0x011b0e09
                                                            0x011b0e42
                                                            0x011b0e49
                                                            0x011b0e4b
                                                            0x011b0e4d
                                                            0x011b0e55
                                                            0x011b0e57
                                                            0x011b0e59
                                                            0x011b0e5e
                                                            0x011b0e64
                                                            0x011b0e64
                                                            0x011b0e66
                                                            0x011b0e68
                                                            0x011b0e68
                                                            0x011b0e78
                                                            0x011b0e7d
                                                            0x00000000
                                                            0x011b0e7d
                                                            0x011b0e0b
                                                            0x011b0e11
                                                            0x011b0e13
                                                            0x011b0e15
                                                            0x011b0e1a
                                                            0x011b0e20
                                                            0x011b0e20
                                                            0x011b0e22
                                                            0x011b0e24
                                                            0x011b0e24
                                                            0x011b0e34
                                                            0x011b0e39
                                                            0x00000000
                                                            0x011b0e39
                                                            0x011b0dc6
                                                            0x011b0dcc
                                                            0x011b0dce
                                                            0x011b0dd0
                                                            0x011b0dd5
                                                            0x011b0ddb
                                                            0x011b0ddb
                                                            0x011b0ddd
                                                            0x011b0ddf
                                                            0x011b0ddf
                                                            0x011b0def
                                                            0x011b0df4
                                                            0x00000000
                                                            0x011b0df4
                                                            0x011b0d75
                                                            0x011b0d7b
                                                            0x011b0d7d
                                                            0x011b0d7f
                                                            0x011b0d84
                                                            0x011b0d8a
                                                            0x011b0d8a
                                                            0x011b0d8c
                                                            0x011b0d8e
                                                            0x011b0d8e
                                                            0x011b0d9e
                                                            0x011b0da3
                                                            0x011b0da6
                                                            0x00000000
                                                            0x011b0da6
                                                            0x00000000
                                                            0x011b0ce3
                                                            0x011b0ce3
                                                            0x011b0ce3
                                                            0x011b0ce6
                                                            0x011b0d17
                                                            0x011b0d1c
                                                            0x011b0d1f
                                                            0x011b0d21
                                                            0x011b0d44
                                                            0x011b0d48
                                                            0x011b0d23
                                                            0x011b0d23
                                                            0x011b0d33
                                                            0x011b0d38
                                                            0x00000000
                                                            0x011b0d38
                                                            0x00000000
                                                            0x011b0ce8
                                                            0x011b0ce8
                                                            0x011b0ce8
                                                            0x011b0ceb
                                                            0x011b0d0c
                                                            0x011b0ced
                                                            0x011b0ced
                                                            0x011b0ced
                                                            0x011b0cf0
                                                            0x011b0d02
                                                            0x011b0cf2
                                                            0x011b0cf2
                                                            0x011b0cf7
                                                            0x011b0cf8
                                                            0x00000000
                                                            0x011b0cf8
                                                            0x00000000
                                                            0x011b0cf0
                                                            0x011b0ceb
                                                            0x011b0ce6
                                                            0x011b0ca2
                                                            0x011b0ca8
                                                            0x011b0caa
                                                            0x011b0cac
                                                            0x011b0cb1
                                                            0x011b0cb7
                                                            0x011b0cb7
                                                            0x011b0cb9
                                                            0x011b0cbb
                                                            0x011b0cbb
                                                            0x011b0ccb
                                                            0x011b0cd0
                                                            0x00000000
                                                            0x011b0cd0
                                                            0x011b0c5d
                                                            0x011b0c63
                                                            0x011b0c65
                                                            0x011b0c67
                                                            0x011b0c6c
                                                            0x011b0c72
                                                            0x011b0c72
                                                            0x011b0c74
                                                            0x011b0c76
                                                            0x011b0c76
                                                            0x011b0c86
                                                            0x011b0c8b
                                                            0x00000000
                                                            0x011b0c8b
                                                            0x011b0c15
                                                            0x011b0c1b
                                                            0x011b0c1d
                                                            0x011b0c1f
                                                            0x011b0c24
                                                            0x011b0c2a
                                                            0x011b0c2a
                                                            0x011b0c2c
                                                            0x011b0c2e
                                                            0x011b0c2e
                                                            0x011b0c3e
                                                            0x011b0c43
                                                            0x011b0e82
                                                            0x011b0e82
                                                            0x00000000
                                                            0x011b0e82
                                                            0x011b0bf2
                                                            0x011b0bf2
                                                            0x011b0bf5
                                                            0x011b0bfa
                                                            0x011b0bfa
                                                            0x011b0bfb
                                                            0x00000000
                                                            0x011b0c00
                                                            0x011b0ba6
                                                            0x011b0ba6
                                                            0x011b0ba6
                                                            0x011b0ba9
                                                            0x011b0bcd
                                                            0x011b0bab
                                                            0x011b0bab
                                                            0x011b0bb0
                                                            0x011b0bb1
                                                            0x011b0bb6
                                                            0x011b0bb6
                                                            0x011b0bbb
                                                            0x011b0bbd
                                                            0x011b0bc2
                                                            0x011b0bc7
                                                            0x011b0e83
                                                            0x011b0e83
                                                            0x011b0e8a
                                                            0x011b0e8c
                                                            0x011b0e8c
                                                            0x011b0e8c
                                                            0x011b0ba9
                                                            0x011b0b66
                                                            0x011b0b6c
                                                            0x011b0b6e
                                                            0x011b0b70
                                                            0x011b0b75
                                                            0x011b0b7b
                                                            0x011b0b7b
                                                            0x011b0b7d
                                                            0x011b0b7f
                                                            0x011b0b7f
                                                            0x011b0b8f
                                                            0x011b0b94
                                                            0x00000000
                                                            0x011b0b94
                                                            0x011b0b24
                                                            0x011b0b2a
                                                            0x011b0b2c
                                                            0x011b0b2e
                                                            0x011b0b33
                                                            0x011b0b39
                                                            0x011b0b39
                                                            0x011b0b3b
                                                            0x011b0b3d
                                                            0x011b0b3d
                                                            0x011b0b4d
                                                            0x011b0b52
                                                            0x00000000
                                                            0x011b0b52
                                                            0x011b0ad4
                                                            0x011b0ada
                                                            0x011b0ade
                                                            0x011b0ae3
                                                            0x011b0ae9
                                                            0x011b0ae9
                                                            0x011b0aeb
                                                            0x011b0aed
                                                            0x011b0aed
                                                            0x011b0afd
                                                            0x011b0b02
                                                            0x011b0b07
                                                            0x011b0b07
                                                            0x011b0b08
                                                            0x011b0b0e
                                                            0x011b0e8d
                                                            0x011b0e92
                                                            0x011b0e94
                                                            0x011b0e94
                                                            0x011b0e9d

                                                            APIs
                                                            • SetEvent.KERNEL32(?,?,?,?,?,011B066B,?,?), ref: 011B0ACA
                                                            • GetLastError.KERNEL32(?,?,?,?,011B066B,?,?), ref: 011B0AD4
                                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,011B066B,?,?), ref: 011B0B19
                                                            • GetLastError.KERNEL32(?,?,?,?,011B066B,?,?), ref: 011B0B24
                                                            • ResetEvent.KERNEL32(?,?,?,?,?,011B066B,?,?), ref: 011B0B5C
                                                            • GetLastError.KERNEL32(?,?,?,?,011B066B,?,?), ref: 011B0B66
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$Event$ObjectResetSingleWait
                                                            • String ID: @Mqt$Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 1865021742-1374639151
                                                            • Opcode ID: b639394512a9c36efd673243eb6c902aaea0efdb7ac9adaaa3bb001f9a26a298
                                                            • Instruction ID: 7eb9ddec441b7be9858547b909561a00503a9f0dbce88d314f20980bab850aa0
                                                            • Opcode Fuzzy Hash: b639394512a9c36efd673243eb6c902aaea0efdb7ac9adaaa3bb001f9a26a298
                                                            • Instruction Fuzzy Hash: 8191C637982B3777E73D55A95D89BDB6974BF08A24F020264FE21BF280D7599C0086D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01194D7A Relevance: 40.5, APIs: 6, Strings: 17, Instructions: 219COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 724 1194d7a-1194dc2 call 11bf600 call 11934c4 729 1194dc4-1194dd1 call 11cfb09 724->729 730 1194dd6-1194de0 call 11a97d7 724->730 735 1194f72-1194f7c 729->735 736 1194de9-1194df8 call 11a97dd 730->736 737 1194de2-1194de7 730->737 739 1194f7e-1194f83 CloseHandle 735->739 740 1194f87-1194f8b 735->740 743 1194dfd-1194e01 736->743 738 1194e1e-1194e39 call 1192022 737->738 753 1194e3b-1194e40 738->753 754 1194e42-1194e56 call 11a6955 738->754 739->740 744 1194f8d-1194f92 CloseHandle 740->744 745 1194f96-1194f9a 740->745 747 1194e18-1194e1b 743->747 748 1194e03 743->748 744->745 749 1194f9c-1194fa1 CloseHandle 745->749 750 1194fa5-1194fa7 745->750 747->738 755 1194e08-1194e13 call 11cfb09 748->755 749->750 751 1194fa9-1194faa CloseHandle 750->751 752 1194fac-1194fc0 call 119287d * 2 750->752 751->752 768 1194fca-1194fce 752->768 769 1194fc2-1194fc5 call 1192762 752->769 753->755 763 1194e58 754->763 764 1194e70-1194e84 call 11a6a0f 754->764 755->735 766 1194e5d 763->766 772 1194e8d-1194ea8 call 1192064 764->772 773 1194e86-1194e8b 764->773 770 1194e62-1194e6b call 11cfb09 766->770 775 1194fd8-1194fde 768->775 776 1194fd0-1194fd3 call 1192762 768->776 769->768 782 1194f6f 770->782 783 1194eaa-1194eaf 772->783 784 1194eb4-1194ecd call 1192064 772->784 773->766 776->775 782->735 783->755 787 1194ed9-1194f05 CreateProcessW 784->787 788 1194ecf-1194ed4 784->788 789 1194f42-1194f61 call 11d02ec 787->789 790 1194f07-1194f11 787->790 788->755 789->735 794 1194f63-1194f6a call 11cfb09 789->794 795 1194f1e 790->795 796 1194f13-1194f1c 790->796 794->782 798 1194f20 795->798 799 1194f25-1194f3d call 11938ba 795->799 796->795 798->799 799->770
                                                            C-Code - Quality: 60%
                                                            			E01194D7A(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				struct _SECURITY_ATTRIBUTES* _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				struct _SECURITY_ATTRIBUTES* _v32;
				struct _PROCESS_INFORMATION _v48;
				struct _STARTUPINFOW _v116;
				void* __edi;
				signed short _t66;
				signed short _t70;
				WCHAR* _t71;
				signed short _t73;
				signed short _t76;
				signed short _t79;
				signed short _t87;
				void* _t106;
				intOrPtr _t107;
				void* _t108;
				void* _t113;
				void* _t114;
				WCHAR* _t116;
				void* _t119;
				signed short _t124;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;

				_t113 = __edx;
				_v16 = 0;
				_v32 = 0;
				_v12 = 0;
				_v28 = 0;
				E011BF600(_t114,  &_v116, 0, 0x44);
				_v24 = 0;
				_v20 = 0;
				asm("stosd");
				_t128 = _t127 + 0xc;
				_t106 = 0;
				_v8 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t119 = E011934C4( &_v16, 0);
				if(_t119 >= 0) {
					_t66 = E011A97D7();
					_t107 = _a8;
					__eflags = _t66;
					if(_t66 == 0) {
						_t70 = E011A97DD(_t108, _t113, _t107 + 0xbc, _t107 + 0x48,  &_v32); // executed
						__eflags = _t70;
						if(_t70 >= 0) {
							_t116 = _v32;
							_t71 = _v16;
							goto L8;
						} else {
							_push("Failed to cache to clean room.");
							goto L6;
						}
					} else {
						_t71 = _v16;
						_t116 = _t71;
						L8:
						_push(_t71);
						_t73 = E01192022( &_v12, L"-%ls=\"%ls\"", L"burn.clean.room");
						_t129 = _t128 + 0x10;
						__eflags = _t73;
						if(_t73 >= 0) {
							_t76 = E011A6955(_t108,  *((intOrPtr*)(_t107 + 0x48)),  &_v24,  &_v12); // executed
							__eflags = _t76;
							if(_t76 >= 0) {
								_t79 = E011A6A0F(_t116,  &_v20,  &_v12, 0); // executed
								__eflags = _t79;
								if(_t79 >= 0) {
									_push(_a4);
									_t124 = E01192064( &_v12, L"%ls %ls", _v12);
									_t130 = _t129 + 0x10;
									__eflags = _t124;
									if(_t124 >= 0) {
										_push(_v12);
										_t124 = E01192064( &_v28, L"\"%ls\" %ls", _t116);
										_t129 = _t130 + 0x10;
										__eflags = _t124;
										if(_t124 >= 0) {
											_v116.wShowWindow =  *((intOrPtr*)(_t107 + 0x2c));
											_v116.cb = 0x44;
											_t87 = CreateProcessW(_t116, _v28, 0, 0, 1, 0, 0, 0,  &_v116,  &_v48); // executed
											__eflags = _t87;
											if(_t87 != 0) {
												_v8 = _v48.hProcess;
												_t106 = _v8;
												_v48.hProcess = 0;
												_t124 = E011D02EC(_t106, 0xffffffff, _t107 + 0xf8);
												__eflags = _t124;
												if(_t124 < 0) {
													E011CFB09(_t124, "Failed to wait for clean room process: %ls", _t116);
													goto L28;
												}
											} else {
												_t124 = GetLastError();
												__eflags = _t124;
												if(__eflags > 0) {
													_t124 = _t124 & 0x0000ffff | 0x80070000;
													__eflags = _t124;
												}
												if(__eflags >= 0) {
													_t124 = 0x80004005;
												}
												E011938BA(_t101, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\engine.cpp", 0x1ce, _t124);
												_push(_v28);
												_push("Failed to launch clean room process: %ls");
												goto L13;
											}
										} else {
											_push("Failed to allocate full command-line.");
											goto L6;
										}
									} else {
										_push("Failed to append original command line.");
										goto L6;
									}
								} else {
									_push(L"burn.filehandle.self");
									goto L12;
								}
							} else {
								_push(L"burn.filehandle.attached");
								L12:
								_push("Failed to append %ls");
								L13:
								_push(_t124);
								E011CFB09();
								_t106 = _v8;
								L28:
							}
						} else {
							_push("Failed to allocate parameters for unelevated process.");
							L6:
							_push(_t124);
							E011CFB09();
							_t106 = _v8;
						}
					}
				} else {
					_push("Failed to get path for current process.");
					_push(_t119);
					E011CFB09();
				}
				if(_v48.hThread != 0) {
					CloseHandle(_v48.hThread);
					_v48.hThread = _v48.hThread & 0x00000000;
				}
				if(_v20 != 0xffffffff) {
					CloseHandle(_v20);
					_v20 = _v20 | 0xffffffff;
				}
				if(_v24 != 0xffffffff) {
					CloseHandle(_v24);
					_v24 = _v24 | 0xffffffff;
				}
				if(_t106 != 0) {
					CloseHandle(_t106);
				}
				E0119287D(_v28);
				E0119287D(_v12);
				if(_v32 != 0) {
					E01192762(_v32);
				}
				if(_v16 != 0) {
					E01192762(_v16);
				}
				return _t124;
			}
































                                                            0x01194d7a
                                                            0x01194d8c
                                                            0x01194d8f
                                                            0x01194d92
                                                            0x01194d95
                                                            0x01194d98
                                                            0x01194d9f
                                                            0x01194da5
                                                            0x01194da8
                                                            0x01194da9
                                                            0x01194dac
                                                            0x01194dae
                                                            0x01194db1
                                                            0x01194db3
                                                            0x01194db4
                                                            0x01194dbe
                                                            0x01194dc2
                                                            0x01194dd6
                                                            0x01194ddb
                                                            0x01194dde
                                                            0x01194de0
                                                            0x01194df8
                                                            0x01194dff
                                                            0x01194e01
                                                            0x01194e18
                                                            0x01194e1b
                                                            0x00000000
                                                            0x01194e03
                                                            0x01194e03
                                                            0x00000000
                                                            0x01194e03
                                                            0x01194de2
                                                            0x01194de2
                                                            0x01194de5
                                                            0x01194e1e
                                                            0x01194e1e
                                                            0x01194e2d
                                                            0x01194e34
                                                            0x01194e37
                                                            0x01194e39
                                                            0x01194e4d
                                                            0x01194e54
                                                            0x01194e56
                                                            0x01194e7b
                                                            0x01194e82
                                                            0x01194e84
                                                            0x01194e8d
                                                            0x01194ea1
                                                            0x01194ea3
                                                            0x01194ea6
                                                            0x01194ea8
                                                            0x01194eb4
                                                            0x01194ec6
                                                            0x01194ec8
                                                            0x01194ecb
                                                            0x01194ecd
                                                            0x01194edf
                                                            0x01194eea
                                                            0x01194efd
                                                            0x01194f03
                                                            0x01194f05
                                                            0x01194f45
                                                            0x01194f4e
                                                            0x01194f55
                                                            0x01194f5d
                                                            0x01194f5f
                                                            0x01194f61
                                                            0x01194f6a
                                                            0x00000000
                                                            0x01194f6a
                                                            0x01194f07
                                                            0x01194f0d
                                                            0x01194f0f
                                                            0x01194f11
                                                            0x01194f16
                                                            0x01194f1c
                                                            0x01194f1c
                                                            0x01194f1e
                                                            0x01194f20
                                                            0x01194f20
                                                            0x01194f30
                                                            0x01194f35
                                                            0x01194f38
                                                            0x00000000
                                                            0x01194f38
                                                            0x01194ecf
                                                            0x01194ecf
                                                            0x00000000
                                                            0x01194ecf
                                                            0x01194eaa
                                                            0x01194eaa
                                                            0x00000000
                                                            0x01194eaa
                                                            0x01194e86
                                                            0x01194e86
                                                            0x00000000
                                                            0x01194e86
                                                            0x01194e58
                                                            0x01194e58
                                                            0x01194e5d
                                                            0x01194e5d
                                                            0x01194e62
                                                            0x01194e62
                                                            0x01194e63
                                                            0x01194e68
                                                            0x01194f6f
                                                            0x01194f6f
                                                            0x01194e3b
                                                            0x01194e3b
                                                            0x01194e08
                                                            0x01194e08
                                                            0x01194e09
                                                            0x01194e0e
                                                            0x01194e12
                                                            0x01194e39
                                                            0x01194dc4
                                                            0x01194dc4
                                                            0x01194dc9
                                                            0x01194dca
                                                            0x01194dd0
                                                            0x01194f7c
                                                            0x01194f81
                                                            0x01194f83
                                                            0x01194f83
                                                            0x01194f8b
                                                            0x01194f90
                                                            0x01194f92
                                                            0x01194f92
                                                            0x01194f9a
                                                            0x01194f9f
                                                            0x01194fa1
                                                            0x01194fa1
                                                            0x01194fa7
                                                            0x01194faa
                                                            0x01194faa
                                                            0x01194faf
                                                            0x01194fb7
                                                            0x01194fc0
                                                            0x01194fc5
                                                            0x01194fc5
                                                            0x01194fce
                                                            0x01194fd3
                                                            0x01194fd3
                                                            0x01194fde

                                                            APIs
                                                              • Part of subcall function 011934C4: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,011910DD,?,00000000), ref: 011934E5
                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 01194F81
                                                            • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 01194F90
                                                            • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 01194F9F
                                                            • CloseHandle.KERNEL32(?,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 01194FAA
                                                            Strings
                                                            • Failed to get path for current process., xrefs: 01194DC4
                                                            • %ls %ls, xrefs: 01194E96
                                                            • burn.filehandle.attached, xrefs: 01194E58
                                                            • Failed to allocate full command-line., xrefs: 01194ECF
                                                            • burn.clean.room, xrefs: 01194E1F
                                                            • Failed to launch clean room process: %ls, xrefs: 01194F38
                                                            • burn.filehandle.self, xrefs: 01194E86
                                                            • Failed to cache to clean room., xrefs: 01194E03
                                                            • Failed to allocate parameters for unelevated process., xrefs: 01194E3B
                                                            • -%ls="%ls", xrefs: 01194E27
                                                            • "%ls" %ls, xrefs: 01194EBB
                                                            • D, xrefs: 01194EEA
                                                            • Failed to wait for clean room process: %ls, xrefs: 01194F64
                                                            • Failed to append %ls, xrefs: 01194E5D
                                                            • @Mqt, xrefs: 01194F07
                                                            • Failed to append original command line., xrefs: 01194EAA
                                                            • c:\agent\_work\66\s\src\burn\engine\engine.cpp, xrefs: 01194F2B
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$FileModuleName
                                                            • String ID: "%ls" %ls$%ls %ls$-%ls="%ls"$@Mqt$D$Failed to allocate full command-line.$Failed to allocate parameters for unelevated process.$Failed to append %ls$Failed to append original command line.$Failed to cache to clean room.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to wait for clean room process: %ls$burn.clean.room$burn.filehandle.attached$burn.filehandle.self$c:\agent\_work\66\s\src\burn\engine\engine.cpp
                                                            • API String ID: 3884789274-2351515134
                                                            • Opcode ID: 1ff6fd9bda5a7b5c504fbaaa8b34683b39b0667da75cf8827e813f8c376c858c
                                                            • Instruction ID: b5f4ac44cdaf9caae99dc707347fb5d9b3998fc44448531a89227a5d81e2d757
                                                            • Opcode Fuzzy Hash: 1ff6fd9bda5a7b5c504fbaaa8b34683b39b0667da75cf8827e813f8c376c858c
                                                            • Instruction Fuzzy Hash: 5171C732D4122ABBDF29DBA9CD44EDF7B78AF04720F014215EA20B7240D7745A02CBE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A85B1 Relevance: 38.7, APIs: 9, Strings: 13, Instructions: 208fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 802 11a85b1-11a85ff CreateFileW 803 11a8601-11a860b 802->803 804 11a8645-11a8655 call 11d412e 802->804 810 11a8618 803->810 811 11a860d-11a8616 803->811 808 11a866d-11a8681 call 11d3709 804->808 809 11a8657-11a8668 call 11cfb09 804->809 821 11a869c-11a86a1 808->821 822 11a8683-11a8697 call 11cfb09 808->822 820 11a87e2-11a87e3 FindCloseChangeNotification 809->820 814 11a861a 810->814 815 11a861f-11a8640 call 11938ba call 11cfb09 810->815 811->810 814->815 823 11a87e9-11a87f9 call 11bdd1f 815->823 820->823 821->820 824 11a86a7-11a86b6 SetFilePointerEx 821->824 822->820 828 11a86b8-11a86c2 824->828 829 11a86f0-11a8700 call 11d4650 824->829 836 11a86cf 828->836 837 11a86c4-11a86cd 828->837 838 11a870c-11a871d SetFilePointerEx 829->838 839 11a8702-11a8707 829->839 842 11a86d1 836->842 843 11a86d6-11a86eb call 11938ba 836->843 837->836 840 11a871f-11a8729 838->840 841 11a8757-11a8767 call 11d4650 838->841 844 11a87da-11a87e1 call 11cfb09 839->844 852 11a872b-11a8734 840->852 853 11a8736 840->853 841->839 854 11a8769-11a8779 call 11d4650 841->854 842->843 843->844 844->820 852->853 855 11a8738 853->855 856 11a873d-11a8752 call 11938ba 853->856 854->839 861 11a877b-11a878c SetFilePointerEx 854->861 855->856 856->844 862 11a878e-11a8798 861->862 863 11a87c3-11a87ca call 11d4650 861->863 867 11a879a-11a87a3 862->867 868 11a87a5 862->868 866 11a87cf-11a87d3 863->866 866->820 869 11a87d5 866->869 867->868 870 11a87ac-11a87c1 call 11938ba 868->870 871 11a87a7 868->871 869->844 870->844 871->870
                                                            C-Code - Quality: 78%
                                                            			E011A85B1(void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v20;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				void* _t29;
				signed short _t31;
				signed short _t33;
				signed short _t37;
				signed short _t39;
				signed short _t41;
				signed short _t43;
				signed short _t46;
				signed short _t48;
				signed short _t50;
				intOrPtr _t62;
				WCHAR* _t63;
				void* _t69;
				void* _t71;
				signed short _t73;
				signed int _t79;
				signed short _t86;

				_t69 = __edx;
				_t25 =  *0x11fa008; // 0x295f764a
				_v8 = _t25 ^ _t79;
				_t63 = _a12;
				_t62 = _a16;
				_t72 = _a4;
				_v28 = _a8;
				_v32 = _a4;
				asm("stosd");
				asm("stosd");
				_v24 = _t63;
				asm("stosd"); // executed
				_t29 = CreateFileW(_t63, 0x40000000, 5, 0, 2, 0x8000080, 0); // executed
				_t71 = _t29;
				if(_t71 != 0xffffffff) {
					_t31 = E011D412E(_t63, _t72, 0, 0, 0, 0); // executed
					_t73 = _t31;
					__eflags = _t73;
					if(_t73 >= 0) {
						_t33 = E011D3709(_t69, _v32, _t71,  *((intOrPtr*)(_t62 + 0xc)), 0, 0); // executed
						_t73 = _t33;
						__eflags = _t73;
						if(_t73 >= 0) {
							__eflags =  *(_t62 + 0x28);
							if( *(_t62 + 0x28) != 0) {
								_push(0);
								_t37 = SetFilePointerEx(_t71,  *(_t62 + 0x18), 0, 0); // executed
								__eflags = _t37;
								if(_t37 != 0) {
									_t39 = E011D4650(0, _t71, _t62 + 0x24, 4); // executed
									__eflags = _t39;
									if(_t39 >= 0) {
										_push(0);
										_t41 = SetFilePointerEx(_t71,  *(_t62 + 0x1c), 0, 0); // executed
										__eflags = _t41;
										if(_t41 != 0) {
											_t43 = E011D4650(0, _t71, _t62 + 0x28, 4); // executed
											_t73 = _t43;
											__eflags = _t73;
											if(_t73 < 0) {
												goto L18;
											} else {
												_t46 = E011D4650(0, _t71, _t62 + 0x2c, 4); // executed
												_t73 = _t46;
												__eflags = _t73;
												if(_t73 < 0) {
													goto L18;
												} else {
													_push(0);
													_t48 = SetFilePointerEx(_t71,  *(_t62 + 0x20), 0, 0); // executed
													__eflags = _t48;
													if(_t48 != 0) {
														_t50 = E011D4650(0, _t71,  &_v20, 0xc); // executed
														_t73 = _t50;
														__eflags = _t73;
														if(_t73 < 0) {
															_push("Failed to zero out original data offset.");
															goto L35;
														}
													} else {
														_t73 = GetLastError();
														__eflags = _t73;
														if(__eflags > 0) {
															_t73 = _t73 & 0x0000ffff | 0x80070000;
															__eflags = _t73;
														}
														if(__eflags >= 0) {
															_t73 = 0x80004005;
														}
														E011938BA(_t51, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x6d6, _t73);
														_push("Failed to seek to original data in exe burn section header.");
														goto L35;
													}
												}
											}
										} else {
											_t73 = GetLastError();
											__eflags = _t73;
											if(__eflags > 0) {
												_t73 = _t73 & 0x0000ffff | 0x80070000;
												__eflags = _t73;
											}
											if(__eflags >= 0) {
												_t73 = 0x80004005;
											}
											E011938BA(_t53, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x6c9, _t73);
											_push("Failed to seek to signature table in exe header.");
											goto L35;
										}
									} else {
										L18:
										_push("Failed to update signature offset.");
										goto L35;
									}
								} else {
									_t73 = GetLastError();
									__eflags = _t73;
									if(__eflags > 0) {
										_t73 = _t73 & 0x0000ffff | 0x80070000;
										__eflags = _t73;
									}
									if(__eflags >= 0) {
										_t73 = 0x80004005;
									}
									E011938BA(_t55, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x6bf, _t73);
									_push("Failed to seek to checksum in exe header.");
									L35:
									_push(_t73);
									E011CFB09();
								}
							}
						} else {
							_push(_v24);
							E011CFB09(_t73, "Failed to copy engine from: %ls to: %ls", _v28);
						}
					} else {
						E011CFB09(_t73, "Failed to seek to beginning of engine file: %ls", _v28);
					}
					FindCloseChangeNotification(_t71); // executed
				} else {
					_t73 = GetLastError();
					if(_t73 > 0) {
						_t86 = _t73;
					}
					if(_t86 >= 0) {
						_t73 = 0x80004005;
					}
					E011938BA(_t59, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x6af, _t73);
					E011CFB09(_t73, "Failed to create engine file at path: %ls", _v24);
				}
				return E011BDD1F(_t62, _v8 ^ _t79, _t69, _t71, _t73);
			}





























                                                            0x011a85b1
                                                            0x011a85b7
                                                            0x011a85be
                                                            0x011a85c4
                                                            0x011a85c8
                                                            0x011a85cc
                                                            0x011a85d2
                                                            0x011a85df
                                                            0x011a85e4
                                                            0x011a85ee
                                                            0x011a85f0
                                                            0x011a85f3
                                                            0x011a85f4
                                                            0x011a85fa
                                                            0x011a85ff
                                                            0x011a864c
                                                            0x011a8651
                                                            0x011a8653
                                                            0x011a8655
                                                            0x011a8678
                                                            0x011a867d
                                                            0x011a867f
                                                            0x011a8681
                                                            0x011a869e
                                                            0x011a86a1
                                                            0x011a86a7
                                                            0x011a86ae
                                                            0x011a86b4
                                                            0x011a86b6
                                                            0x011a86f7
                                                            0x011a86fe
                                                            0x011a8700
                                                            0x011a870e
                                                            0x011a8715
                                                            0x011a871b
                                                            0x011a871d
                                                            0x011a875e
                                                            0x011a8763
                                                            0x011a8765
                                                            0x011a8767
                                                            0x00000000
                                                            0x011a8769
                                                            0x011a8770
                                                            0x011a8775
                                                            0x011a8777
                                                            0x011a8779
                                                            0x00000000
                                                            0x011a877b
                                                            0x011a877d
                                                            0x011a8784
                                                            0x011a878a
                                                            0x011a878c
                                                            0x011a87ca
                                                            0x011a87cf
                                                            0x011a87d1
                                                            0x011a87d3
                                                            0x011a87d5
                                                            0x00000000
                                                            0x011a87d5
                                                            0x011a878e
                                                            0x011a8794
                                                            0x011a8796
                                                            0x011a8798
                                                            0x011a879d
                                                            0x011a87a3
                                                            0x011a87a3
                                                            0x011a87a5
                                                            0x011a87a7
                                                            0x011a87a7
                                                            0x011a87b7
                                                            0x011a87bc
                                                            0x00000000
                                                            0x011a87bc
                                                            0x011a878c
                                                            0x011a8779
                                                            0x011a871f
                                                            0x011a8725
                                                            0x011a8727
                                                            0x011a8729
                                                            0x011a872e
                                                            0x011a8734
                                                            0x011a8734
                                                            0x011a8736
                                                            0x011a8738
                                                            0x011a8738
                                                            0x011a8748
                                                            0x011a874d
                                                            0x00000000
                                                            0x011a874d
                                                            0x011a8702
                                                            0x011a8702
                                                            0x011a8702
                                                            0x00000000
                                                            0x011a8702
                                                            0x011a86b8
                                                            0x011a86be
                                                            0x011a86c0
                                                            0x011a86c2
                                                            0x011a86c7
                                                            0x011a86cd
                                                            0x011a86cd
                                                            0x011a86cf
                                                            0x011a86d1
                                                            0x011a86d1
                                                            0x011a86e1
                                                            0x011a86e6
                                                            0x011a87da
                                                            0x011a87da
                                                            0x011a87db
                                                            0x011a87e1
                                                            0x011a86b6
                                                            0x011a8683
                                                            0x011a8683
                                                            0x011a868f
                                                            0x011a8694
                                                            0x011a8657
                                                            0x011a8660
                                                            0x011a8665
                                                            0x011a87e3
                                                            0x011a8601
                                                            0x011a8607
                                                            0x011a860b
                                                            0x011a8616
                                                            0x011a8616
                                                            0x011a8618
                                                            0x011a861a
                                                            0x011a861a
                                                            0x011a862a
                                                            0x011a8638
                                                            0x011a863d
                                                            0x011a87f9

                                                            APIs
                                                            • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,01194DFD,?,?,00000000,01194DFD,00000000), ref: 011A85F4
                                                            • GetLastError.KERNEL32 ref: 011A8601
                                                              • Part of subcall function 011D3709: ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 011D379F
                                                            • SetFilePointerEx.KERNELBASE(00000000,011DA4B8,00000000,00000000,00000000,?,00000000,011DA500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 011A86AE
                                                            • GetLastError.KERNEL32 ref: 011A86B8
                                                            • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,011DA500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 011A87E3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: File$ErrorLast$ChangeCloseCreateFindNotificationPointerRead
                                                            • String ID: @Mqt$Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$Jv_)$c:\agent\_work\66\s\src\burn\engine\cache.cpp$cabinet.dll$msi.dll
                                                            • API String ID: 3608016165-4157424813
                                                            • Opcode ID: 9845e9c2f206a8f4cea0177bf508fdd17abc27520477761d399395ae29da12bc
                                                            • Instruction ID: d43207191e6389b6d8c8da56eb59ed8254636e7c1228d8edab1f645e460d483e
                                                            • Opcode Fuzzy Hash: 9845e9c2f206a8f4cea0177bf508fdd17abc27520477761d399395ae29da12bc
                                                            • Instruction Fuzzy Hash: 4C51D7BBA419227BE72D9AA49C45FBF7D69EF14A12F410128FE15BB140E724DC1086E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A741D Relevance: 37.0, APIs: 1, Strings: 20, Instructions: 290COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 874 11a741d-11a7462 call 11bf600 call 119762d 879 11a746e-11a747f call 119c3ca 874->879 880 11a7464-11a7469 874->880 886 11a748b-11a749c call 119c231 879->886 887 11a7481-11a7486 879->887 881 11a7707-11a770e call 11cfb09 880->881 888 11a770f-11a7714 881->888 893 11a74a8-11a74bd call 119c489 886->893 894 11a749e-11a74a3 886->894 887->881 891 11a771c-11a7720 888->891 892 11a7716-11a7717 call 1192762 888->892 896 11a772a-11a772f 891->896 897 11a7722-11a7725 call 1192762 891->897 892->891 906 11a74c9-11a74d9 call 11bbcf0 893->906 907 11a74bf-11a74c4 893->907 894->881 898 11a7731-11a7732 call 1192762 896->898 899 11a7737-11a7744 call 119c180 896->899 897->896 898->899 908 11a774e-11a7752 899->908 909 11a7746-11a7749 call 1192762 899->909 915 11a74db-11a74e0 906->915 916 11a74e5-11a7558 call 11a5bae 906->916 907->881 913 11a775c-11a7760 908->913 914 11a7754-11a7757 call 1192762 908->914 909->908 918 11a776a-11a7770 913->918 919 11a7762-11a7765 call 1193aa4 913->919 914->913 915->881 923 11a755a-11a755f 916->923 924 11a7564-11a7569 916->924 919->918 923->881 925 11a756b 924->925 926 11a7570-11a75a7 call 119563d GetCurrentProcess call 11d0141 call 1198274 924->926 925->926 933 11a75a9 926->933 934 11a75c1-11a75d8 call 1198274 926->934 935 11a75ae-11a75bc call 11cfb09 933->935 940 11a75da-11a75df 934->940 941 11a75e1-11a75e6 934->941 935->888 940->935 942 11a75e8-11a75fa call 119821a 941->942 943 11a7642-11a7647 941->943 951 11a75fc-11a7601 942->951 952 11a7606-11a7616 call 1193533 942->952 945 11a7649-11a765b call 119821a 943->945 946 11a7667-11a7670 943->946 945->946 956 11a765d-11a7662 945->956 948 11a767c-11a7687 call 11aa3f3 946->948 949 11a7672-11a7675 946->949 959 11a768c-11a7690 948->959 949->948 953 11a7677-11a767a 949->953 951->881 965 11a7618-11a761d 952->965 966 11a7622-11a7636 call 119821a 952->966 953->948 957 11a769f-11a76a2 953->957 956->881 963 11a76a9-11a76bf call 119d552 957->963 964 11a76a4-11a76a7 957->964 961 11a7699 959->961 962 11a7692-11a7697 959->962 961->957 962->881 971 11a76c8-11a76e0 call 119cb82 963->971 972 11a76c1-11a76c6 963->972 964->888 964->963 965->881 966->943 974 11a7638-11a763d 966->974 976 11a76e9-11a7700 call 119c8a5 971->976 977 11a76e2-11a76e7 971->977 972->881 974->881 976->888 980 11a7702 976->980 977->881 980->881
                                                            C-Code - Quality: 77%
                                                            			E011A741D(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v124;
				void* __ebx;
				void* __edi;
				void* _t70;
				intOrPtr _t73;
				intOrPtr _t76;
				intOrPtr _t81;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr* _t108;
				intOrPtr _t110;
				intOrPtr _t111;
				void* _t141;
				void* _t142;
				intOrPtr _t143;
				intOrPtr _t150;
				intOrPtr _t153;

				_t141 = __edx;
				_v16 = 0;
				_v28 = 0;
				_v20 = 0;
				_v32 = 0;
				E011BF600(_t142,  &_v124, 0, 0x58);
				_t143 = _a4;
				_v36 = 0;
				_v8 = 0;
				_v12 = 0;
				_v24 = 0;
				_t11 = _t143 + 0x88; // 0x1195482
				_t136 = _t11;
				_t70 = E0119762D(_t11); // executed
				if(_t70 >= 0) {
					_t13 = _t143 + 0x48; // 0x1195442
					_t73 = E0119C3CA(_t13,  &_v124); // executed
					__eflags = _t73;
					if(_t73 >= 0) {
						_t76 = E0119C231( &_v124,  &_v28);
						__eflags = _t76;
						if(_t76 >= 0) {
							__eflags = E0119C489( &_v124,  &_v20,  &_v32);
							if(__eflags >= 0) {
								_t81 = E011BBCF0(__eflags, _v20, _v32, _t143); // executed
								__eflags = _t81;
								if(_t81 >= 0) {
									_t22 = _t143 + 0x1c0; // 0x11955ba
									_t23 = _t143 + 0x4d8; // 0x11958d2
									_t24 = _t143 + 0x140; // 0x119553a
									_t25 = _t143 + 0x400; // 0x11957fa
									_t26 = _t143 + 0x3fc; // 0x11957f6
									_t27 = _t143 + 0x4d4; // 0x11958ce
									_t30 = _t143 + 0x3ec; // 0x11957e6
									_t31 = _t143 + 0x494; // 0x119588e
									_t32 = _t143 + 0x490; // 0x119588a
									_t137 = _t32;
									_t33 = _t143 + 0x4b8; // 0x11958b2
									_t34 = _t143 + 0x4a0; // 0x119589a
									_t35 = _t143 + 0x1c; // 0x1195416
									_t36 = _t143 + 0x4e0; // 0x12ebec7d
									_t37 = _t143 + 0x4dc; // 0x89f88b00
									_t96 = E011A5BAE( *_t37,  *_t36, _t35, _t34, _t33, _t136, _t32, _t31, _t30,  &_v8,  &_v24, _t27, _t26, _t25, _t24, _t23, _t22,  &_v16);
									__eflags = _t96;
									if(_t96 >= 0) {
										_t97 = _v16;
										__eflags = _t97;
										if(_t97 == 0) {
											_t97 = 0x11da534;
										}
										E0119563D(2, 0x20000009, _t97);
										E011D0141(GetCurrentProcess(),  &_v36); // executed
										asm("cdq");
										_t150 = E01198274(_t136, L"WixBundleElevated", _v36, _t141, 1);
										__eflags = _t150;
										if(_t150 >= 0) {
											_t41 = _t143 + 0x20; // 0x840f01e8
											asm("cdq");
											_t150 = E01198274(_t136, L"WixBundleUILevel",  *_t41, _t141, 1);
											__eflags = _t150;
											if(_t150 >= 0) {
												_t106 = _v8;
												__eflags = _t106;
												if(_t106 == 0) {
													L26:
													_t107 = _v24;
													__eflags = _t107;
													if(_t107 == 0) {
														L29:
														_t47 = _t143 + 0x490; // 0x119588a
														_t108 = _t47;
														__eflags =  *_t108;
														if( *_t108 == 0) {
															L32:
															_t49 = _t143 + 0x100; // 0x11954fa
															_t110 = E011AA3F3(_t136, _t49, _t136, _v8); // executed
															__eflags = _t110;
															if(_t110 >= 0) {
																_t50 = _t143 + 0x490; // 0x119588a
																_t108 = _t50;
																goto L35;
															} else {
																_push("Failed to initialize internal cache functionality.");
																goto L43;
															}
														} else {
															__eflags =  *_t108 - 1;
															if( *_t108 == 1) {
																goto L32;
															} else {
																__eflags =  *_t108 - 3;
																if( *_t108 != 3) {
																	L35:
																	__eflags =  *_t108 - 1;
																	if(__eflags == 0) {
																		L37:
																		_t51 = _t143 + 0xcc; // 0x11954c6
																		_t136 = _t51;
																		_t52 = _t143 + 0x110; // 0xfff9e89d
																		_t111 = E0119D552(_t137, _t141, _t143, __eflags,  *_t52, _t51);
																		__eflags = _t111;
																		if(_t111 >= 0) {
																			_t54 = _t143 + 0xbc; // 0x11954b6
																			_t153 = E0119CB82(_t54, 0,  &_v124,  *_t136);
																			__eflags = _t153;
																			if(_t153 >= 0) {
																				_t55 = _t143 + 0xbc; // 0x11954b6
																				_t56 = _t143 + 0x2b0; // 0x11956aa
																				_t153 = E0119C8A5(_t141, _t56, _t55);
																				__eflags = _t153;
																				if(_t153 < 0) {
																					_push("Failed to load catalog files.");
																					goto L43;
																				}
																			} else {
																				_push("Failed to extract bootstrapper application payloads.");
																				goto L43;
																			}
																		} else {
																			_push("Failed to get unique temporary folder for bootstrapper application.");
																			goto L43;
																		}
																	} else {
																		__eflags =  *_t108 - 3;
																		if(__eflags == 0) {
																			goto L37;
																		}
																	}
																} else {
																	goto L32;
																}
															}
														}
													} else {
														_t153 = E0119821A(_t136, L"WixBundleOriginalSource", _t107, 0);
														__eflags = _t153;
														if(_t153 >= 0) {
															goto L29;
														} else {
															_push("Failed to set original source variable.");
															goto L43;
														}
													}
												} else {
													_t153 = E0119821A(_t136, L"WixBundleSourceProcessPath", _t106, 1);
													__eflags = _t153;
													if(_t153 >= 0) {
														_t153 = E01193533(_t137, _v8,  &_v12);
														__eflags = _t153;
														if(_t153 >= 0) {
															_t153 = E0119821A(_t136, L"WixBundleSourceProcessFolder", _v12, 1);
															__eflags = _t153;
															if(_t153 >= 0) {
																goto L26;
															} else {
																_push("Failed to set source process folder variable.");
																goto L43;
															}
														} else {
															_push("Failed to get source process folder from path.");
															goto L43;
														}
													} else {
														_push("Failed to set source process path variable.");
														goto L43;
													}
												}
											} else {
												_push(L"WixBundleUILevel");
												goto L16;
											}
										} else {
											_push(L"WixBundleElevated");
											L16:
											_push("Failed to overwrite the %ls built-in variable.");
											_push(_t150);
											E011CFB09();
										}
									} else {
										_push("Failed to parse command line.");
										goto L43;
									}
								} else {
									_push("Failed to load manifest.");
									goto L43;
								}
							} else {
								_push("Failed to get manifest stream from container.");
								goto L43;
							}
						} else {
							_push("Failed to open manifest stream.");
							goto L43;
						}
					} else {
						_push("Failed to open attached UX container.");
						goto L43;
					}
				} else {
					_push("Failed to initialize variables.");
					L43:
					_push(_t153);
					E011CFB09();
				}
				_t117 = _v24;
				if(_v24 != 0) {
					E01192762(_t117);
				}
				if(_v12 != 0) {
					E01192762(_v12);
				}
				_t118 = _v8;
				if(_v8 != 0) {
					E01192762(_t118);
				}
				E0119C180(_t136,  &_v124);
				if(_v28 != 0) {
					E01192762(_v28);
				}
				if(_v16 != 0) {
					E01192762(_v16);
				}
				if(_v20 != 0) {
					E01193AA4(_v20); // executed
				}
				return _t153;
			}






























                                                            0x011a741d
                                                            0x011a742f
                                                            0x011a7432
                                                            0x011a7435
                                                            0x011a7438
                                                            0x011a743b
                                                            0x011a7440
                                                            0x011a7446
                                                            0x011a7449
                                                            0x011a744c
                                                            0x011a744f
                                                            0x011a7452
                                                            0x011a7452
                                                            0x011a7459
                                                            0x011a7462
                                                            0x011a7472
                                                            0x011a7476
                                                            0x011a747d
                                                            0x011a747f
                                                            0x011a7493
                                                            0x011a749a
                                                            0x011a749c
                                                            0x011a74bb
                                                            0x011a74bd
                                                            0x011a74d0
                                                            0x011a74d7
                                                            0x011a74d9
                                                            0x011a74e9
                                                            0x011a74f0
                                                            0x011a74f7
                                                            0x011a74fe
                                                            0x011a7505
                                                            0x011a750c
                                                            0x011a751b
                                                            0x011a7522
                                                            0x011a7529
                                                            0x011a7529
                                                            0x011a7531
                                                            0x011a7538
                                                            0x011a753f
                                                            0x011a7543
                                                            0x011a7549
                                                            0x011a754f
                                                            0x011a7556
                                                            0x011a7558
                                                            0x011a7564
                                                            0x011a7567
                                                            0x011a7569
                                                            0x011a756b
                                                            0x011a756b
                                                            0x011a7578
                                                            0x011a758b
                                                            0x011a7595
                                                            0x011a75a3
                                                            0x011a75a5
                                                            0x011a75a7
                                                            0x011a75c1
                                                            0x011a75c6
                                                            0x011a75d4
                                                            0x011a75d6
                                                            0x011a75d8
                                                            0x011a75e1
                                                            0x011a75e4
                                                            0x011a75e6
                                                            0x011a7642
                                                            0x011a7642
                                                            0x011a7645
                                                            0x011a7647
                                                            0x011a7667
                                                            0x011a7667
                                                            0x011a7667
                                                            0x011a766d
                                                            0x011a7670
                                                            0x011a767c
                                                            0x011a767f
                                                            0x011a7687
                                                            0x011a768e
                                                            0x011a7690
                                                            0x011a7699
                                                            0x011a7699
                                                            0x00000000
                                                            0x011a7692
                                                            0x011a7692
                                                            0x00000000
                                                            0x011a7692
                                                            0x011a7672
                                                            0x011a7672
                                                            0x011a7675
                                                            0x00000000
                                                            0x011a7677
                                                            0x011a7677
                                                            0x011a767a
                                                            0x011a769f
                                                            0x011a769f
                                                            0x011a76a2
                                                            0x011a76a9
                                                            0x011a76a9
                                                            0x011a76a9
                                                            0x011a76b0
                                                            0x011a76b6
                                                            0x011a76bd
                                                            0x011a76bf
                                                            0x011a76ce
                                                            0x011a76dc
                                                            0x011a76de
                                                            0x011a76e0
                                                            0x011a76e9
                                                            0x011a76f0
                                                            0x011a76fc
                                                            0x011a76fe
                                                            0x011a7700
                                                            0x011a7702
                                                            0x00000000
                                                            0x011a7702
                                                            0x011a76e2
                                                            0x011a76e2
                                                            0x00000000
                                                            0x011a76e2
                                                            0x011a76c1
                                                            0x011a76c1
                                                            0x00000000
                                                            0x011a76c1
                                                            0x011a76a4
                                                            0x011a76a4
                                                            0x011a76a7
                                                            0x00000000
                                                            0x00000000
                                                            0x011a76a7
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011a767a
                                                            0x011a7675
                                                            0x011a7649
                                                            0x011a7657
                                                            0x011a7659
                                                            0x011a765b
                                                            0x00000000
                                                            0x011a765d
                                                            0x011a765d
                                                            0x00000000
                                                            0x011a765d
                                                            0x011a765b
                                                            0x011a75e8
                                                            0x011a75f6
                                                            0x011a75f8
                                                            0x011a75fa
                                                            0x011a7612
                                                            0x011a7614
                                                            0x011a7616
                                                            0x011a7632
                                                            0x011a7634
                                                            0x011a7636
                                                            0x00000000
                                                            0x011a7638
                                                            0x011a7638
                                                            0x00000000
                                                            0x011a7638
                                                            0x011a7618
                                                            0x011a7618
                                                            0x00000000
                                                            0x011a7618
                                                            0x011a75fc
                                                            0x011a75fc
                                                            0x00000000
                                                            0x011a75fc
                                                            0x011a75fa
                                                            0x011a75da
                                                            0x011a75da
                                                            0x00000000
                                                            0x011a75da
                                                            0x011a75a9
                                                            0x011a75a9
                                                            0x011a75ae
                                                            0x011a75ae
                                                            0x011a75b3
                                                            0x011a75b4
                                                            0x011a75b9
                                                            0x011a755a
                                                            0x011a755a
                                                            0x00000000
                                                            0x011a755a
                                                            0x011a74db
                                                            0x011a74db
                                                            0x00000000
                                                            0x011a74db
                                                            0x011a74bf
                                                            0x011a74bf
                                                            0x00000000
                                                            0x011a74bf
                                                            0x011a749e
                                                            0x011a749e
                                                            0x00000000
                                                            0x011a749e
                                                            0x011a7481
                                                            0x011a7481
                                                            0x00000000
                                                            0x011a7481
                                                            0x011a7464
                                                            0x011a7464
                                                            0x011a7707
                                                            0x011a7707
                                                            0x011a7708
                                                            0x011a770e
                                                            0x011a770f
                                                            0x011a7714
                                                            0x011a7717
                                                            0x011a7717
                                                            0x011a7720
                                                            0x011a7725
                                                            0x011a7725
                                                            0x011a772a
                                                            0x011a772f
                                                            0x011a7732
                                                            0x011a7732
                                                            0x011a773b
                                                            0x011a7744
                                                            0x011a7749
                                                            0x011a7749
                                                            0x011a7752
                                                            0x011a7757
                                                            0x011a7757
                                                            0x011a7760
                                                            0x011a7765
                                                            0x011a7765
                                                            0x011a7770

                                                            Strings
                                                            • Failed to load catalog files., xrefs: 011A7702
                                                            • Failed to get manifest stream from container., xrefs: 011A74BF
                                                            • Failed to initialize variables., xrefs: 011A7464
                                                            • WixBundleOriginalSource, xrefs: 011A764C
                                                            • WixBundleSourceProcessFolder, xrefs: 011A7627
                                                            • Failed to open attached UX container., xrefs: 011A7481
                                                            • WixBundleSourceProcessPath, xrefs: 011A75EB
                                                            • Failed to get unique temporary folder for bootstrapper application., xrefs: 011A76C1
                                                            • Failed to get source process folder from path., xrefs: 011A7618
                                                            • Failed to overwrite the %ls built-in variable., xrefs: 011A75AE
                                                            • Failed to set original source variable., xrefs: 011A765D
                                                            • WixBundleUILevel, xrefs: 011A75C9, 011A75DA
                                                            • Failed to open manifest stream., xrefs: 011A749E
                                                            • Failed to set source process path variable., xrefs: 011A75FC
                                                            • Failed to initialize internal cache functionality., xrefs: 011A7692
                                                            • Failed to extract bootstrapper application payloads., xrefs: 011A76E2
                                                            • Failed to parse command line., xrefs: 011A755A
                                                            • Failed to load manifest., xrefs: 011A74DB
                                                            • Failed to set source process folder variable., xrefs: 011A7638
                                                            • WixBundleElevated, xrefs: 011A7598, 011A75A9
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalInitializeSection
                                                            • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleUILevel
                                                            • API String ID: 32694325-1564579409
                                                            • Opcode ID: ab64d291d9d9b705c6036bb425699cad46a2f33aba24709b6352409a2a6146a4
                                                            • Instruction ID: 822f7ba18700ab91159100ad51834178c5a652cea82376e18f7065f3876a20aa
                                                            • Opcode Fuzzy Hash: ab64d291d9d9b705c6036bb425699cad46a2f33aba24709b6352409a2a6146a4
                                                            • Instruction Fuzzy Hash: BFA16176E40A1ABADF1F9AE4CC44FEEBFACBB14614F410226E515E7180D771AA048BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A819F Relevance: 35.2, APIs: 7, Strings: 13, Instructions: 152COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1086 11a819f-11a81e8 call 11bf600 1089 11a81ee-11a81fc GetCurrentProcess call 11d0141 1086->1089 1090 11a8361-11a836e call 119229e 1086->1090 1094 11a8201-11a820e 1089->1094 1095 11a837d-11a838d call 11bdd1f 1090->1095 1096 11a8370 1090->1096 1097 11a829c-11a82aa GetTempPathW 1094->1097 1098 11a8214-11a8223 GetWindowsDirectoryW 1094->1098 1101 11a8375-11a837c call 11cfb09 1096->1101 1099 11a82ac-11a82b6 1097->1099 1100 11a82e4-11a82f6 UuidCreate 1097->1100 1103 11a825d-11a826e call 119347e 1098->1103 1104 11a8225-11a822f 1098->1104 1119 11a82b8-11a82c1 1099->1119 1120 11a82c3 1099->1120 1107 11a82f8-11a82fd 1100->1107 1108 11a82ff-11a8314 StringFromGUID2 1100->1108 1101->1095 1121 11a827a-11a8290 call 119379b 1103->1121 1122 11a8270-11a8275 1103->1122 1117 11a823c 1104->1117 1118 11a8231-11a823a 1104->1118 1107->1101 1114 11a8332-11a8353 call 1192022 1108->1114 1115 11a8316-11a8330 call 11938ba 1108->1115 1131 11a835c 1114->1131 1132 11a8355-11a835a 1114->1132 1115->1101 1125 11a823e 1117->1125 1126 11a8243-11a8258 call 11938ba 1117->1126 1118->1117 1119->1120 1127 11a82ca-11a82df call 11938ba 1120->1127 1128 11a82c5 1120->1128 1121->1100 1138 11a8292-11a8297 1121->1138 1122->1101 1125->1126 1126->1101 1127->1101 1128->1127 1131->1090 1132->1101 1138->1101
                                                            C-Code - Quality: 54%
                                                            			E011A819F(void* __edx, intOrPtr _a8) {
				signed int _v8;
				char _v88;
				short _v608;
				char _v624;
				signed int _v628;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				intOrPtr _t23;
				signed short _t32;
				signed int _t33;
				signed short _t35;
				intOrPtr _t49;
				void* _t50;
				void* _t55;
				void* _t56;
				signed short _t58;
				signed int _t62;
				signed short _t70;

				_t55 = __edx;
				_t18 =  *0x11fa008; // 0x295f764a
				_v8 = _t18 ^ _t62;
				_v628 = _v628 & 0x00000000;
				_t49 = _a8;
				E011BF600(_t56,  &_v608, 0, 0x208);
				_t57 =  &_v624;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t23 =  *0x11faa70; // 0x6bd970
				if(_t23 != 0) {
					L25:
					_t58 = E0119229E(_t49, _t23, 0);
					__eflags = _t58;
					if(_t58 < 0) {
						_push("Failed to copy working folder path.");
						goto L27;
					}
				} else {
					E011D0141(GetCurrentProcess(),  &_v628); // executed
					if(_v628 == 0) {
						_t32 = GetTempPathW(0x104,  &_v608);
						__eflags = _t32;
						if(_t32 != 0) {
							goto L18;
						} else {
							_t58 = GetLastError();
							__eflags = _t58;
							if(__eflags > 0) {
								_t58 = _t58 & 0x0000ffff | 0x80070000;
								__eflags = _t58;
							}
							if(__eflags >= 0) {
								_t58 = 0x80004005;
							}
							E011938BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x46b, _t58);
							_push("Failed to get temp path for working folder.");
							goto L27;
						}
					} else {
						_t57 = 0x104;
						if(GetWindowsDirectoryW( &_v608, 0x104) != 0) {
							_t58 = E0119347E(_t50, __eflags,  &_v608, 0x104);
							__eflags = _t58;
							if(_t58 >= 0) {
								_t58 = E0119379B(_t50,  &_v608, 0x104, L"Temp\\");
								__eflags = _t58;
								if(_t58 >= 0) {
									L18:
									_t33 =  &_v624;
									__imp__UuidCreate(_t33);
									_t58 = _t33 | 0x00000001;
									__eflags = _t58;
									if(_t58 >= 0) {
										_t35 =  &_v624;
										__imp__StringFromGUID2(_t35,  &_v88, 0x27);
										__eflags = _t35;
										if(_t35 != 0) {
											_push( &_v88);
											_t58 = E01192022(0x11faa70, L"%ls%ls\\",  &_v608);
											__eflags = _t58;
											if(_t58 >= 0) {
												_t23 =  *0x11faa70; // 0x6bd970
												goto L25;
											} else {
												_push("Failed to append bundle id on to temp path for working folder.");
												goto L27;
											}
										} else {
											_t58 = 0x8007000e;
											E011938BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x475, 0x8007000e);
											_push("Failed to convert working folder guid into string.");
											goto L27;
										}
									} else {
										_push("Failed to create working folder guid.");
										goto L27;
									}
								} else {
									_push("Failed to concat Temp directory on windows path for working folder.");
									goto L27;
								}
							} else {
								_push("Failed to ensure windows path for working folder ended in backslash.");
								goto L27;
							}
						} else {
							_t58 = GetLastError();
							if(_t58 > 0) {
								_t58 = _t58 & 0x0000ffff | 0x80070000;
								_t70 = _t58;
							}
							if(_t70 >= 0) {
								_t58 = 0x80004005;
							}
							E011938BA(_t47, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x460, _t58);
							_push("Failed to get windows path for working folder.");
							L27:
							_push(_t58);
							E011CFB09();
						}
					}
				}
				return E011BDD1F(_t49, _v8 ^ _t62, _t55, _t57, _t58);
			}























                                                            0x011a819f
                                                            0x011a81a8
                                                            0x011a81af
                                                            0x011a81b2
                                                            0x011a81c0
                                                            0x011a81cd
                                                            0x011a81d4
                                                            0x011a81da
                                                            0x011a81de
                                                            0x011a81df
                                                            0x011a81e0
                                                            0x011a81e1
                                                            0x011a81e8
                                                            0x011a8361
                                                            0x011a836a
                                                            0x011a836c
                                                            0x011a836e
                                                            0x011a8370
                                                            0x00000000
                                                            0x011a8370
                                                            0x011a81ee
                                                            0x011a81fc
                                                            0x011a820e
                                                            0x011a82a2
                                                            0x011a82a8
                                                            0x011a82aa
                                                            0x00000000
                                                            0x011a82ac
                                                            0x011a82b2
                                                            0x011a82b4
                                                            0x011a82b6
                                                            0x011a82bb
                                                            0x011a82c1
                                                            0x011a82c1
                                                            0x011a82c3
                                                            0x011a82c5
                                                            0x011a82c5
                                                            0x011a82d5
                                                            0x011a82da
                                                            0x00000000
                                                            0x011a82da
                                                            0x011a8214
                                                            0x011a8214
                                                            0x011a8223
                                                            0x011a826a
                                                            0x011a826c
                                                            0x011a826e
                                                            0x011a828c
                                                            0x011a828e
                                                            0x011a8290
                                                            0x011a82e4
                                                            0x011a82e4
                                                            0x011a82eb
                                                            0x011a82f3
                                                            0x011a82f3
                                                            0x011a82f6
                                                            0x011a8305
                                                            0x011a830c
                                                            0x011a8312
                                                            0x011a8314
                                                            0x011a8335
                                                            0x011a834c
                                                            0x011a8351
                                                            0x011a8353
                                                            0x011a835c
                                                            0x00000000
                                                            0x011a8355
                                                            0x011a8355
                                                            0x00000000
                                                            0x011a8355
                                                            0x011a8316
                                                            0x011a8316
                                                            0x011a8326
                                                            0x011a832b
                                                            0x00000000
                                                            0x011a832b
                                                            0x011a82f8
                                                            0x011a82f8
                                                            0x00000000
                                                            0x011a82f8
                                                            0x011a8292
                                                            0x011a8292
                                                            0x00000000
                                                            0x011a8292
                                                            0x011a8270
                                                            0x011a8270
                                                            0x00000000
                                                            0x011a8270
                                                            0x011a8225
                                                            0x011a822b
                                                            0x011a822f
                                                            0x011a8234
                                                            0x011a823a
                                                            0x011a823a
                                                            0x011a823c
                                                            0x011a823e
                                                            0x011a823e
                                                            0x011a824e
                                                            0x011a8253
                                                            0x011a8375
                                                            0x011a8375
                                                            0x011a8376
                                                            0x011a837c
                                                            0x011a8223
                                                            0x011a820e
                                                            0x011a838d

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,011954C6), ref: 011A81F5
                                                              • Part of subcall function 011D0141: OpenProcessToken.ADVAPI32(?,00000008,?,011953FA,00000000,?,?,?,?,?,?,?,011A7590,00000000), ref: 011D015F
                                                              • Part of subcall function 011D0141: GetLastError.KERNEL32(?,?,?,?,?,?,?,011A7590,00000000), ref: 011D0169
                                                              • Part of subcall function 011D0141: FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,011A7590,00000000), ref: 011D01F3
                                                            • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 011A821B
                                                            • GetLastError.KERNEL32 ref: 011A8225
                                                            • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 011A82A2
                                                            • GetLastError.KERNEL32 ref: 011A82AC
                                                            • UuidCreate.RPCRT4(?), ref: 011A82EB
                                                            Strings
                                                            • Temp\, xrefs: 011A827A
                                                            • c:\agent\_work\66\s\src\burn\engine\cache.cpp, xrefs: 011A8249, 011A82D0, 011A8321
                                                            • Jv_), xrefs: 011A81A8
                                                            • Failed to copy working folder path., xrefs: 011A8370
                                                            • Failed to append bundle id on to temp path for working folder., xrefs: 011A8355
                                                            • Failed to ensure windows path for working folder ended in backslash., xrefs: 011A8270
                                                            • Failed to create working folder guid., xrefs: 011A82F8
                                                            • Failed to convert working folder guid into string., xrefs: 011A832B
                                                            • Failed to concat Temp directory on windows path for working folder., xrefs: 011A8292
                                                            • Failed to get windows path for working folder., xrefs: 011A8253
                                                            • %ls%ls\, xrefs: 011A833D
                                                            • @Mqt, xrefs: 011A8225, 011A82AC
                                                            • Failed to get temp path for working folder., xrefs: 011A82DA
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$Process$ChangeCloseCreateCurrentDirectoryFindNotificationOpenPathTempTokenUuidWindows
                                                            • String ID: %ls%ls\$@Mqt$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Jv_)$Temp\$c:\agent\_work\66\s\src\burn\engine\cache.cpp
                                                            • API String ID: 2898636500-1954467009
                                                            • Opcode ID: 127f44e28d97818de5fa9939fecf974762769887686ab9e2d1301ea26b11830f
                                                            • Instruction ID: 0eedbc8874ae2f8da4b6351bf49a1fcdab67b1e23c4e65a9d3e7597c05f79ec8
                                                            • Opcode Fuzzy Hash: 127f44e28d97818de5fa9939fecf974762769887686ab9e2d1301ea26b11830f
                                                            • Instruction Fuzzy Hash: 37418A7AA45A25B7DB3DE6F59C0CFAB3BA8AF00712F410065BA05F7100E774CD44C691
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B0EA0 Relevance: 33.5, APIs: 8, Strings: 11, Instructions: 216COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1139 11b0ea0-11b0ecc CoInitializeEx 1140 11b0ece-11b0edb call 11cfb09 1139->1140 1141 11b0ee0-11b0f2b call 11ced43 1139->1141 1148 11b1143-11b1153 call 11bdd1f 1140->1148 1146 11b0f2d-11b0f50 call 11938ba call 11cfb09 1141->1146 1147 11b0f55-11b0f77 call 11ced64 1141->1147 1165 11b113c-11b113d CoUninitialize 1146->1165 1156 11b0f7d-11b0f85 1147->1156 1157 11b1031-11b103c SetEvent 1147->1157 1161 11b0f8b-11b0f91 1156->1161 1162 11b1134-11b1137 call 11ced74 1156->1162 1158 11b107b-11b1089 WaitForSingleObject 1157->1158 1159 11b103e-11b1048 1157->1159 1163 11b108b-11b1095 1158->1163 1164 11b10bd-11b10c8 ResetEvent 1158->1164 1177 11b104a-11b1053 1159->1177 1178 11b1055 1159->1178 1161->1162 1166 11b0f97-11b0f9f 1161->1166 1162->1165 1184 11b10a2 1163->1184 1185 11b1097-11b10a0 1163->1185 1169 11b10ca-11b10d4 1164->1169 1170 11b10ff-11b1105 1164->1170 1165->1148 1171 11b1019-11b102c call 11cfb09 1166->1171 1172 11b0fa1-11b0fa3 1166->1172 1209 11b10e1 1169->1209 1210 11b10d6-11b10df 1169->1210 1175 11b112f 1170->1175 1176 11b1107-11b110a 1170->1176 1171->1162 1179 11b0fb6-11b0fb9 1172->1179 1180 11b0fa5 1172->1180 1175->1162 1186 11b112b-11b112d 1176->1186 1187 11b110c-11b1126 call 11938ba 1176->1187 1177->1178 1188 11b1059-11b1069 call 11938ba 1178->1188 1189 11b1057 1178->1189 1181 11b0fbb 1179->1181 1182 11b1013 1179->1182 1191 11b0fab-11b0fb4 1180->1191 1192 11b0fa7-11b0fa9 1180->1192 1193 11b0ffa-11b0fff 1181->1193 1194 11b0fc9-11b0fce 1181->1194 1195 11b1008-11b100d 1181->1195 1196 11b100f-11b1011 1181->1196 1197 11b0fde-11b0fe3 1181->1197 1198 11b0fec-11b0ff1 1181->1198 1199 11b0ff3-11b0ff8 1181->1199 1200 11b0fc2-11b0fc7 1181->1200 1201 11b1001-11b1006 1181->1201 1202 11b0fd0-11b0fd5 1181->1202 1203 11b0fd7-11b0fdc 1181->1203 1204 11b0fe5-11b0fea 1181->1204 1211 11b1015-11b1017 1182->1211 1205 11b10a6-11b10bb call 11938ba 1184->1205 1206 11b10a4 1184->1206 1185->1184 1186->1162 1218 11b106e-11b1076 call 11cfb09 1187->1218 1188->1218 1189->1188 1191->1211 1192->1211 1193->1171 1194->1171 1195->1171 1196->1171 1197->1171 1198->1171 1199->1171 1200->1171 1201->1171 1202->1171 1203->1171 1204->1171 1205->1218 1206->1205 1215 11b10e3 1209->1215 1216 11b10e5-11b10fa call 11938ba 1209->1216 1210->1209 1211->1157 1211->1171 1215->1216 1216->1218 1218->1162
                                                            C-Code - Quality: 17%
                                                            			E011B0EA0(void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				signed int _t27;
				signed int _t28;
				long _t29;
				signed int _t30;
				signed int _t32;
				signed short _t44;
				intOrPtr _t49;
				signed int _t50;
				signed int _t56;
				signed int _t63;
				signed int _t68;

				_t60 = __edx;
				_t22 =  *0x11fa008; // 0x295f764a
				_v8 = _t22 ^ _t68;
				_t49 = _a4;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t62 = 0;
				__imp__CoInitializeEx(0, 0);
				_t63 = 0;
				if(0 >= 0) {
					_t50 =  *0x11faa94; // 0x0
					 *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t50 * 4)) + 4)) = _t49;
					_t27 =  &_v20;
					_push(_t27);
					_push(0xffffffff);
					_push(E011B082C);
					_push(E011B05D3);
					_push(E011B0937);
					_push(E011B0797);
					_push(E011B0671);
					_push(E011B0619);
					_push(E011B05C4); // executed
					L011CED43(); // executed
					_v24 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						_push(0);
						_push(0);
						_push(E011B0626);
						_push(0);
						_push(0x11da5bf);
						_push("<the>.cab");
						_push(_t27); // executed
						L011CED64(); // executed
						_t62 = 0x80004005;
						__eflags = _t27;
						if(_t27 != 0) {
							L29:
							_t28 = SetEvent( *(_t49 + 0x28));
							__eflags = _t28;
							if(_t28 != 0) {
								_t29 = WaitForSingleObject( *(_t49 + 0x24), 0xffffffff);
								__eflags = _t29 - 0xffffffff;
								if(_t29 != 0xffffffff) {
									_t30 = ResetEvent( *(_t49 + 0x24));
									__eflags = _t30;
									if(_t30 != 0) {
										_t32 =  *((intOrPtr*)(_t49 + 0x2c)) - 1;
										__eflags = _t32;
										if(_t32 == 0) {
											_t63 = 0x80070103;
											L53:
											_push(_v24);
											L011CED74(); // executed
											L54:
											__imp__CoUninitialize(); // executed
											L55:
											return E011BDD1F(_t49, _v8 ^ _t68, _t60, _t62, _t63);
										}
										_t35 = _t32 == 4;
										__eflags = _t32 == 4;
										if(_t32 == 4) {
											_t63 = 0;
											goto L53;
										}
										_t63 = 0x8007139f;
										E011938BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x1c7, 0x8007139f);
										_push("Invalid operation for this state.");
										L35:
										_push(_t63);
										E011CFB09();
										goto L53;
									}
									_t63 = GetLastError();
									__eflags = _t63;
									if(__eflags > 0) {
										_t63 = _t63 & 0x0000ffff | 0x80070000;
										__eflags = _t63;
									}
									if(__eflags >= 0) {
										_t63 = _t62;
									}
									E011938BA(_t38, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x1b8, _t63);
									_push("Failed to reset begin operation event.");
									goto L35;
								}
								_t63 = GetLastError();
								__eflags = _t63;
								if(__eflags > 0) {
									_t63 = _t63 & 0x0000ffff | 0x80070000;
									__eflags = _t63;
								}
								if(__eflags >= 0) {
									_t63 = _t62;
								}
								E011938BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x1b3, _t63);
								_push("Failed to wait for begin operation event.");
								goto L35;
							}
							_t63 = GetLastError();
							__eflags = _t63;
							if(__eflags > 0) {
								_t63 = _t63 & 0x0000ffff | 0x80070000;
								__eflags = _t63;
							}
							if(__eflags >= 0) {
								_t63 = _t62;
							}
							E011938BA(_t42, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x1ad, _t63);
							_push("Failed to set operation complete event.");
							goto L35;
						}
						_t63 =  *(_t49 + 0x30);
						_t10 = _t62 - 1; // 0x80004004
						_t60 = _t10;
						__eflags = _t63 - _t10;
						if(_t63 == _t10) {
							goto L53;
						}
						__eflags = _t63 - 0x80070103;
						if(_t63 == 0x80070103) {
							goto L53;
						}
						_t44 = _v16;
						_t56 = _v20;
						__eflags = _t63;
						if(_t63 < 0) {
							L28:
							_push(_t44);
							_push(_t56);
							E011CFB09(_t63, "Failed to extract all files from container, erf: %d:%X:%d", _v12);
							goto L53;
						}
						__eflags = _t44;
						if(__eflags == 0) {
							__eflags = _t56 - 0xb;
							if(_t56 > 0xb) {
								_t63 = 0x80004005;
								L27:
								__eflags = _t63;
								if(_t63 >= 0) {
									goto L29;
								}
								goto L28;
							}
							switch( *((intOrPtr*)(_t56 * 4 +  &M011B1158))) {
								case 0:
									_t63 = 0x8000ffff;
									goto L28;
								case 1:
									__esi = 0x80070002;
									goto L28;
								case 2:
									__esi = 0x80070001;
									goto L28;
								case 3:
									__esi = 0x80070309;
									goto L28;
								case 4:
									__esi = 0x80070570;
									goto L28;
								case 5:
									__esi = 0x8007000e;
									goto L28;
								case 6:
									__esi = 0x8007026a;
									goto L28;
								case 7:
									__esi = 0x8007025d;
									goto L28;
								case 8:
									__esi = 0x8007001d;
									goto L28;
								case 9:
									__esi = 0x8007000d;
									goto L28;
								case 0xa:
									__esi = 0x8007065d;
									goto L28;
								case 0xb:
									__esi = __edx;
									goto L28;
							}
						}
						if(__eflags > 0) {
							_t63 = _t44 & 0x0000ffff | 0x80070000;
						} else {
							_t63 = _t44;
						}
						goto L27;
					}
					_t62 = 0x80004005;
					_t63 = 0x80004005;
					E011938BA(_t27, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x169, 0x80004005);
					_push("Failed to initialize cabinet.dll.");
					_push(0x80004005);
					E011CFB09();
					goto L54;
				}
				_push("Failed to initialize COM.");
				_push(0);
				E011CFB09();
				goto L55;
			}























                                                            0x011b0ea0
                                                            0x011b0ea6
                                                            0x011b0ead
                                                            0x011b0eb1
                                                            0x011b0ebb
                                                            0x011b0ebc
                                                            0x011b0ebd
                                                            0x011b0ebe
                                                            0x011b0ec2
                                                            0x011b0ec8
                                                            0x011b0ecc
                                                            0x011b0ee0
                                                            0x011b0eef
                                                            0x011b0ef5
                                                            0x011b0ef8
                                                            0x011b0ef9
                                                            0x011b0efb
                                                            0x011b0f00
                                                            0x011b0f05
                                                            0x011b0f0a
                                                            0x011b0f0f
                                                            0x011b0f14
                                                            0x011b0f19
                                                            0x011b0f1e
                                                            0x011b0f26
                                                            0x011b0f29
                                                            0x011b0f2b
                                                            0x011b0f55
                                                            0x011b0f56
                                                            0x011b0f57
                                                            0x011b0f5c
                                                            0x011b0f5d
                                                            0x011b0f62
                                                            0x011b0f67
                                                            0x011b0f68
                                                            0x011b0f70
                                                            0x011b0f75
                                                            0x011b0f77
                                                            0x011b1031
                                                            0x011b1034
                                                            0x011b103a
                                                            0x011b103c
                                                            0x011b1080
                                                            0x011b1086
                                                            0x011b1089
                                                            0x011b10c0
                                                            0x011b10c6
                                                            0x011b10c8
                                                            0x011b1102
                                                            0x011b1102
                                                            0x011b1105
                                                            0x011b112f
                                                            0x011b1134
                                                            0x011b1134
                                                            0x011b1137
                                                            0x011b113c
                                                            0x011b113d
                                                            0x011b1143
                                                            0x011b1153
                                                            0x011b1153
                                                            0x011b1107
                                                            0x011b1107
                                                            0x011b110a
                                                            0x011b112b
                                                            0x00000000
                                                            0x011b112b
                                                            0x011b110c
                                                            0x011b111c
                                                            0x011b1121
                                                            0x011b106e
                                                            0x011b106e
                                                            0x011b106f
                                                            0x00000000
                                                            0x011b1075
                                                            0x011b10d0
                                                            0x011b10d2
                                                            0x011b10d4
                                                            0x011b10d9
                                                            0x011b10df
                                                            0x011b10df
                                                            0x011b10e1
                                                            0x011b10e3
                                                            0x011b10e3
                                                            0x011b10f0
                                                            0x011b10f5
                                                            0x00000000
                                                            0x011b10f5
                                                            0x011b1091
                                                            0x011b1093
                                                            0x011b1095
                                                            0x011b109a
                                                            0x011b10a0
                                                            0x011b10a0
                                                            0x011b10a2
                                                            0x011b10a4
                                                            0x011b10a4
                                                            0x011b10b1
                                                            0x011b10b6
                                                            0x00000000
                                                            0x011b10b6
                                                            0x011b1044
                                                            0x011b1046
                                                            0x011b1048
                                                            0x011b104d
                                                            0x011b1053
                                                            0x011b1053
                                                            0x011b1055
                                                            0x011b1057
                                                            0x011b1057
                                                            0x011b1064
                                                            0x011b1069
                                                            0x00000000
                                                            0x011b1069
                                                            0x011b0f7d
                                                            0x011b0f80
                                                            0x011b0f80
                                                            0x011b0f83
                                                            0x011b0f85
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0f8b
                                                            0x011b0f91
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0f97
                                                            0x011b0f9a
                                                            0x011b0f9d
                                                            0x011b0f9f
                                                            0x011b1019
                                                            0x011b1019
                                                            0x011b101a
                                                            0x011b1024
                                                            0x00000000
                                                            0x011b1029
                                                            0x011b0fa1
                                                            0x011b0fa3
                                                            0x011b0fb6
                                                            0x011b0fb9
                                                            0x011b1013
                                                            0x011b1015
                                                            0x011b1015
                                                            0x011b1017
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011b1017
                                                            0x011b0fbb
                                                            0x00000000
                                                            0x011b0fc2
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0fc9
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0fd0
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0fd7
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0fde
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0fe5
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0fec
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0ff3
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0ffa
                                                            0x00000000
                                                            0x00000000
                                                            0x011b1001
                                                            0x00000000
                                                            0x00000000
                                                            0x011b1008
                                                            0x00000000
                                                            0x00000000
                                                            0x011b100f
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0fbb
                                                            0x011b0fa5
                                                            0x011b0fae
                                                            0x011b0fa7
                                                            0x011b0fa7
                                                            0x011b0fa7
                                                            0x00000000
                                                            0x011b0fa5
                                                            0x011b0f2d
                                                            0x011b0f3d
                                                            0x011b0f3f
                                                            0x011b0f44
                                                            0x011b0f49
                                                            0x011b0f4a
                                                            0x00000000
                                                            0x011b0f4f
                                                            0x011b0ece
                                                            0x011b0ed3
                                                            0x011b0ed4
                                                            0x00000000

                                                            APIs
                                                            • CoInitializeEx.OLE32(00000000,00000000), ref: 011B0EC2
                                                            • CoUninitialize.OLE32 ref: 011B113D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: InitializeUninitialize
                                                            • String ID: <the>.cab$@Mqt$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$Jv_)$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 3442037557-1149281456
                                                            • Opcode ID: 4d87f90626a24847a029b5ecf45a555b04992207ffcceadcbc0338a8cb5aba3e
                                                            • Instruction ID: 475365c8a853763242225a2c99f917718c20ef9a19e37b2e7fcc8e241069ab5e
                                                            • Opcode Fuzzy Hash: 4d87f90626a24847a029b5ecf45a555b04992207ffcceadcbc0338a8cb5aba3e
                                                            • Instruction Fuzzy Hash: 46514937B41262F7D72C56AABCE4BFB7964AB44A24B17026DFC117B244D72A8C1086D2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119762D Relevance: 30.4, APIs: 1, Strings: 19, Instructions: 419COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1223 119762d-1197ee0 InitializeCriticalSection 1224 1197ee3-1197f07 call 119565e 1223->1224 1227 1197f09-1197f10 1224->1227 1228 1197f14-1197f25 call 11cfb09 1224->1228 1227->1224 1229 1197f12 1227->1229 1231 1197f28-1197f38 call 11bdd1f 1228->1231 1229->1231
                                                            C-Code - Quality: 82%
                                                            			E0119762D(struct _CRITICAL_SECTION* _a4) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				intOrPtr _v84;
				char* _v88;
				intOrPtr _v92;
				char _v96;
				char _v100;
				intOrPtr _v104;
				char* _v108;
				intOrPtr _v112;
				char _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				char* _v128;
				intOrPtr _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char* _v148;
				intOrPtr _v152;
				char _v156;
				char _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				char _v176;
				char _v180;
				intOrPtr _v184;
				char* _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				char _v200;
				intOrPtr _v204;
				char* _v208;
				intOrPtr _v212;
				char _v216;
				char _v220;
				intOrPtr _v224;
				char* _v228;
				intOrPtr _v232;
				char _v236;
				char _v240;
				intOrPtr _v244;
				char* _v248;
				intOrPtr _v252;
				char _v256;
				char _v260;
				intOrPtr _v264;
				char* _v268;
				void* _v280;
				char* _v284;
				char* _v288;
				char _v292;
				char _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				char* _v308;
				char _v312;
				char _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				char* _v328;
				char _v332;
				char _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				char* _v348;
				void* _v360;
				intOrPtr _v364;
				char* _v368;
				void* _v380;
				intOrPtr _v384;
				char* _v388;
				void* _v400;
				intOrPtr _v404;
				char* _v408;
				char _v412;
				char _v416;
				intOrPtr _v420;
				char* _v424;
				char* _v428;
				char _v432;
				char _v436;
				intOrPtr _v440;
				intOrPtr _v444;
				char* _v448;
				void* _v460;
				char* _v464;
				char* _v468;
				void* _v480;
				intOrPtr _v484;
				char* _v488;
				char _v492;
				char _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				char* _v508;
				void* _v520;
				intOrPtr _v524;
				char* _v528;
				char _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				char* _v548;
				char _v552;
				char _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				char* _v568;
				char _v572;
				char _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char* _v588;
				char _v592;
				char _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				char* _v608;
				void* _v620;
				intOrPtr _v624;
				char* _v628;
				char _v632;
				char _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				char* _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				char* _v668;
				char _v672;
				char _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				char* _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				char* _v708;
				char _v712;
				char _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				char* _v728;
				void* _v740;
				intOrPtr _v744;
				char* _v748;
				char _v752;
				char _v756;
				intOrPtr _v760;
				intOrPtr _v764;
				char* _v768;
				char _v772;
				char _v776;
				intOrPtr _v780;
				intOrPtr _v784;
				char* _v788;
				char _v792;
				char _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				char* _v808;
				char _v812;
				char _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				char* _v828;
				char _v832;
				char _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				char* _v848;
				char _v852;
				char _v856;
				intOrPtr _v860;
				intOrPtr _v864;
				char* _v868;
				char _v872;
				char _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				char* _v888;
				char _v892;
				char _v896;
				intOrPtr _v900;
				intOrPtr _v904;
				char* _v908;
				char _v912;
				char _v916;
				intOrPtr _v920;
				intOrPtr _v924;
				char* _v928;
				char _v932;
				char _v936;
				intOrPtr _v940;
				intOrPtr _v944;
				char* _v948;
				void* _v960;
				char* _v964;
				char* _v968;
				char _v972;
				char _v976;
				intOrPtr _v980;
				intOrPtr _v984;
				char* _v988;
				void* _v1000;
				intOrPtr _v1004;
				char* _v1008;
				void* _v1020;
				intOrPtr _v1024;
				char* _v1028;
				char _v1032;
				char _v1036;
				intOrPtr _v1040;
				intOrPtr _v1044;
				char* _v1048;
				char _v1052;
				char _v1056;
				intOrPtr _v1060;
				intOrPtr _v1064;
				char* _v1068;
				void* _v1080;
				intOrPtr _v1084;
				char* _v1088;
				void* _v1100;
				intOrPtr _v1104;
				char* _v1108;
				void* _v1120;
				intOrPtr _v1124;
				char* _v1128;
				char _v1132;
				char _v1136;
				intOrPtr _v1140;
				intOrPtr _v1144;
				char* _v1148;
				char _v1152;
				char _v1156;
				intOrPtr _v1160;
				intOrPtr _v1164;
				char* _v1168;
				char _v1172;
				char _v1176;
				intOrPtr _v1180;
				intOrPtr _v1184;
				char* _v1188;
				char _v1192;
				char _v1196;
				intOrPtr _v1200;
				intOrPtr _v1204;
				char* _v1208;
				char _v1212;
				char _v1216;
				intOrPtr _v1220;
				intOrPtr _v1224;
				char* _v1228;
				char _v1232;
				char _v1236;
				intOrPtr _v1240;
				intOrPtr _v1244;
				char* _v1248;
				char _v1252;
				char _v1256;
				intOrPtr _v1260;
				intOrPtr _v1264;
				char* _v1268;
				struct _CRITICAL_SECTION* _v1272;
				intOrPtr _v1276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t298;
				struct _CRITICAL_SECTION* _t300;
				intOrPtr _t301;
				void* _t322;
				char _t326;
				intOrPtr _t328;
				intOrPtr _t329;
				char* _t330;
				char* _t336;
				intOrPtr _t337;
				char* _t359;
				intOrPtr* _t362;
				signed int _t363;

				_t298 =  *0x11fa008; // 0x295f764a
				_v8 = _t298 ^ _t363;
				_t300 = _a4;
				_v1272 = _t300;
				InitializeCriticalSection(_t300);
				_t326 = 0;
				_v1268 = L"AdminToolsFolder";
				_v1260 = 0x30;
				_v1264 = 0x1195ff8;
				_v1244 = 0x1195ff8;
				_v1224 = 0x1195ff8;
				_t336 =  &M011962CC;
				_v1184 = 0x1195ff8;
				_v1256 = 0;
				_v1252 = 0;
				_v1248 = L"AppDataFolder";
				_v1240 = 0x1a;
				_v1236 = 0;
				_v1232 = 0;
				_v1228 = L"CommonAppDataFolder";
				_v1220 = 0x23;
				_v1216 = 0;
				_v1212 = 0;
				_v1208 = L"CommonFiles64Folder";
				_v1204 = 0x1196540;
				_t301 = 0x2b;
				_v1200 = _t301;
				_v1180 = _t301;
				_v1160 = _t301;
				_v1196 = 0;
				_v1192 = 0;
				_v1188 = L"CommonFilesFolder";
				_v1176 = 0;
				_v1172 = 0;
				_v1168 = L"CommonFiles6432Folder";
				_v1164 = 0x1195ec2;
				_v1156 = 0;
				_v1152 = 0;
				_v1148 = L"CompatibilityMode";
				_v1144 = _t336;
				_v1140 = 0xc;
				_v1136 = 0;
				_v1132 = 0;
				_v1128 = L"Date";
				_v1124 = 0x119605f;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v1108 = L"ComputerName";
				_v1104 = 0x1195f5a;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v1084 = 0x1195ff8;
				_v1088 = L"DesktopFolder";
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v1064 = 0x1195ff8;
				_t328 = 6;
				_v1068 = L"FavoritesFolder";
				_v1060 = 0x1195ff8;
				_v1056 = 0;
				_v1052 = 0;
				_v1048 = L"FontsFolder";
				_v1044 = 0x1195ff8;
				_v1040 = 0x14;
				_v1036 = 0;
				_v1032 = 0;
				_v1028 = L"InstallerName";
				_v1024 = 0x119617a;
				asm("stosd");
				_push(5);
				asm("stosd");
				asm("stosd");
				_v1008 = L"InstallerVersion";
				_v1004 = 0x11961a7;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v988 = L"LocalAppDataFolder";
				_v984 = 0x1195ff8;
				_v980 = 0x1c;
				_v976 = 0;
				_v972 = 0;
				_v968 = L"LogonUser";
				_v964 =  &M01196203;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v880 = _t328;
				_t329 = 9;
				_v924 = _t336;
				_v904 = _t336;
				_v884 = _t336;
				_v864 = _t336;
				_v844 = _t336;
				_v824 = _t336;
				_v804 = _t336;
				_v784 = _t336;
				_t337 = 0xb;
				_v948 = L"MyPicturesFolder";
				_v944 = 0x1195ff8;
				_v940 = 0x27;
				_v936 = 0;
				_v932 = 0;
				_v928 = L"NTProductType";
				_v920 = 4;
				_v916 = 0;
				_v912 = 0;
				_v908 = L"NTSuiteBackOffice";
				_v900 = 0;
				_v896 = 0;
				_v892 = 0;
				_v888 = L"NTSuiteDataCenter";
				_v876 = 0;
				_v872 = 0;
				_v868 = L"NTSuiteEnterprise";
				_v860 = 7;
				_v856 = 0;
				_v852 = 0;
				_v848 = L"NTSuitePersonal";
				_v840 = 8;
				_v836 = 0;
				_v832 = 0;
				_v828 = L"NTSuiteSmallBusiness";
				_v820 = 0x1195ff8;
				_v816 = 0;
				_v812 = 0;
				_v808 = L"NTSuiteSmallBusinessRestricted";
				_v800 = 0xa;
				_v796 = 0;
				_v792 = 0;
				_v788 = L"NTSuiteWebServer";
				_v780 = _t337;
				_v776 = 0;
				_v772 = 0;
				_v768 = L"PersonalFolder";
				_v764 = 0x1195ff8;
				_v760 = 0;
				_v756 = 0;
				_v752 = 0;
				_v748 = L"Privileged";
				_v744 = 0x1196490;
				asm("stosd");
				_push(0x26);
				asm("stosd");
				asm("stosd");
				_v700 = 0;
				_v680 = 0;
				_v660 = 0;
				_v684 = 0x1195ff8;
				_v644 = 0x1195ff8;
				_v664 = 0x1195ec2;
				_t359 =  &M0119695F;
				_v728 = L"ProcessorArchitecture";
				_v724 = 0x119675f;
				_v720 = 0xe;
				_v716 = 0;
				_v712 = 0;
				_v708 = L"ProgramFiles64Folder";
				_v704 = 0x1196540;
				_v696 = 0;
				_v692 = 0;
				_v688 = L"ProgramFilesFolder";
				_v676 = 0;
				_v672 = 0;
				_v668 = L"ProgramFiles6432Folder";
				_v656 = 0;
				_v652 = 0;
				_v648 = L"ProgramMenuFolder";
				_v640 = 2;
				_v636 = 0;
				_v632 = 0;
				_v628 = L"RebootPending";
				_v624 = 0x11964d7;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v600 = _t329;
				_v604 = 0x1195ff8;
				_t330 =  &M011965DC;
				_v564 = 0x1195ff8;
				_v544 = 0x1195ff8;
				_v524 = _t330;
				_v608 = L"SendToFolder";
				_v596 = 0;
				_v592 = 0;
				_v588 = L"ServicePackLevel";
				_v584 = _t359;
				_v580 = 3;
				_v576 = 0;
				_v572 = 0;
				_v568 = L"StartMenuFolder";
				_v560 = _t337;
				_v556 = 0;
				_v552 = 0;
				_v548 = L"StartupFolder";
				_v540 = 7;
				_v536 = 0;
				_v532 = 0;
				_v528 = L"SystemFolder";
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v504 = _t330;
				_v508 = L"System64Folder";
				_v500 = 1;
				_v496 = 0;
				_v492 = 0;
				_v488 = L"SystemLanguageID";
				_v484 = 0x1195e2c;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v468 = L"TempFolder";
				_v464 =  &M011967C2;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v444 = 0x1195ff8;
				_v448 = L"TemplateFolder";
				_v440 = 0x15;
				_v436 = 0;
				_v432 = 0;
				_v428 = L"TerminalServer";
				_v424 =  &M011962CC;
				_v420 = 0xd;
				_v416 = 0;
				_v412 = 0;
				_v408 = L"UserUILanguageID";
				_v404 = 0x1195e90;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v388 = L"UserLanguageID";
				_v384 = 0x1195e5e;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v368 = L"VersionMsi";
				_v364 = 0x1196898;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v344 = _t359;
				_v324 = _t359;
				_v340 = 1;
				_v304 = 0x1195ff8;
				_v348 = L"VersionNT";
				_v336 = 0;
				_v332 = 0;
				_v328 = L"VersionNT64";
				_v320 = 2;
				_v316 = 0;
				_v312 = 0;
				_v308 = L"WindowsFolder";
				_v300 = 0x24;
				_v296 = 0;
				_v292 = 0;
				_v288 = L"WindowsVolume";
				_v284 =  &M01196B30;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v268 = L"WixBundleAction";
				_v264 = 0x11962a1;
				_v260 = 0;
				_v256 = 0;
				_v252 = 1;
				_v248 = L"WixBundleExecutePackageCacheFolder";
				_v244 = 0x11965b1;
				_v240 = 0;
				_v236 = 0;
				_v232 = 1;
				_v212 = 1;
				_v196 = 1;
				_v192 = 1;
				_v172 = 1;
				_v152 = 1;
				_v132 = 1;
				_v112 = 1;
				_v92 = 1;
				_v72 = 1;
				_v52 = 1;
				_v32 = 1;
				_v12 = 1;
				_t362 =  &_v1256;
				_v228 = L"WixBundleExecutePackageAction";
				_v224 = 0x11965b1;
				_v220 = 0;
				_v216 = 0;
				_v208 = L"WixBundleForcedRestartPackage";
				_v204 = 0x11965b1;
				_v200 = 0;
				_v188 = L"WixBundleInstalled";
				_v184 = 0x11962a1;
				_v180 = 0;
				_v176 = 0;
				_v168 = L"WixBundleElevated";
				_v164 = 0x11962a1;
				_v160 = 0;
				_v156 = 0;
				_v148 = L"WixBundleActiveParent";
				_v144 = 0x11965b1;
				_v140 = 0;
				_v136 = 0;
				_v128 = L"WixBundleProviderKey";
				_v124 = 0x11965b1;
				_v120 = 0x11da534;
				_v116 = 0;
				_v108 = L"WixBundleSourceProcessPath";
				_v104 = 0x11965b1;
				_v100 = 0;
				_v96 = 0;
				_v88 = L"WixBundleSourceProcessFolder";
				_v84 = 0x11965b1;
				_v80 = 0;
				_v76 = 0;
				_v68 = L"WixBundleTag";
				_v64 = 0x11965b1;
				_v60 = 0x11da534;
				_v56 = 0;
				_v48 = L"WixBundleUILevel";
				_v44 = 0x11962a1;
				_v40 = 0;
				_v36 = 0;
				_v28 = L"WixBundleVersion";
				_v24 = 0x119686d;
				_v20 = 0;
				_v16 = 0;
				while(1) {
					_v1276 =  *((intOrPtr*)(_t362 - 0xc));
					_t322 = E0119565E(0x11965b1, _v1272,  *((intOrPtr*)(_t362 - 0xc)),  *((intOrPtr*)(_t362 - 8)),  *((intOrPtr*)(_t362 - 4)),  *_t362,  *((intOrPtr*)(_t362 + 4))); // executed
					_t357 = _t322;
					if(_t322 < 0) {
						break;
					}
					_t326 = _t326 + 1;
					_t362 = _t362 + 0x14;
					if(_t326 < 0x3f) {
						continue;
					} else {
					}
					L5:
					return E011BDD1F(_t326, _v8 ^ _t363, 0x11962a1, _t357, _t362);
				}
				E011CFB09(_t357, "Failed to add built-in variable: %ls.", _v1276);
				goto L5;
			}



















































































































































































































































































































                                                            0x01197636
                                                            0x0119763d
                                                            0x01197640
                                                            0x01197647
                                                            0x0119764d
                                                            0x01197653
                                                            0x01197655
                                                            0x01197664
                                                            0x0119766e
                                                            0x0119767a
                                                            0x01197685
                                                            0x0119768b
                                                            0x01197690
                                                            0x01197696
                                                            0x0119769c
                                                            0x011976a2
                                                            0x011976ac
                                                            0x011976b6
                                                            0x011976bc
                                                            0x011976c2
                                                            0x011976cc
                                                            0x011976d6
                                                            0x011976dc
                                                            0x011976e2
                                                            0x011976ec
                                                            0x011976f8
                                                            0x011976f9
                                                            0x011976ff
                                                            0x01197705
                                                            0x0119770d
                                                            0x01197713
                                                            0x01197719
                                                            0x01197723
                                                            0x01197729
                                                            0x0119772f
                                                            0x01197739
                                                            0x0119773f
                                                            0x01197745
                                                            0x0119774b
                                                            0x01197755
                                                            0x0119775b
                                                            0x01197765
                                                            0x0119776b
                                                            0x01197771
                                                            0x0119777b
                                                            0x01197785
                                                            0x01197788
                                                            0x01197789
                                                            0x0119778c
                                                            0x0119779c
                                                            0x011977a6
                                                            0x011977a7
                                                            0x011977a8
                                                            0x011977ab
                                                            0x011977b7
                                                            0x011977c1
                                                            0x011977c2
                                                            0x011977c3
                                                            0x011977c4
                                                            0x011977ca
                                                            0x011977cb
                                                            0x011977d5
                                                            0x011977db
                                                            0x011977e1
                                                            0x011977e7
                                                            0x011977f1
                                                            0x011977fb
                                                            0x01197805
                                                            0x0119780b
                                                            0x01197813
                                                            0x0119781d
                                                            0x0119782d
                                                            0x0119782e
                                                            0x01197830
                                                            0x01197831
                                                            0x01197834
                                                            0x01197844
                                                            0x0119784e
                                                            0x0119784f
                                                            0x01197850
                                                            0x01197853
                                                            0x01197863
                                                            0x0119786d
                                                            0x01197877
                                                            0x0119787d
                                                            0x01197883
                                                            0x0119788d
                                                            0x01197897
                                                            0x01197898
                                                            0x01197899
                                                            0x0119789d
                                                            0x011978a8
                                                            0x011978ab
                                                            0x011978b1
                                                            0x011978b7
                                                            0x011978bd
                                                            0x011978c3
                                                            0x011978c9
                                                            0x011978cf
                                                            0x011978d5
                                                            0x011978db
                                                            0x011978dc
                                                            0x011978e6
                                                            0x011978ec
                                                            0x011978f6
                                                            0x011978fc
                                                            0x01197902
                                                            0x0119790c
                                                            0x01197916
                                                            0x0119791c
                                                            0x01197922
                                                            0x0119792c
                                                            0x01197932
                                                            0x01197938
                                                            0x0119793e
                                                            0x01197948
                                                            0x0119794e
                                                            0x01197954
                                                            0x0119795e
                                                            0x01197968
                                                            0x0119796e
                                                            0x01197974
                                                            0x0119797e
                                                            0x01197988
                                                            0x0119798e
                                                            0x01197994
                                                            0x0119799e
                                                            0x011979a4
                                                            0x011979aa
                                                            0x011979b0
                                                            0x011979ba
                                                            0x011979c4
                                                            0x011979ca
                                                            0x011979d0
                                                            0x011979da
                                                            0x011979e0
                                                            0x011979e6
                                                            0x011979ec
                                                            0x011979f6
                                                            0x011979fc
                                                            0x01197a04
                                                            0x01197a0a
                                                            0x01197a16
                                                            0x01197a20
                                                            0x01197a2a
                                                            0x01197a2b
                                                            0x01197a2d
                                                            0x01197a2e
                                                            0x01197a30
                                                            0x01197a3b
                                                            0x01197a41
                                                            0x01197a49
                                                            0x01197a4f
                                                            0x01197a5b
                                                            0x01197a61
                                                            0x01197a66
                                                            0x01197a70
                                                            0x01197a7a
                                                            0x01197a84
                                                            0x01197a8a
                                                            0x01197a90
                                                            0x01197a9a
                                                            0x01197aa4
                                                            0x01197aaa
                                                            0x01197ab0
                                                            0x01197aba
                                                            0x01197ac0
                                                            0x01197ac6
                                                            0x01197ad0
                                                            0x01197ad6
                                                            0x01197adc
                                                            0x01197ae6
                                                            0x01197af0
                                                            0x01197af6
                                                            0x01197afc
                                                            0x01197b06
                                                            0x01197b10
                                                            0x01197b11
                                                            0x01197b12
                                                            0x01197b18
                                                            0x01197b24
                                                            0x01197b2a
                                                            0x01197b2f
                                                            0x01197b35
                                                            0x01197b3d
                                                            0x01197b43
                                                            0x01197b4d
                                                            0x01197b53
                                                            0x01197b59
                                                            0x01197b63
                                                            0x01197b69
                                                            0x01197b73
                                                            0x01197b79
                                                            0x01197b7f
                                                            0x01197b89
                                                            0x01197b8f
                                                            0x01197b95
                                                            0x01197b9b
                                                            0x01197ba5
                                                            0x01197baf
                                                            0x01197bb5
                                                            0x01197bbb
                                                            0x01197bc5
                                                            0x01197bc6
                                                            0x01197bc7
                                                            0x01197bc8
                                                            0x01197bd1
                                                            0x01197bdb
                                                            0x01197be1
                                                            0x01197be7
                                                            0x01197bef
                                                            0x01197bf9
                                                            0x01197c09
                                                            0x01197c0f
                                                            0x01197c10
                                                            0x01197c13
                                                            0x01197c23
                                                            0x01197c2d
                                                            0x01197c2e
                                                            0x01197c2f
                                                            0x01197c32
                                                            0x01197c3e
                                                            0x01197c48
                                                            0x01197c52
                                                            0x01197c58
                                                            0x01197c5e
                                                            0x01197c68
                                                            0x01197c72
                                                            0x01197c7c
                                                            0x01197c82
                                                            0x01197c88
                                                            0x01197c92
                                                            0x01197c9c
                                                            0x01197c9d
                                                            0x01197c9e
                                                            0x01197ca1
                                                            0x01197cb1
                                                            0x01197cbb
                                                            0x01197cbc
                                                            0x01197cbd
                                                            0x01197cc0
                                                            0x01197cd0
                                                            0x01197cda
                                                            0x01197cdb
                                                            0x01197cdc
                                                            0x01197cdf
                                                            0x01197ceb
                                                            0x01197cf3
                                                            0x01197cfa
                                                            0x01197d05
                                                            0x01197d14
                                                            0x01197d1a
                                                            0x01197d20
                                                            0x01197d2a
                                                            0x01197d34
                                                            0x01197d3a
                                                            0x01197d40
                                                            0x01197d4a
                                                            0x01197d54
                                                            0x01197d5a
                                                            0x01197d60
                                                            0x01197d6a
                                                            0x01197d74
                                                            0x01197d75
                                                            0x01197d76
                                                            0x01197d77
                                                            0x01197d81
                                                            0x01197d87
                                                            0x01197d8d
                                                            0x01197d93
                                                            0x01197d99
                                                            0x01197da3
                                                            0x01197da9
                                                            0x01197daf
                                                            0x01197dba
                                                            0x01197dc0
                                                            0x01197dc6
                                                            0x01197dcc
                                                            0x01197dd2
                                                            0x01197dd8
                                                            0x01197dde
                                                            0x01197de1
                                                            0x01197de4
                                                            0x01197de7
                                                            0x01197dea
                                                            0x01197ded
                                                            0x01197df0
                                                            0x01197df3
                                                            0x01197df9
                                                            0x01197e03
                                                            0x01197e09
                                                            0x01197e0f
                                                            0x01197e15
                                                            0x01197e1f
                                                            0x01197e25
                                                            0x01197e2b
                                                            0x01197e35
                                                            0x01197e3b
                                                            0x01197e41
                                                            0x01197e47
                                                            0x01197e51
                                                            0x01197e57
                                                            0x01197e5d
                                                            0x01197e63
                                                            0x01197e6d
                                                            0x01197e73
                                                            0x01197e79
                                                            0x01197e7f
                                                            0x01197e86
                                                            0x01197e89
                                                            0x01197e8c
                                                            0x01197e8f
                                                            0x01197e96
                                                            0x01197e99
                                                            0x01197e9c
                                                            0x01197e9f
                                                            0x01197ea6
                                                            0x01197ea9
                                                            0x01197eac
                                                            0x01197eaf
                                                            0x01197eb6
                                                            0x01197eb9
                                                            0x01197ebc
                                                            0x01197ebf
                                                            0x01197ec6
                                                            0x01197ec9
                                                            0x01197ecc
                                                            0x01197ecf
                                                            0x01197ed6
                                                            0x01197edd
                                                            0x01197ee0
                                                            0x01197ee3
                                                            0x01197eeb
                                                            0x01197efe
                                                            0x01197f03
                                                            0x01197f07
                                                            0x00000000
                                                            0x00000000
                                                            0x01197f09
                                                            0x01197f0a
                                                            0x01197f10
                                                            0x00000000
                                                            0x00000000
                                                            0x01197f12
                                                            0x01197f28
                                                            0x01197f38
                                                            0x01197f38
                                                            0x01197f20
                                                            0x00000000

                                                            APIs
                                                            • InitializeCriticalSection.KERNEL32(011A745E,011953FA,00000000,01195482), ref: 0119764D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalInitializeSection
                                                            • String ID: #$$$'$0$Failed to add built-in variable: %ls.$Jv_)$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleUILevel$WixBundleVersion
                                                            • API String ID: 32694325-2158875035
                                                            • Opcode ID: 0de6850fafadfa28334aca35e551e1dc0d8bf8746d8ee86b2b309fce9de71247
                                                            • Instruction ID: c0d76409e3c6faa94183b1f500b70f41859a7791b796e63c1bb66a438865f8ac
                                                            • Opcode Fuzzy Hash: 0de6850fafadfa28334aca35e551e1dc0d8bf8746d8ee86b2b309fce9de71247
                                                            • Instruction Fuzzy Hash: 9D3259B0D056699FDB69CF5ACA883CDFAB4BB49304F5181EED21DB6210D7700A88CF59
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01194326 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 157stringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1235 1194326-119437d InitializeCriticalSection * 2 call 11a4c89 * 2 1240 11944a1-11944ab call 119b45a 1235->1240 1241 1194383 1235->1241 1246 11944b0-11944b4 1240->1246 1242 1194389-1194396 1241->1242 1244 119439c-11943c8 lstrlenW * 2 CompareStringW 1242->1244 1245 1194494-119449b 1242->1245 1247 119441a-1194446 lstrlenW * 2 CompareStringW 1244->1247 1248 11943ca-11943ed lstrlenW 1244->1248 1245->1240 1245->1242 1249 11944c3-11944c9 1246->1249 1250 11944b6-11944c2 call 11cfb09 1246->1250 1247->1245 1251 1194448-119446b lstrlenW 1247->1251 1252 11943f3-11943f8 1248->1252 1253 11944d7-11944ec call 11938ba 1248->1253 1250->1249 1256 1194471-1194476 1251->1256 1257 1194503-119451d call 11938ba 1251->1257 1252->1253 1258 11943fe-119440e call 1192abf 1252->1258 1264 11944f1-11944f8 1253->1264 1256->1257 1261 119447c-119448c call 1192abf 1256->1261 1257->1264 1270 11944cc-11944d5 1258->1270 1271 1194414 1258->1271 1261->1270 1273 119448e 1261->1273 1268 11944f9-1194501 call 11cfb09 1264->1268 1268->1249 1270->1268 1271->1247 1273->1245
                                                            C-Code - Quality: 65%
                                                            			E01194326(void* __ecx, union _LARGE_INTEGER* __edx, void* __eflags, struct _CRITICAL_SECTION* _a4, signed int _a8) {
				char _v8;
				void* _t50;
				int _t55;
				WCHAR* _t56;
				int _t62;
				WCHAR* _t63;
				signed int _t69;
				intOrPtr* _t72;
				signed int _t76;
				struct _CRITICAL_SECTION* _t79;
				signed int _t83;
				void* _t89;
				void* _t93;
				union _LARGE_INTEGER* _t96;
				struct _CRITICAL_SECTION* _t98;
				void* _t100;
				void* _t103;

				_t96 = __edx;
				_push(__ecx);
				_a8 = _a8 | 0xffffffff;
				_t98 = _a4;
				_v8 = _a8;
				 *(_t98 + 0x498) =  *(_t98 + 0x498) | 0xffffffff;
				 *(_t98 + 0x494) = 1;
				InitializeCriticalSection(_t98);
				_t9 = _t98 + 0xd0; // 0xd0
				InitializeCriticalSection(_t9);
				_t10 = _t98 + 0x4a0; // 0x4a0
				E011A4C89(_t10);
				_t11 = _t98 + 0x4b8; // 0x4b8
				E011A4C89(_t11);
				_t83 = 0;
				if( *((intOrPtr*)(_t98 + 0x4dc)) <= 0) {
					L14:
					_t40 = _t98 + 0x48; // 0x48
					_t50 = E0119B45A(_t96, _t40, _v8, _a8); // executed
					_t103 = _t50;
					if(_t103 < 0) {
						_push("Failed to initialize engine section.");
						_push(_t103);
						E011CFB09();
					}
					L16:
					return _t103;
				}
				do {
					if( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)))) != 0x2d) {
						goto L13;
					}
					_t55 = lstrlenW(L"burn.filehandle.attached");
					_t56 = L"burn.filehandle.attached";
					if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t56), _t56, _t55) != 2) {
						L8:
						_t62 = lstrlenW(L"burn.filehandle.self");
						_t63 = L"burn.filehandle.self";
						if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t63), _t63, _t62) != 2) {
							goto L13;
						}
						_t69 = lstrlenW(L"burn.filehandle.self");
						_t72 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t69 * 2;
						_t89 = 0x3d;
						_a4 = _t72;
						if(_t89 !=  *((intOrPtr*)(_t72 - 2)) || 0 ==  *_t72) {
							_t100 = 0x80070057;
							E011938BA(_t72, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\engine.cpp", 0x140, 0x80070057);
							_push(L"burn.filehandle.self");
							L19:
							_push("Missing required parameter for switch: %ls");
							_t103 = _t100;
							_push(_t100);
							goto L20;
						} else {
							_t103 = E01192ABF( &_v8, _t72, 0,  &_v8);
							if(_t103 < 0) {
								L17:
								_push(_a4);
								_push("Failed to parse file handle: \'%ls\'");
								_push(_t103);
								L20:
								E011CFB09();
								goto L16;
							}
							goto L13;
						}
					}
					_t76 = lstrlenW(L"burn.filehandle.attached");
					_t79 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t76 * 2;
					_t93 = 0x3d;
					_a4 = _t79;
					if(_t93 !=  *((intOrPtr*)(_t79 - 2)) || 0 ==  *_t79) {
						_t100 = 0x80070057;
						E011938BA(_t79, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\engine.cpp", 0x135, 0x80070057);
						_push(L"burn.filehandle.attached");
						goto L19;
					} else {
						_t103 = E01192ABF( &_a8, _t79, 0,  &_a8);
						if(_t103 < 0) {
							goto L17;
						}
						goto L8;
					}
					L13:
					_t83 = _t83 + 1;
				} while (_t83 <  *((intOrPtr*)(_t98 + 0x4dc)));
				goto L14;
			}




















                                                            0x01194326
                                                            0x01194329
                                                            0x0119432d
                                                            0x0119433a
                                                            0x0119433e
                                                            0x01194341
                                                            0x01194348
                                                            0x01194352
                                                            0x01194354
                                                            0x0119435b
                                                            0x0119435d
                                                            0x01194364
                                                            0x01194369
                                                            0x01194370
                                                            0x01194375
                                                            0x0119437d
                                                            0x011944a1
                                                            0x011944a4
                                                            0x011944ab
                                                            0x011944b0
                                                            0x011944b4
                                                            0x011944b6
                                                            0x011944bb
                                                            0x011944bc
                                                            0x011944c2
                                                            0x011944c3
                                                            0x011944c9
                                                            0x011944c9
                                                            0x01194389
                                                            0x01194396
                                                            0x00000000
                                                            0x00000000
                                                            0x011943a1
                                                            0x011943a4
                                                            0x011943c8
                                                            0x0119441a
                                                            0x0119441f
                                                            0x01194422
                                                            0x01194446
                                                            0x00000000
                                                            0x00000000
                                                            0x0119444d
                                                            0x01194461
                                                            0x01194463
                                                            0x01194464
                                                            0x0119446b
                                                            0x01194503
                                                            0x01194513
                                                            0x01194518
                                                            0x011944f1
                                                            0x011944f1
                                                            0x011944f6
                                                            0x011944f8
                                                            0x00000000
                                                            0x0119447c
                                                            0x01194488
                                                            0x0119448c
                                                            0x011944cc
                                                            0x011944cc
                                                            0x011944cf
                                                            0x011944d4
                                                            0x011944f9
                                                            0x011944f9
                                                            0x00000000
                                                            0x011944fe
                                                            0x00000000
                                                            0x0119448e
                                                            0x0119446b
                                                            0x011943cf
                                                            0x011943e3
                                                            0x011943e5
                                                            0x011943e6
                                                            0x011943ed
                                                            0x011944d7
                                                            0x011944e7
                                                            0x011944ec
                                                            0x00000000
                                                            0x011943fe
                                                            0x0119440a
                                                            0x0119440e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01194414
                                                            0x01194494
                                                            0x01194494
                                                            0x01194495
                                                            0x00000000

                                                            APIs
                                                            • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,011952A3,?,?,00000000,?,?), ref: 01194352
                                                            • InitializeCriticalSection.KERNEL32(000000D0,?,?,011952A3,?,?,00000000,?,?), ref: 0119435B
                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,011952A3,?,?,00000000,?,?), ref: 011943A1
                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,011952A3,?,?,00000000,?,?), ref: 011943AB
                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,011952A3,?,?,00000000,?,?), ref: 011943BF
                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,011952A3,?,?,00000000,?,?), ref: 011943CF
                                                            • lstrlenW.KERNEL32(burn.filehandle.self,?,?,011952A3,?,?,00000000,?,?), ref: 0119441F
                                                            • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,011952A3,?,?,00000000,?,?), ref: 01194429
                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,011952A3,?,?,00000000,?,?), ref: 0119443D
                                                            • lstrlenW.KERNEL32(burn.filehandle.self,?,?,011952A3,?,?,00000000,?,?), ref: 0119444D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                            • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$c:\agent\_work\66\s\src\burn\engine\engine.cpp
                                                            • API String ID: 3039292287-2540856168
                                                            • Opcode ID: f1fd84efb40605f5ef2e75702e936b5e03761d21b10b55a6c335fb4da13ade15
                                                            • Instruction ID: c6699c4d75a94604a33d1bdc07676fe916a155ff4f3f5bb5de00f9e1031c8ab0
                                                            • Opcode Fuzzy Hash: f1fd84efb40605f5ef2e75702e936b5e03761d21b10b55a6c335fb4da13ade15
                                                            • Instruction Fuzzy Hash: E9511671A40212BFDB2CDF68EC46F9A7BA8FF00760F014119F628E7240D7B4A951CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119C252 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 131fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1275 119c252-119c284 1276 119c2ee-119c30a GetCurrentProcess * 2 DuplicateHandle 1275->1276 1277 119c286-119c2a4 CreateFileW 1275->1277 1278 119c30c-119c316 1276->1278 1279 119c344 1276->1279 1280 119c2aa-119c2b4 1277->1280 1281 119c346-119c34c 1277->1281 1289 119c318-119c321 1278->1289 1290 119c323 1278->1290 1279->1281 1291 119c2c1 1280->1291 1292 119c2b6-119c2bf 1280->1292 1282 119c34e-119c354 1281->1282 1283 119c356 1281->1283 1284 119c358-119c366 SetFilePointerEx 1282->1284 1283->1284 1287 119c368-119c372 1284->1287 1288 119c39d-119c3a3 1284->1288 1306 119c37f 1287->1306 1307 119c374-119c37d 1287->1307 1293 119c3c1-119c3c7 1288->1293 1294 119c3a5-119c3a9 call 11b14e3 1288->1294 1289->1290 1297 119c32a-119c342 call 11938ba 1290->1297 1298 119c325 1290->1298 1295 119c2c8-119c2db call 11938ba 1291->1295 1296 119c2c3 1291->1296 1292->1291 1304 119c3ae-119c3b2 1294->1304 1308 119c2e0-119c2e9 call 11cfb09 1295->1308 1296->1295 1297->1308 1298->1297 1304->1293 1309 119c3b4 1304->1309 1310 119c381 1306->1310 1311 119c386-119c39b call 11938ba 1306->1311 1307->1306 1308->1293 1312 119c3b9-119c3c0 call 11cfb09 1309->1312 1310->1311 1311->1312 1312->1293
                                                            C-Code - Quality: 58%
                                                            			E0119C252(HANDLE* _a4, intOrPtr _a8, void* _a12, WCHAR* _a16) {
				void* _t29;
				long _t31;
				intOrPtr _t32;
				union _LARGE_INTEGER* _t33;
				long _t34;
				long _t38;
				void* _t45;
				HANDLE* _t48;
				intOrPtr _t49;
				long _t52;
				union _LARGE_INTEGER _t56;
				long _t63;

				_t49 = _a8;
				_t48 = _a4;
				_t48[6] =  *(_t49 + 4);
				_t52 = 0;
				_t56 = 0;
				_t48[4] =  *(_t49 + 0x18);
				_t48[5] =  *(_t49 + 0x1c);
				_t48[2] =  *(_t49 + 0x40);
				_t48[3] =  *(_t49 + 0x44);
				if(_a12 != 0xffffffff) {
					_t29 = GetCurrentProcess();
					_t31 = DuplicateHandle(GetCurrentProcess(), _a12, _t29, _t48, 0, 0, 2); // executed
					__eflags = _t31;
					if(_t31 != 0) {
						_t56 = 0;
						goto L15;
					} else {
						_t52 = GetLastError();
						__eflags = _t52;
						if(__eflags > 0) {
							_t52 = _t52 & 0x0000ffff | 0x80070000;
							__eflags = _t52;
						}
						if(__eflags >= 0) {
							_t52 = 0x80004005;
						}
						E011938BA(_t42, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\container.cpp", 0xec, _t52);
						_push(_a16);
						_push("Failed to duplicate handle to container: %ls");
						goto L7;
					}
				} else {
					_t45 = CreateFileW(_a16, 0x80000000, 1, 0, 3, 0x8000080, 0);
					 *_t48 = _t45;
					if(_t45 != 0xffffffff) {
						L15:
						_t32 = _a8;
						__eflags =  *((intOrPtr*)(_t32 + 0xc)) - _t52;
						if( *((intOrPtr*)(_t32 + 0xc)) == _t52) {
							_t33 = _t52;
						} else {
							_t56 = _t48[2];
							_t33 = _t48[3];
						}
						_push(_t52);
						_t34 = SetFilePointerEx( *_t48, _t56, _t33, _t52); // executed
						__eflags = _t34;
						if(_t34 != 0) {
							__eflags = _t48[6] == 1;
							if(_t48[6] == 1) {
								_t38 = E011B14E3(_t48, _a16); // executed
								_t52 = _t38;
								__eflags = _t52;
								if(_t52 < 0) {
									_push("Failed to open container.");
									goto L27;
								}
							}
						} else {
							_t52 = GetLastError();
							__eflags = _t52;
							if(__eflags > 0) {
								_t52 = _t52 & 0x0000ffff | 0x80070000;
								__eflags = _t52;
							}
							if(__eflags >= 0) {
								_t52 = 0x80004005;
							}
							E011938BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\container.cpp", 0xf8, _t52);
							_push("Failed to move file pointer to container offset.");
							L27:
							_push(_t52);
							E011CFB09();
						}
					} else {
						_t52 = GetLastError();
						if(_t52 > 0) {
							_t52 = _t52 & 0x0000ffff | 0x80070000;
							_t63 = _t52;
						}
						if(_t63 >= 0) {
							_t52 = 0x80004005;
						}
						E011938BA(_t46, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\container.cpp", 0xe6, _t52);
						_push(_a16);
						_push("Failed to open file: %ls");
						L7:
						_push(_t52);
						E011CFB09();
					}
				}
				return _t52;
			}















                                                            0x0119c255
                                                            0x0119c259
                                                            0x0119c261
                                                            0x0119c264
                                                            0x0119c26a
                                                            0x0119c26f
                                                            0x0119c275
                                                            0x0119c27b
                                                            0x0119c281
                                                            0x0119c284
                                                            0x0119c2f9
                                                            0x0119c302
                                                            0x0119c308
                                                            0x0119c30a
                                                            0x0119c344
                                                            0x00000000
                                                            0x0119c30c
                                                            0x0119c312
                                                            0x0119c314
                                                            0x0119c316
                                                            0x0119c31b
                                                            0x0119c321
                                                            0x0119c321
                                                            0x0119c323
                                                            0x0119c325
                                                            0x0119c325
                                                            0x0119c335
                                                            0x0119c33a
                                                            0x0119c33d
                                                            0x00000000
                                                            0x0119c33d
                                                            0x0119c286
                                                            0x0119c299
                                                            0x0119c29f
                                                            0x0119c2a4
                                                            0x0119c346
                                                            0x0119c346
                                                            0x0119c349
                                                            0x0119c34c
                                                            0x0119c356
                                                            0x0119c34e
                                                            0x0119c34e
                                                            0x0119c351
                                                            0x0119c351
                                                            0x0119c358
                                                            0x0119c35e
                                                            0x0119c364
                                                            0x0119c366
                                                            0x0119c3a0
                                                            0x0119c3a3
                                                            0x0119c3a9
                                                            0x0119c3ae
                                                            0x0119c3b0
                                                            0x0119c3b2
                                                            0x0119c3b4
                                                            0x00000000
                                                            0x0119c3b4
                                                            0x0119c3b2
                                                            0x0119c368
                                                            0x0119c36e
                                                            0x0119c370
                                                            0x0119c372
                                                            0x0119c377
                                                            0x0119c37d
                                                            0x0119c37d
                                                            0x0119c37f
                                                            0x0119c381
                                                            0x0119c381
                                                            0x0119c391
                                                            0x0119c396
                                                            0x0119c3b9
                                                            0x0119c3b9
                                                            0x0119c3ba
                                                            0x0119c3c0
                                                            0x0119c2aa
                                                            0x0119c2b0
                                                            0x0119c2b4
                                                            0x0119c2b9
                                                            0x0119c2bf
                                                            0x0119c2bf
                                                            0x0119c2c1
                                                            0x0119c2c3
                                                            0x0119c2c3
                                                            0x0119c2d3
                                                            0x0119c2d8
                                                            0x0119c2db
                                                            0x0119c2e0
                                                            0x0119c2e0
                                                            0x0119c2e1
                                                            0x0119c2e6
                                                            0x0119c2a4
                                                            0x0119c3c7

                                                            APIs
                                                            • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,0119C442,01195442,?,?,01195482), ref: 0119C299
                                                            • GetLastError.KERNEL32(?,0119C442,01195442,?,?,01195482,01195482,00000000,?,00000000), ref: 0119C2AA
                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,0119C442,01195442,?,?,01195482,01195482,00000000,?), ref: 0119C2F9
                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000,?,0119C442,01195442,?,?,01195482,01195482,00000000,?,00000000), ref: 0119C2FF
                                                            • DuplicateHandle.KERNELBASE(00000000,?,0119C442,01195442,?,?,01195482,01195482,00000000,?,00000000), ref: 0119C302
                                                            • GetLastError.KERNEL32(?,0119C442,01195442,?,?,01195482,01195482,00000000,?,00000000), ref: 0119C30C
                                                            • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,0119C442,01195442,?,?,01195482,01195482,00000000,?,00000000), ref: 0119C35E
                                                            • GetLastError.KERNEL32(?,0119C442,01195442,?,?,01195482,01195482,00000000,?,00000000), ref: 0119C368
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                            • String ID: @Mqt$Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$c:\agent\_work\66\s\src\burn\engine\container.cpp$crypt32.dll$feclient.dll
                                                            • API String ID: 2619879409-2239166599
                                                            • Opcode ID: 8ccd2aeeea030c20c966537a26a7f6f672d11a735500786723ac267d673878f8
                                                            • Instruction ID: fb56ffa7e44d63fcb662ec5f46d4e1492dd2297d61fe8dd8243615c4da851ae0
                                                            • Opcode Fuzzy Hash: 8ccd2aeeea030c20c966537a26a7f6f672d11a735500786723ac267d673878f8
                                                            • Instruction Fuzzy Hash: F441F736544202ABDF2D8E6A9C44F1B3BBAAFD5721F114029FD68AF241E735D901CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D2368 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1364 11d2368-11d2388 call 11938d1 1367 11d238e-11d239c call 11d4289 1364->1367 1368 11d2492-11d2496 1364->1368 1372 11d23a1-11d23c0 GetProcAddress 1367->1372 1370 11d2498-11d249b call 1192762 1368->1370 1371 11d24a0-11d24a4 1368->1371 1370->1371 1374 11d23c7-11d23e0 GetProcAddress 1372->1374 1375 11d23c2 1372->1375 1376 11d23e7-11d2400 GetProcAddress 1374->1376 1377 11d23e2 1374->1377 1375->1374 1378 11d2407-11d2420 GetProcAddress 1376->1378 1379 11d2402 1376->1379 1377->1376 1380 11d2427-11d2440 GetProcAddress 1378->1380 1381 11d2422 1378->1381 1379->1378 1382 11d2447-11d2460 GetProcAddress 1380->1382 1383 11d2442 1380->1383 1381->1380 1384 11d2467-11d2481 GetProcAddress 1382->1384 1385 11d2462 1382->1385 1383->1382 1386 11d2488 1384->1386 1387 11d2483 1384->1387 1385->1384 1386->1368 1387->1386
                                                            C-Code - Quality: 100%
                                                            			E011D2368(void* __ecx, void* __edx, void* __esi, void* __eflags) {
				signed int _v8;
				void* _t8;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t17;
				_Unknown_base(*)()* _t18;
				void* _t22;

				_v8 = _v8 & 0x00000000;
				_t8 = E011938D1(__edx, L"Msi.dll", 0x11fb65c,  &_v8); // executed
				_t22 = _t8;
				if(_t22 >= 0) {
					E011D4289(_v8, 0x11fb680, 0x11fb684); // executed
					_t12 = GetProcAddress( *0x11fb65c, "MsiDeterminePatchSequenceW");
					 *0x11fb660 = _t12;
					if( *0x11fb640 == 0) {
						 *0x11fb640 = _t12;
					}
					_t13 = GetProcAddress( *0x11fb65c, "MsiDetermineApplicablePatchesW");
					 *0x11fb664 = _t13;
					if( *0x11fb644 == 0) {
						 *0x11fb644 = _t13;
					}
					_t14 = GetProcAddress( *0x11fb65c, "MsiEnumProductsExW");
					 *0x11fb668 = _t14;
					if( *0x11fb648 == 0) {
						 *0x11fb648 = _t14;
					}
					_t15 = GetProcAddress( *0x11fb65c, "MsiGetPatchInfoExW");
					 *0x11fb66c = _t15;
					if( *0x11fb64c == 0) {
						 *0x11fb64c = _t15;
					}
					_t16 = GetProcAddress( *0x11fb65c, "MsiGetProductInfoExW");
					 *0x11fb670 = _t16;
					if( *0x11fb650 == 0) {
						 *0x11fb650 = _t16;
					}
					_t17 = GetProcAddress( *0x11fb65c, "MsiSetExternalUIRecord");
					 *0x11fb674 = _t17;
					if( *0x11fb654 == 0) {
						 *0x11fb654 = _t17;
					}
					_t18 = GetProcAddress( *0x11fb65c, "MsiSourceListAddSourceExW");
					 *0x11fb678 = _t18;
					if( *0x11fb658 == 0) {
						 *0x11fb658 = _t18;
					}
					 *0x11fb67c = 1;
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t22;
			}













                                                            0x011d236c
                                                            0x011d237f
                                                            0x011d2384
                                                            0x011d2388
                                                            0x011d239c
                                                            0x011d23b2
                                                            0x011d23bb
                                                            0x011d23c0
                                                            0x011d23c2
                                                            0x011d23c2
                                                            0x011d23d2
                                                            0x011d23db
                                                            0x011d23e0
                                                            0x011d23e2
                                                            0x011d23e2
                                                            0x011d23f2
                                                            0x011d23fb
                                                            0x011d2400
                                                            0x011d2402
                                                            0x011d2402
                                                            0x011d2412
                                                            0x011d241b
                                                            0x011d2420
                                                            0x011d2422
                                                            0x011d2422
                                                            0x011d2432
                                                            0x011d243b
                                                            0x011d2440
                                                            0x011d2442
                                                            0x011d2442
                                                            0x011d2452
                                                            0x011d245b
                                                            0x011d2460
                                                            0x011d2462
                                                            0x011d2462
                                                            0x011d2472
                                                            0x011d247b
                                                            0x011d2481
                                                            0x011d2483
                                                            0x011d2483
                                                            0x011d2488
                                                            0x011d2488
                                                            0x011d2496
                                                            0x011d249b
                                                            0x011d249b
                                                            0x011d24a4

                                                            APIs
                                                              • Part of subcall function 011938D1: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 01193910
                                                              • Part of subcall function 011938D1: GetLastError.KERNEL32 ref: 0119391A
                                                              • Part of subcall function 011D4289: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 011D42BA
                                                            • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 011D23B2
                                                            • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 011D23D2
                                                            • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 011D23F2
                                                            • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 011D2412
                                                            • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 011D2432
                                                            • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 011D2452
                                                            • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 011D2472
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$ErrorLast$DirectorySystem
                                                            • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                            • API String ID: 2510051996-1735120554
                                                            • Opcode ID: d8c612c434838dbf686e03af60a3f21665a971db03a3a266cd8951d60199d3ff
                                                            • Instruction ID: 35534b414ae4eb022c0f396431409013d3845d28f3eac54f4a986cf1b521bf18
                                                            • Opcode Fuzzy Hash: d8c612c434838dbf686e03af60a3f21665a971db03a3a266cd8951d60199d3ff
                                                            • Instruction Fuzzy Hash: C93168B0909614EFDB3E9F21E805B597FB2E740328F20813EE53056929E7B508D5DF48
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B14E3 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 106COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1388 11b14e3-11b1503 call 119229e 1391 11b150f-11b1521 CreateEventW 1388->1391 1392 11b1505-11b150a 1388->1392 1394 11b155b-11b1567 CreateEventW 1391->1394 1395 11b1523-11b152d 1391->1395 1393 11b15fb-11b1602 call 11cfb09 1392->1393 1406 11b1603-11b1609 1393->1406 1397 11b1569-11b1573 1394->1397 1398 11b159e-11b15b3 CreateThread 1394->1398 1404 11b153a 1395->1404 1405 11b152f-11b1538 1395->1405 1412 11b1580 1397->1412 1413 11b1575-11b157e 1397->1413 1401 11b15ea-11b15f4 call 11b1286 1398->1401 1402 11b15b5-11b15bf 1398->1402 1401->1406 1416 11b15f6 1401->1416 1418 11b15cc 1402->1418 1419 11b15c1-11b15ca 1402->1419 1409 11b153c 1404->1409 1410 11b1541-11b1556 call 11938ba 1404->1410 1405->1404 1409->1410 1410->1393 1414 11b1582 1412->1414 1415 11b1587-11b159c call 11938ba 1412->1415 1413->1412 1414->1415 1415->1393 1416->1393 1422 11b15ce 1418->1422 1423 11b15d3-11b15e8 call 11938ba 1418->1423 1419->1418 1422->1423 1423->1393
                                                            C-Code - Quality: 70%
                                                            			E011B14E3(void* _a4, intOrPtr _a8) {
				signed short _t11;
				signed short _t12;
				signed short _t13;
				void* _t26;
				signed short _t27;

				_t26 = _a4;
				 *(_t26 + 0x3c) =  *(_t26 + 0x3c) | 0xffffffff;
				_t27 = E0119229E(_t26 + 0x1c, _a8, 0);
				if(_t27 >= 0) {
					_t11 = CreateEventW(0, 1, 0, 0);
					 *(_t26 + 0x24) = _t11;
					__eflags = _t11;
					if(_t11 != 0) {
						_t12 = CreateEventW(0, 1, 0, 0);
						 *(_t26 + 0x28) = _t12;
						__eflags = _t12;
						if(_t12 != 0) {
							_t13 = CreateThread(0, 0, E011B0EA0, _t26, 0, 0); // executed
							 *(_t26 + 0x20) = _t13;
							__eflags = _t13;
							if(_t13 != 0) {
								_t27 = E011B1286(_t26);
								__eflags = _t27;
								if(_t27 < 0) {
									_push("Failed to wait for operation complete.");
									goto L22;
								}
							} else {
								_t27 = GetLastError();
								__eflags = _t27;
								if(__eflags > 0) {
									_t27 = _t27 & 0x0000ffff | 0x80070000;
									__eflags = _t27;
								}
								if(__eflags >= 0) {
									_t27 = 0x80004005;
								}
								E011938BA(_t17, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x93, _t27);
								_push("Failed to create extraction thread.");
								goto L22;
							}
						} else {
							_t27 = GetLastError();
							__eflags = _t27;
							if(__eflags > 0) {
								_t27 = _t27 & 0x0000ffff | 0x80070000;
								__eflags = _t27;
							}
							if(__eflags >= 0) {
								_t27 = 0x80004005;
							}
							E011938BA(_t19, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x8f, _t27);
							_push("Failed to create operation complete event.");
							goto L22;
						}
					} else {
						_t27 = GetLastError();
						__eflags = _t27;
						if(__eflags > 0) {
							_t27 = _t27 & 0x0000ffff | 0x80070000;
							__eflags = _t27;
						}
						if(__eflags >= 0) {
							_t27 = 0x80004005;
						}
						E011938BA(_t21, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x8c, _t27);
						_push("Failed to create begin operation event.");
						goto L22;
					}
				} else {
					_push("Failed to copy file name.");
					L22:
					_push(_t27);
					E011CFB09();
				}
				return _t27;
			}








                                                            0x011b14e9
                                                            0x011b14f2
                                                            0x011b14ff
                                                            0x011b1503
                                                            0x011b151a
                                                            0x011b151c
                                                            0x011b151f
                                                            0x011b1521
                                                            0x011b1560
                                                            0x011b1562
                                                            0x011b1565
                                                            0x011b1567
                                                            0x011b15a8
                                                            0x011b15ae
                                                            0x011b15b1
                                                            0x011b15b3
                                                            0x011b15f0
                                                            0x011b15f2
                                                            0x011b15f4
                                                            0x011b15f6
                                                            0x00000000
                                                            0x011b15f6
                                                            0x011b15b5
                                                            0x011b15bb
                                                            0x011b15bd
                                                            0x011b15bf
                                                            0x011b15c4
                                                            0x011b15ca
                                                            0x011b15ca
                                                            0x011b15cc
                                                            0x011b15ce
                                                            0x011b15ce
                                                            0x011b15de
                                                            0x011b15e3
                                                            0x00000000
                                                            0x011b15e3
                                                            0x011b1569
                                                            0x011b156f
                                                            0x011b1571
                                                            0x011b1573
                                                            0x011b1578
                                                            0x011b157e
                                                            0x011b157e
                                                            0x011b1580
                                                            0x011b1582
                                                            0x011b1582
                                                            0x011b1592
                                                            0x011b1597
                                                            0x00000000
                                                            0x011b1597
                                                            0x011b1523
                                                            0x011b1529
                                                            0x011b152b
                                                            0x011b152d
                                                            0x011b1532
                                                            0x011b1538
                                                            0x011b1538
                                                            0x011b153a
                                                            0x011b153c
                                                            0x011b153c
                                                            0x011b154c
                                                            0x011b1551
                                                            0x00000000
                                                            0x011b1551
                                                            0x011b1505
                                                            0x011b1505
                                                            0x011b15fb
                                                            0x011b15fb
                                                            0x011b15fc
                                                            0x011b1602
                                                            0x011b1609

                                                            APIs
                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,0119C3AE,?,00000000,?,0119C442), ref: 011B151A
                                                            • GetLastError.KERNEL32(?,0119C3AE,?,00000000,?,0119C442,01195442,?,?,01195482,01195482,00000000,?,00000000), ref: 011B1523
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CreateErrorEventLast
                                                            • String ID: @Mqt$Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp$wininet.dll
                                                            • API String ID: 545576003-3879835183
                                                            • Opcode ID: aa3635924f43ed26570a9a30fecb91b797f85f6ee78deb4390e986da3bc595a6
                                                            • Instruction ID: b1b2439b53fe305eeffcb0980bea2e6b0c2fcb0c542dcc5708538d7370014293
                                                            • Opcode Fuzzy Hash: aa3635924f43ed26570a9a30fecb91b797f85f6ee78deb4390e986da3bc595a6
                                                            • Instruction Fuzzy Hash: 5421FC73D4163B77E33D51A96C94FDB69ACBF11AA4B070225FD41BB140E755DC0046E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B0671 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 105fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 75%
                                                            			E011B0671(void* __ecx, CHAR* _a4) {
				void* _v8;
				long _t18;
				void* _t19;
				void* _t25;
				int _t27;
				signed int _t33;
				int _t34;
				signed int _t37;
				void** _t41;
				signed short _t44;
				signed short _t54;

				_push(__ecx);
				_t37 =  *0x11faa94; // 0x0
				_push(_t33);
				_t34 = _t33 | 0xffffffff;
				_t44 = 0;
				_v8 = _t34;
				_t41 =  *( *((intOrPtr*)( *[fs:0x2c] + _t37 * 4)) + 4);
				_t18 = CompareStringA(0, 0, "<the>.cab", _t34, _a4, _t34); // executed
				if(_t18 != 2) {
					_t19 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x8000080, 0);
					_v8 = _t19;
					__eflags = _t19 - _t34;
					if(_t19 == _t34) {
						_t44 = GetLastError();
						__eflags = _t44;
						if(__eflags > 0) {
							_t44 = _t44 & 0x0000ffff | 0x80070000;
							__eflags = _t44;
						}
						if(__eflags >= 0) {
							_t44 = 0x80004005;
						}
						E011938BA(_t21, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x2d5, _t44);
						E011CFB09(_t44, "Failed to open cabinet file: %hs", _a4);
					}
					L16:
					_t41[0xc] = _t44;
					if(_t44 >= 0) {
						_t34 = _v8;
					}
					return _t34;
				}
				_t25 = GetCurrentProcess();
				_t27 = DuplicateHandle(GetCurrentProcess(),  *_t41, _t25,  &_v8, 0, 0, _t18); // executed
				if(_t27 != 0) {
					_t44 = E011B0508(_t37, __eflags,  &(_t41[7]), _v8, _t41[2], _t41[3]);
					__eflags = _t44;
					if(_t44 >= 0) {
						goto L16;
					}
					_push("Failed to add virtual file pointer for cab container.");
					L7:
					_push(_t44);
					E011CFB09();
					goto L16;
				}
				_t44 = GetLastError();
				if(_t44 > 0) {
					_t44 = _t44 & 0x0000ffff | 0x80070000;
					_t54 = _t44;
				}
				if(_t54 >= 0) {
					_t44 = 0x80004005;
				}
				E011938BA(_t31, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x2ca, _t44);
				_push("Failed to duplicate handle to cab container.");
				goto L7;
			}














                                                            0x011b0674
                                                            0x011b0675
                                                            0x011b0681
                                                            0x011b0687
                                                            0x011b068e
                                                            0x011b0690
                                                            0x011b0693
                                                            0x011b06a1
                                                            0x011b06aa
                                                            0x011b073a
                                                            0x011b0740
                                                            0x011b0743
                                                            0x011b0745
                                                            0x011b074d
                                                            0x011b074f
                                                            0x011b0751
                                                            0x011b0756
                                                            0x011b075c
                                                            0x011b075c
                                                            0x011b075e
                                                            0x011b0760
                                                            0x011b0760
                                                            0x011b0770
                                                            0x011b077e
                                                            0x011b0783
                                                            0x011b0786
                                                            0x011b0786
                                                            0x011b078b
                                                            0x011b078d
                                                            0x011b078d
                                                            0x011b0796
                                                            0x011b0796
                                                            0x011b06b9
                                                            0x011b06c1
                                                            0x011b06c9
                                                            0x011b071a
                                                            0x011b071c
                                                            0x011b071e
                                                            0x00000000
                                                            0x00000000
                                                            0x011b0720
                                                            0x011b06fe
                                                            0x011b06fe
                                                            0x011b06ff
                                                            0x00000000
                                                            0x011b0705
                                                            0x011b06d1
                                                            0x011b06d5
                                                            0x011b06da
                                                            0x011b06e0
                                                            0x011b06e0
                                                            0x011b06e2
                                                            0x011b06e4
                                                            0x011b06e4
                                                            0x011b06f4
                                                            0x011b06f9
                                                            0x00000000

                                                            APIs
                                                            • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 011B06A1
                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 011B06B9
                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 011B06BE
                                                            • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 011B06C1
                                                            • GetLastError.KERNEL32(?,?), ref: 011B06CB
                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 011B073A
                                                            • GetLastError.KERNEL32(?,?), ref: 011B0747
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                            • String ID: <the>.cab$@Mqt$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 3030546534-2371446320
                                                            • Opcode ID: 213864efaad60512e105f0bf1dd1484d09ab8424c4d354d63854727c2a10d357
                                                            • Instruction ID: f9386f6502182f397b5e51dd1c3c34b06d9bba47daf47683947499cd113cfd86
                                                            • Opcode Fuzzy Hash: 213864efaad60512e105f0bf1dd1484d09ab8424c4d354d63854727c2a10d357
                                                            • Instruction Fuzzy Hash: D231E876902A36BBD7299A959C88FCFBE69FF09660F110125FD14B7140D7259D008BE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01193171 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 88%
                                                            			E01193171(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed short _t55;
				signed short _t57;
				signed short _t67;
				signed int _t69;
				long _t74;
				long _t75;
				WCHAR* _t76;
				signed short _t78;
				signed short _t89;

				_t74 = 0;
				_v12 = _v12 & 0;
				_t76 = 0;
				_v16 = 0;
				_v8 = 0;
				if((_a12 & 0x00000001) == 0) {
					L24:
					__eflags = _a12 & 0x00000002;
					if((_a12 & 0x00000002) == 0) {
						_t41 =  &_v8;
						 *_t41 = _v8 & 0x00000000;
						__eflags =  *_t41;
						_v12 = _t76;
						goto L52;
					} else {
						_a12 = _a12 & 0x00000000;
						__eflags = _t76;
						if(_t76 == 0) {
							_t76 = _a8;
						}
						__eflags = _t74 - 0x40;
						if(_t74 <= 0x40) {
							_t74 = 0x40;
						}
						_t55 = E01191FE0( &_v12, _t74); // executed
						_t78 = _t55;
						__eflags = _t78;
						if(_t78 >= 0) {
							_t57 = GetFullPathNameW(_t76, _t74, _v12,  &_a12);
							__eflags = _t57;
							if(_t57 != 0) {
								__eflags = _t74 - _t57;
								if(_t74 >= _t57) {
									L48:
									__eflags = _t57 - 0x104;
									if(_t57 <= 0x104) {
										L50:
										_t76 = _v12;
										L52:
										__eflags = _t76;
										if(_t76 == 0) {
											_t76 = _a8;
										}
										_t78 = E0119229E(_a4, _t76, 0);
									} else {
										_t78 = E0119367D( &_v12);
										__eflags = _t78;
										if(_t78 >= 0) {
											goto L50;
										}
									}
								} else {
									_t75 = _t57;
									__eflags = _t57 - 0x104;
									if(_t57 >= 0x104) {
										_t35 = _t57 + 7; // 0x7
										_t75 = _t35;
									}
									_t78 = E01191FE0( &_v12, _t75);
									__eflags = _t78;
									if(_t78 >= 0) {
										_t57 = GetFullPathNameW(_t76, _t75, _v12,  &_a12);
										__eflags = _t57;
										if(_t57 != 0) {
											__eflags = _t75 - _t57;
											if(_t75 >= _t57) {
												goto L48;
											} else {
												_t63 = 0x8007007a;
												_push(0x8007007a);
												_t78 = 0x8007007a;
												_push(0x149);
												goto L8;
											}
										} else {
											_t78 = GetLastError();
											__eflags = _t78;
											if(__eflags > 0) {
												_t78 = _t78 & 0x0000ffff | 0x80070000;
												__eflags = _t78;
											}
											if(__eflags >= 0) {
												_t78 = 0x80004005;
											}
											_push(_t78);
											_push(0x144);
											goto L8;
										}
									}
								}
							} else {
								_t78 = GetLastError();
								__eflags = _t78;
								if(__eflags > 0) {
									_t78 = _t78 & 0x0000ffff | 0x80070000;
									__eflags = _t78;
								}
								if(__eflags >= 0) {
									_t78 = 0x80004005;
								}
								_push(_t78);
								_push(0x139);
								goto L8;
							}
						}
					}
				} else {
					_v16 = 0x40;
					_t78 = E01191FE0( &_v8, 0x40);
					if(_t78 >= 0) {
						_t67 = ExpandEnvironmentStringsW(_a8, _v8, _v16);
						if(_t67 != 0) {
							_t74 = _v16;
							__eflags = _t74 - _t67;
							if(_t74 >= _t67) {
								L19:
								__eflags = _t67 - 0x104;
								if(_t67 <= 0x104) {
									L23:
									_t76 = _v8;
									goto L24;
								} else {
									_t69 = E0119367D( &_v8);
									_t21 = _t69 + 0x7ff8ffa9; // 0x7ff8ffa9
									asm("sbb esi, esi");
									_t78 =  ~_t21 & _t69;
									__eflags = _t78;
									if(_t78 >= 0) {
										_t78 = E01192847(_v8,  &_v16);
										__eflags = _t78;
										if(_t78 >= 0) {
											_t74 = _v16;
											goto L23;
										}
									}
								}
							} else {
								_v16 = _t67;
								_t78 = E01191FE0( &_v8, _t67);
								__eflags = _t78;
								if(_t78 >= 0) {
									_t67 = ExpandEnvironmentStringsW(_a8, _v8, _v16);
									__eflags = _t67;
									if(_t67 != 0) {
										_t74 = _v16;
										__eflags = _t74 - _t67;
										if(_t74 >= _t67) {
											goto L19;
										} else {
											_t63 = 0x8007007a;
											_push(0x8007007a);
											_t78 = 0x8007007a;
											_push(0x118);
											goto L8;
										}
									} else {
										_t78 = GetLastError();
										__eflags = _t78;
										if(__eflags > 0) {
											_t78 = _t78 & 0x0000ffff | 0x80070000;
											__eflags = _t78;
										}
										if(__eflags >= 0) {
											_t78 = 0x80004005;
										}
										_push(_t78);
										_push(0x113);
										goto L8;
									}
								}
							}
						} else {
							_t78 = GetLastError();
							if(_t78 > 0) {
								_t78 = _t78 & 0x0000ffff | 0x80070000;
								_t89 = _t78;
							}
							if(_t89 >= 0) {
								_t78 = 0x80004005;
							}
							_push(_t78);
							_push(0x108);
							L8:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\pathutil.cpp");
							E011938BA(_t63);
						}
					}
				}
				if(_v12 != 0) {
					E01192762(_v12);
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t78;
			}















                                                            0x01193178
                                                            0x0119317a
                                                            0x0119317f
                                                            0x01193181
                                                            0x01193188
                                                            0x0119318b
                                                            0x0119329c
                                                            0x0119329c
                                                            0x011932a0
                                                            0x0119339a
                                                            0x0119339a
                                                            0x0119339a
                                                            0x0119339e
                                                            0x00000000
                                                            0x011932a6
                                                            0x011932a6
                                                            0x011932aa
                                                            0x011932ac
                                                            0x011932ae
                                                            0x011932ae
                                                            0x011932b1
                                                            0x011932b4
                                                            0x011932b8
                                                            0x011932b8
                                                            0x011932be
                                                            0x011932c3
                                                            0x011932c5
                                                            0x011932c7
                                                            0x011932d6
                                                            0x011932dc
                                                            0x011932de
                                                            0x01193309
                                                            0x0119330b
                                                            0x0119337f
                                                            0x0119337f
                                                            0x01193384
                                                            0x01193395
                                                            0x01193395
                                                            0x011933a1
                                                            0x011933a1
                                                            0x011933a3
                                                            0x011933a5
                                                            0x011933a5
                                                            0x011933b3
                                                            0x01193386
                                                            0x0119338f
                                                            0x01193391
                                                            0x01193393
                                                            0x00000000
                                                            0x00000000
                                                            0x01193393
                                                            0x0119330d
                                                            0x0119330d
                                                            0x0119330f
                                                            0x01193314
                                                            0x01193316
                                                            0x01193316
                                                            0x01193316
                                                            0x01193323
                                                            0x01193325
                                                            0x01193327
                                                            0x01193336
                                                            0x0119333c
                                                            0x0119333e
                                                            0x01193369
                                                            0x0119336b
                                                            0x00000000
                                                            0x0119336d
                                                            0x0119336d
                                                            0x01193372
                                                            0x01193373
                                                            0x01193375
                                                            0x00000000
                                                            0x01193375
                                                            0x01193340
                                                            0x01193346
                                                            0x01193348
                                                            0x0119334a
                                                            0x0119334f
                                                            0x01193355
                                                            0x01193355
                                                            0x01193357
                                                            0x01193359
                                                            0x01193359
                                                            0x0119335e
                                                            0x0119335f
                                                            0x00000000
                                                            0x0119335f
                                                            0x0119333e
                                                            0x01193327
                                                            0x011932e0
                                                            0x011932e6
                                                            0x011932e8
                                                            0x011932ea
                                                            0x011932ef
                                                            0x011932f5
                                                            0x011932f5
                                                            0x011932f7
                                                            0x011932f9
                                                            0x011932f9
                                                            0x011932fe
                                                            0x011932ff
                                                            0x00000000
                                                            0x011932ff
                                                            0x011932de
                                                            0x011932c7
                                                            0x01193191
                                                            0x01193196
                                                            0x011931a3
                                                            0x011931a7
                                                            0x011931bc
                                                            0x011931c0
                                                            0x011931f5
                                                            0x011931f8
                                                            0x011931fa
                                                            0x0119325e
                                                            0x0119325e
                                                            0x01193263
                                                            0x01193299
                                                            0x01193299
                                                            0x00000000
                                                            0x01193265
                                                            0x01193269
                                                            0x0119326e
                                                            0x01193276
                                                            0x01193278
                                                            0x01193278
                                                            0x0119327a
                                                            0x0119328c
                                                            0x0119328e
                                                            0x01193290
                                                            0x01193296
                                                            0x00000000
                                                            0x01193296
                                                            0x01193290
                                                            0x0119327a
                                                            0x011931fc
                                                            0x011931fd
                                                            0x01193209
                                                            0x0119320b
                                                            0x0119320d
                                                            0x0119321c
                                                            0x0119321e
                                                            0x01193220
                                                            0x01193248
                                                            0x0119324b
                                                            0x0119324d
                                                            0x00000000
                                                            0x0119324f
                                                            0x0119324f
                                                            0x01193254
                                                            0x01193255
                                                            0x01193257
                                                            0x00000000
                                                            0x01193257
                                                            0x01193222
                                                            0x01193228
                                                            0x0119322a
                                                            0x0119322c
                                                            0x01193231
                                                            0x01193237
                                                            0x01193237
                                                            0x01193239
                                                            0x0119323b
                                                            0x0119323b
                                                            0x01193240
                                                            0x01193241
                                                            0x00000000
                                                            0x01193241
                                                            0x01193220
                                                            0x0119320d
                                                            0x011931c2
                                                            0x011931c8
                                                            0x011931cc
                                                            0x011931d1
                                                            0x011931d7
                                                            0x011931d7
                                                            0x011931d9
                                                            0x011931db
                                                            0x011931db
                                                            0x011931e0
                                                            0x011931e1
                                                            0x011931e6
                                                            0x011931e6
                                                            0x011931eb
                                                            0x011931eb
                                                            0x011931c0
                                                            0x011931a7
                                                            0x011933b9
                                                            0x011933be
                                                            0x011933be
                                                            0x011933c7
                                                            0x011933cc
                                                            0x011933cc
                                                            0x011933d7

                                                            APIs
                                                            • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000040,00000000,00000000), ref: 011931BC
                                                            • GetLastError.KERNEL32 ref: 011931C2
                                                            • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000000), ref: 0119321C
                                                            • GetLastError.KERNEL32 ref: 01193222
                                                            • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 011932D6
                                                            • GetLastError.KERNEL32 ref: 011932E0
                                                            • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 01193336
                                                            • GetLastError.KERNEL32 ref: 01193340
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
                                                            • String ID: @$@Mqt$c:\agent\_work\66\s\src\libs\dutil\pathutil.cpp
                                                            • API String ID: 1547313835-3106089199
                                                            • Opcode ID: 124f0c6d13f3a18fe0324d8929e336e5c5beb3e132cdc0d4b9a5bc56102ad23f
                                                            • Instruction ID: e0b4bd03724b04191fcb7f5d3c211fa6e0ce195507b1da8503f0d6099c00704e
                                                            • Opcode Fuzzy Hash: 124f0c6d13f3a18fe0324d8929e336e5c5beb3e132cdc0d4b9a5bc56102ad23f
                                                            • Instruction Fuzzy Hash: 4D61A473D5522AABDF299AF48844BDE7A78BF00754F150165EE30BB250E7359F4087D0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A6955 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 55%
                                                            			E011A6955(void* __ecx, void* _a4, signed int* _a8, intOrPtr* _a12) {
				void* _v8;
				void* _t12;
				int _t14;
				signed int _t17;
				void* _t18;
				signed int* _t28;
				signed short _t32;
				signed short _t39;

				_v8 = _v8 | 0xffffffff;
				_t28 = _a8;
				 *_t28 =  *_t28 | 0xffffffff;
				_t12 = GetCurrentProcess();
				_t14 = DuplicateHandle(GetCurrentProcess(), _a4, _t12,  &_v8, 0, 1, 2); // executed
				if(_t14 != 0) {
					_push(_v8);
					_t15 = _a12;
					_push(L"burn.filehandle.attached");
					_t32 = E01192064(_a12, L"%ls -%ls=%u",  *_t15);
					if(_t32 >= 0) {
						_t17 = _v8;
						 *_t28 = _t17;
						_t18 = _t17 | 0xffffffff;
						_v8 = _t18;
					} else {
						_push("Failed to append the file handle to the command line.");
						goto L6;
					}
				} else {
					_t32 = GetLastError();
					if(_t32 > 0) {
						_t32 = _t32 & 0x0000ffff | 0x80070000;
						_t39 = _t32;
					}
					if(_t39 >= 0) {
						_t32 = 0x80004005;
					}
					E011938BA(_t22, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\core.cpp", 0x3dd, _t32);
					_push("Failed to duplicate file handle for attached container.");
					L6:
					_push(_t32);
					E011CFB09();
					_t18 = _v8;
				}
				if(_t18 != 0xffffffff) {
					CloseHandle(_t18);
				}
				return _t32;
			}











                                                            0x011a6959
                                                            0x011a6968
                                                            0x011a6971
                                                            0x011a6975
                                                            0x011a697e
                                                            0x011a6986
                                                            0x011a69c8
                                                            0x011a69cb
                                                            0x011a69ce
                                                            0x011a69e0
                                                            0x011a69e7
                                                            0x011a69f0
                                                            0x011a69f3
                                                            0x011a69f5
                                                            0x011a69f8
                                                            0x011a69e9
                                                            0x011a69e9
                                                            0x00000000
                                                            0x011a69e9
                                                            0x011a6988
                                                            0x011a698e
                                                            0x011a6992
                                                            0x011a6997
                                                            0x011a699d
                                                            0x011a699d
                                                            0x011a699f
                                                            0x011a69a1
                                                            0x011a69a1
                                                            0x011a69b1
                                                            0x011a69b6
                                                            0x011a69bb
                                                            0x011a69bb
                                                            0x011a69bc
                                                            0x011a69c1
                                                            0x011a69c5
                                                            0x011a69fe
                                                            0x011a6a01
                                                            0x011a6a01
                                                            0x011a6a0c

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,?,00000000,?,?,01194E52,?,?), ref: 011A6975
                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?,01194E52,?,?), ref: 011A697B
                                                            • DuplicateHandle.KERNELBASE(00000000,?,?,01194E52,?,?), ref: 011A697E
                                                            • GetLastError.KERNEL32(?,?,01194E52,?,?), ref: 011A6988
                                                            • CloseHandle.KERNEL32(000000FF,?,01194E52,?,?), ref: 011A6A01
                                                            Strings
                                                            • burn.filehandle.attached, xrefs: 011A69CE
                                                            • Failed to duplicate file handle for attached container., xrefs: 011A69B6
                                                            • @Mqt, xrefs: 011A6988
                                                            • %ls -%ls=%u, xrefs: 011A69D5
                                                            • Failed to append the file handle to the command line., xrefs: 011A69E9
                                                            • c:\agent\_work\66\s\src\burn\engine\core.cpp, xrefs: 011A69AC
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                            • String ID: %ls -%ls=%u$@Mqt$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$c:\agent\_work\66\s\src\burn\engine\core.cpp
                                                            • API String ID: 4224961946-1599763772
                                                            • Opcode ID: d6ff72ef7b21ec4b701d5b7f5c4ff54ce83a11727793c58a2b2e9f180120c390
                                                            • Instruction ID: 562365a0804149eda4fd27470051bb515e8fdb47dbd35f963a0b11944ebaf392
                                                            • Opcode Fuzzy Hash: d6ff72ef7b21ec4b701d5b7f5c4ff54ce83a11727793c58a2b2e9f180120c390
                                                            • Instruction Fuzzy Hash: D811B476941626FBCB289AB99D09B8E7FA8AF00A30F154315F921F72D0E7749A01C790
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D0141 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 80%
                                                            			E011D0141(void* _a4, signed int* _a8) {
				void* _v8;
				void _v12;
				long _v16;
				int _t20;
				signed short _t30;
				signed short _t35;

				_t30 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				if(OpenProcessToken(_a4, 8,  &_v8) != 0) {
					_t20 = GetTokenInformation(_v8, 0x14,  &_v12, 4,  &_v16); // executed
					if(_t20 == 0) {
						_t30 = GetLastError();
						if(_t30 > 0) {
							_t30 = _t30 & 0x0000ffff | 0x80070000;
						}
						if(_t30 != 0x80070057) {
							if(_t30 < 0) {
								_push(_t30);
								_push(0x35);
								goto L14;
							}
						} else {
							_t30 = 0;
							 *_a8 = 0;
						}
					} else {
						 *_a8 = 0 | _v12 != 0x00000000;
					}
				} else {
					_t30 = GetLastError();
					if(_t30 > 0) {
						_t30 = _t30 & 0x0000ffff | 0x80070000;
						_t35 = _t30;
					}
					if(_t35 >= 0) {
						_t30 = 0x80004005;
					}
					_push(_t30);
					_push(0x21);
					L14:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\procutil.cpp");
					E011938BA(_t21);
				}
				if(_v8 != 0) {
					FindCloseChangeNotification(_v8); // executed
				}
				return _t30;
			}









                                                            0x011d0154
                                                            0x011d0156
                                                            0x011d0159
                                                            0x011d015c
                                                            0x011d0167
                                                            0x011d019b
                                                            0x011d01a3
                                                            0x011d01ba
                                                            0x011d01be
                                                            0x011d01c3
                                                            0x011d01c3
                                                            0x011d01cf
                                                            0x011d01dc
                                                            0x011d01de
                                                            0x011d01df
                                                            0x00000000
                                                            0x011d01df
                                                            0x011d01d1
                                                            0x011d01d4
                                                            0x011d01d6
                                                            0x011d01d6
                                                            0x011d01a5
                                                            0x011d01b0
                                                            0x011d01b0
                                                            0x011d0169
                                                            0x011d016f
                                                            0x011d0173
                                                            0x011d0178
                                                            0x011d017e
                                                            0x011d017e
                                                            0x011d0180
                                                            0x011d0182
                                                            0x011d0182
                                                            0x011d0187
                                                            0x011d0188
                                                            0x011d01e1
                                                            0x011d01e1
                                                            0x011d01e6
                                                            0x011d01e6
                                                            0x011d01ee
                                                            0x011d01f3
                                                            0x011d01f3
                                                            0x011d01fe

                                                            APIs
                                                            • OpenProcessToken.ADVAPI32(?,00000008,?,011953FA,00000000,?,?,?,?,?,?,?,011A7590,00000000), ref: 011D015F
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,011A7590,00000000), ref: 011D0169
                                                            • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,011A7590,00000000), ref: 011D019B
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,011A7590,00000000), ref: 011D01B4
                                                            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,011A7590,00000000), ref: 011D01F3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastToken$ChangeCloseFindInformationNotificationOpenProcess
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\procutil.cpp
                                                            • API String ID: 3650908616-3090323974
                                                            • Opcode ID: 5916e0142c639992834077676ec9612445157a06235df585ed75a3dd5761fff4
                                                            • Instruction ID: 41efe7012c90c616df2db3a6a7e344c8780a44341da76585ae6b154384ea1669
                                                            • Opcode Fuzzy Hash: 5916e0142c639992834077676ec9612445157a06235df585ed75a3dd5761fff4
                                                            • Instruction Fuzzy Hash: 4421A176D42125FBDB299AA99804A9EBAB8AF18710F024166FE15BB240D374CF40DBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B082C Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 60%
                                                            			E011B082C(union _LARGE_INTEGER* __edx, void* _a4, union _LARGE_INTEGER _a8, intOrPtr _a12) {
				union _LARGE_INTEGER* _v8;
				signed short _v12;
				void* _v16;
				intOrPtr _t32;
				signed short _t36;
				signed int _t37;
				signed short _t41;
				void* _t44;
				union _LARGE_INTEGER _t50;
				signed int _t54;
				union _LARGE_INTEGER* _t55;
				intOrPtr _t60;
				signed short _t63;

				_t54 =  *0x11faa94; // 0x0
				_t63 = 0;
				_v16 = 0;
				_v12 = 0;
				_t60 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t54 * 4)) + 4));
				_t32 = _a12;
				if(_t32 == 0) {
					asm("cdq");
					_t55 = __edx;
					_t50 = _a8.LowPart +  *(_t60 + 8);
					asm("adc ecx, [edi+0xc]");
					L7:
					_v8 = _t55;
					_t36 = E011B1231(__eflags, _t60 + 0x1c, _a4, _t50, _t55,  &_v16, _a12);
					__eflags = _t36;
					if(_t36 == 0) {
						L14:
						_t37 =  *(_t60 + 8);
						_t25 =  &_v16;
						 *_t25 = _v16 - _t37;
						__eflags =  *_t25;
						L15:
						 *(_t60 + 0x30) = _t63;
						if(_t63 >= 0) {
							return _v16;
						} else {
							return _t37 | 0xffffffff;
						}
					}
					_push(_a12);
					_t41 = SetFilePointerEx(_a4, _t50, _v8,  &_v16); // executed
					__eflags = _t41;
					if(_t41 != 0) {
						goto L14;
					}
					_t63 = GetLastError();
					__eflags = _t63;
					if(__eflags > 0) {
						_t63 = _t63 & 0x0000ffff | 0x80070000;
						__eflags = _t63;
					}
					if(__eflags >= 0) {
						_t63 = 0x80004005;
					}
					E011938BA(_t42, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x345, _t63);
					_t37 = E011CFB09(_t63, "Failed to move file pointer 0x%x bytes.", _a8.LowPart);
					goto L15;
				}
				_t44 = _t32 - 1;
				if(_t44 == 0) {
					asm("cdq");
					_t50 = _a8.LowPart;
					_t55 = __edx;
					goto L7;
				}
				if(_t44 == 1) {
					_t55 =  *((intOrPtr*)(_t60 + 0x14));
					asm("adc ecx, [edi+0xc]");
					asm("cdq");
					_t50 =  *((intOrPtr*)(_t60 + 0x10)) +  *(_t60 + 8) + _a8;
					asm("adc ecx, edx");
					goto L7;
				}
				_t63 = 0x80070057;
				_push("Invalid seek type.");
				_push(0x80070057);
				_t37 = E011CFB09();
				goto L15;
			}
















                                                            0x011b0832
                                                            0x011b0844
                                                            0x011b0846
                                                            0x011b0849
                                                            0x011b084c
                                                            0x011b0855
                                                            0x011b0857
                                                            0x011b089d
                                                            0x011b08a0
                                                            0x011b08a2
                                                            0x011b08a5
                                                            0x011b08a8
                                                            0x011b08ae
                                                            0x011b08bb
                                                            0x011b08c0
                                                            0x011b08c2
                                                            0x011b091d
                                                            0x011b091d
                                                            0x011b0920
                                                            0x011b0920
                                                            0x011b0920
                                                            0x011b0923
                                                            0x011b0923
                                                            0x011b092b
                                                            0x011b0936
                                                            0x011b092d
                                                            0x011b0931
                                                            0x011b0931
                                                            0x011b092b
                                                            0x011b08c4
                                                            0x011b08d2
                                                            0x011b08d8
                                                            0x011b08da
                                                            0x00000000
                                                            0x00000000
                                                            0x011b08e2
                                                            0x011b08e4
                                                            0x011b08e6
                                                            0x011b08eb
                                                            0x011b08f1
                                                            0x011b08f1
                                                            0x011b08f3
                                                            0x011b08f5
                                                            0x011b08f5
                                                            0x011b0905
                                                            0x011b0913
                                                            0x00000000
                                                            0x011b0918
                                                            0x011b0859
                                                            0x011b085c
                                                            0x011b0893
                                                            0x011b0894
                                                            0x011b0896
                                                            0x00000000
                                                            0x011b0896
                                                            0x011b0861
                                                            0x011b0883
                                                            0x011b0886
                                                            0x011b0889
                                                            0x011b088a
                                                            0x011b088c
                                                            0x00000000
                                                            0x011b088c
                                                            0x011b0863
                                                            0x011b0868
                                                            0x011b086d
                                                            0x011b086e
                                                            0x00000000

                                                            APIs
                                                            • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 011B08D2
                                                            • GetLastError.KERNEL32(?,?,?), ref: 011B08DC
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 011B0900
                                                            • Invalid seek type., xrefs: 011B0868
                                                            • @Mqt, xrefs: 011B08DC
                                                            • Failed to move file pointer 0x%x bytes., xrefs: 011B090D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID: @Mqt$Failed to move file pointer 0x%x bytes.$Invalid seek type.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 2976181284-2334122363
                                                            • Opcode ID: 1581674800a8055a2772cf652008d88161129de09293caf711c761c7acac0c36
                                                            • Instruction ID: 8834385cf0c93481e6d26e7ab587a5ede5d0b249dc892c3280afc197b088de67
                                                            • Opcode Fuzzy Hash: 1581674800a8055a2772cf652008d88161129de09293caf711c761c7acac0c36
                                                            • Instruction Fuzzy Hash: 1831A371E0051AFFDB18DFA9D884E9EBBB9FF08664B058129F91497200E374EA10CBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D4289 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 98memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 66%
                                                            			E011D4289(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				char _v8;
				char _v12;
				long _v16;
				char _v20;
				long _t18;
				signed short _t21;
				intOrPtr _t31;
				long _t33;
				void* _t34;
				signed short _t35;
				signed short _t41;

				_t35 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_t18 =  &_v8;
				_push(_t18);
				_push(_a4);
				L011D8DD2();
				_t33 = _t18;
				_v16 = _t33;
				if(_t33 != 0) {
					L6:
					_t19 = GlobalAlloc(0, _t33); // executed
					_t34 = _t19;
					__eflags = _t34;
					if(_t34 != 0) {
						_push(_t34);
						_push(_v16);
						_push(_v8);
						_push(_a4);
						L011D8DF3(); // executed
						__eflags = _t19;
						if(_t19 != 0) {
							L14:
							_push( &_v20);
							_t21 =  &_v12;
							_push(_t21);
							_push("\\");
							_push(_t34);
							L011D8E03();
							__eflags = _t21;
							if(_t21 != 0) {
								L19:
								_t31 = _v12;
								 *_a8 =  *((intOrPtr*)(_t31 + 8));
								 *_a12 =  *((intOrPtr*)(_t31 + 0xc));
							} else {
								_t35 = GetLastError();
								__eflags = _t35;
								if(__eflags > 0) {
									_t35 = _t35 & 0x0000ffff | 0x80070000;
									__eflags = _t35;
								}
								if(__eflags >= 0) {
									goto L19;
								} else {
									_push(_t35);
									_push(0x122);
									goto L13;
								}
							}
						} else {
							_t35 = GetLastError();
							__eflags = _t35;
							if(__eflags > 0) {
								_t35 = _t35 & 0x0000ffff | 0x80070000;
								__eflags = _t35;
							}
							if(__eflags >= 0) {
								goto L14;
							} else {
								_push(_t35);
								_push(0x11d);
								L13:
								_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp");
								E011938BA(_t25);
							}
						}
						GlobalFree(_t34);
					} else {
						_t35 = 0x8007000e;
						_push(0x8007000e);
						_push(0x119);
						goto L5;
					}
				} else {
					_t35 = GetLastError();
					if(_t35 > 0) {
						_t35 = _t35 & 0x0000ffff | 0x80070000;
						_t41 = _t35;
					}
					if(_t41 >= 0) {
						goto L6;
					} else {
						_push(_t35);
						_push(0x115);
						L5:
						_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp");
						E011938BA(_t19);
					}
				}
				return _t35;
			}














                                                            0x011d4294
                                                            0x011d4296
                                                            0x011d4299
                                                            0x011d429c
                                                            0x011d429f
                                                            0x011d42a2
                                                            0x011d42a3
                                                            0x011d42a6
                                                            0x011d42b1
                                                            0x011d42b3
                                                            0x011d42b8
                                                            0x011d42e4
                                                            0x011d42e7
                                                            0x011d42ed
                                                            0x011d42ef
                                                            0x011d42f1
                                                            0x011d4300
                                                            0x011d4301
                                                            0x011d4304
                                                            0x011d4307
                                                            0x011d430a
                                                            0x011d430f
                                                            0x011d4311
                                                            0x011d433a
                                                            0x011d433d
                                                            0x011d433e
                                                            0x011d4341
                                                            0x011d4342
                                                            0x011d4347
                                                            0x011d4348
                                                            0x011d434d
                                                            0x011d434f
                                                            0x011d436e
                                                            0x011d436e
                                                            0x011d4377
                                                            0x011d437f
                                                            0x011d4351
                                                            0x011d4353
                                                            0x011d4355
                                                            0x011d4357
                                                            0x011d435c
                                                            0x011d4362
                                                            0x011d4362
                                                            0x011d4364
                                                            0x00000000
                                                            0x011d4366
                                                            0x011d4366
                                                            0x011d4367
                                                            0x00000000
                                                            0x011d4367
                                                            0x011d4364
                                                            0x011d4313
                                                            0x011d4315
                                                            0x011d4317
                                                            0x011d4319
                                                            0x011d431e
                                                            0x011d4324
                                                            0x011d4324
                                                            0x011d4326
                                                            0x00000000
                                                            0x011d4328
                                                            0x011d4328
                                                            0x011d4329
                                                            0x011d432e
                                                            0x011d432e
                                                            0x011d4333
                                                            0x011d4333
                                                            0x011d4326
                                                            0x011d4382
                                                            0x011d42f3
                                                            0x011d42f3
                                                            0x011d42f8
                                                            0x011d42f9
                                                            0x00000000
                                                            0x011d42f9
                                                            0x011d42ba
                                                            0x011d42bc
                                                            0x011d42c0
                                                            0x011d42c5
                                                            0x011d42cb
                                                            0x011d42cb
                                                            0x011d42cd
                                                            0x00000000
                                                            0x011d42cf
                                                            0x011d42cf
                                                            0x011d42d0
                                                            0x011d42d5
                                                            0x011d42d5
                                                            0x011d42da
                                                            0x011d42da
                                                            0x011d42cd
                                                            0x011d438e

                                                            APIs
                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 011D42BA
                                                            • GlobalAlloc.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 011D42E7
                                                            • GetLastError.KERNEL32(?,00000000,?,00000000), ref: 011D4313
                                                            • GetLastError.KERNEL32(00000000,011DA800,?,00000000,?,00000000,?,00000000), ref: 011D4351
                                                            • GlobalFree.KERNEL32 ref: 011D4382
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$Global$AllocFree
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 1145190524-1324176156
                                                            • Opcode ID: fcf02768e5119b9953089758937f14a670b8165e9648acee3f3591fd58c7a499
                                                            • Instruction ID: 74f4138592547ef75f637f1b32dfd44e50812de11521b7425de35a84d2b486b2
                                                            • Opcode Fuzzy Hash: fcf02768e5119b9953089758937f14a670b8165e9648acee3f3591fd58c7a499
                                                            • Instruction Fuzzy Hash: 0B31B437D4523ABBD72A9B9D9840FAFBAB8BF44650F014265ED54E7A40DB30D800C6D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119415F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E0119415F(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8) {
				int _t6;
				long _t8;
				signed int _t9;
				short _t13;
				WCHAR* _t18;
				WCHAR* _t20;
				signed int _t21;
				WCHAR* _t22;
				void* _t23;
				WCHAR* _t24;
				signed short _t25;

				_t22 = _a4;
				_t25 = 0;
				_t6 = CreateDirectoryW(_t22, _a8); // executed
				if(_t6 != 0) {
					L20:
					return _t25;
				}
				_t8 = GetLastError();
				if(_t8 != 0xb7) {
					if(_t8 == 3 || E01194238(_t22, 0) == 0) {
						_t9 =  *_t22 & 0x0000ffff;
						_t20 = _t22;
						_t18 = 0;
						if(_t9 == 0) {
							L18:
							_t25 = 0x80070003;
							E011938BA(_t9, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dirutil.cpp", 0x72, 0x80070003);
							goto L19;
						} else {
							_t21 = _t9;
							_t23 = 0x5c;
							do {
								if(_t21 == _t23) {
									_t18 = _t20;
								}
								_t20 =  &(_t20[1]);
								_t9 =  *_t20 & 0x0000ffff;
								_t21 = _t9;
							} while (_t9 != 0);
							_t24 = _a4;
							if(_t18 == 0) {
								goto L18;
							}
							 *_t18 = 0;
							_t25 = E0119415F(_t24, _a8);
							_t13 = 0x5c;
							 *_t18 = _t13;
							if(_t25 >= 0) {
								if(CreateDirectoryW(_t24, _a8) != 0) {
									_t25 = 0;
								} else {
									_t25 = GetLastError();
									if(_t25 != 0xb7) {
										if(_t25 > 0) {
											_t25 = _t25 & 0x0000ffff | 0x80070000;
										}
									} else {
										_t25 = 1;
									}
								}
							}
							L19:
							goto L20;
						}
					} else {
						goto L2;
					}
				}
				L2:
				_t25 = 0;
				goto L20;
			}














                                                            0x01194167
                                                            0x0119416a
                                                            0x0119416d
                                                            0x01194175
                                                            0x01194231
                                                            0x01194235
                                                            0x01194235
                                                            0x0119417b
                                                            0x01194186
                                                            0x01194192
                                                            0x011941a0
                                                            0x011941a3
                                                            0x011941a6
                                                            0x011941ab
                                                            0x0119421d
                                                            0x0119421d
                                                            0x0119422a
                                                            0x00000000
                                                            0x011941ad
                                                            0x011941af
                                                            0x011941b1
                                                            0x011941b2
                                                            0x011941b5
                                                            0x011941b7
                                                            0x011941b7
                                                            0x011941b9
                                                            0x011941bc
                                                            0x011941bf
                                                            0x011941c1
                                                            0x011941c6
                                                            0x011941cb
                                                            0x00000000
                                                            0x00000000
                                                            0x011941d3
                                                            0x011941db
                                                            0x011941df
                                                            0x011941e0
                                                            0x011941e5
                                                            0x011941f3
                                                            0x01194219
                                                            0x011941f5
                                                            0x011941fb
                                                            0x01194203
                                                            0x0119420c
                                                            0x01194211
                                                            0x01194211
                                                            0x01194205
                                                            0x01194207
                                                            0x01194207
                                                            0x01194203
                                                            0x011941f3
                                                            0x0119422f
                                                            0x00000000
                                                            0x0119422f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01194192
                                                            0x01194188
                                                            0x01194188
                                                            0x00000000

                                                            APIs
                                                            • CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,011A9FBC,00000000,00000000,?,00000000,011953FA,00000000,?,?,0119D567,?), ref: 0119416D
                                                            • GetLastError.KERNEL32(?,011A9FBC,00000000,00000000,?,00000000,011953FA,00000000,?,?,0119D567,?,00000000,00000000), ref: 0119417B
                                                            • CreateDirectoryW.KERNEL32(?,840F01E8,011954C6,?,011A9FBC,00000000,00000000,?,00000000,011953FA,00000000,?,?,0119D567,?,00000000), ref: 011941EB
                                                            • GetLastError.KERNEL32(?,011A9FBC,00000000,00000000,?,00000000,011953FA,00000000,?,?,0119D567,?,00000000,00000000), ref: 011941F5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectoryErrorLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                            • API String ID: 1375471231-1593865099
                                                            • Opcode ID: 7e5d06be803ddf334143c32b0c2d94d61923c124126651bed81a42018a78d077
                                                            • Instruction ID: 2966e4c0fef11f9ed0996576fa4fa43f6dd3cada8479cfe373d572bb9eb1f7b5
                                                            • Opcode Fuzzy Hash: 7e5d06be803ddf334143c32b0c2d94d61923c124126651bed81a42018a78d077
                                                            • Instruction Fuzzy Hash: 40212636741231A7EF3E1AA97E40B3BBAA5FF55A61F024075EE24EB600D324984392D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011956E2 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 78COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 57%
                                                            			E011956E2(void* __ecx, intOrPtr _a4, short* _a8, intOrPtr* _a12) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _t17;
				signed int _t18;
				int _t21;
				void* _t22;
				void* _t23;
				signed int _t25;
				signed short _t32;
				intOrPtr _t36;
				unsigned int _t42;
				signed short _t45;

				_t36 = _a4;
				_t42 =  *(_t36 + 0x1c);
				_t45 = 0;
				_t32 = 0;
				if(_t42 == 0) {
					L14:
					_t45 = 1;
					__eflags = 1;
					 *_a12 = _t32;
				} else {
					while(1) {
						_t17 = _t42 >> 1;
						_v8 = _t17;
						_t18 = _t17 + _t32;
						_v12 = _t18;
						_t21 = CompareStringW(0x7f, 0x1000, _a8, 0xffffffff,  *(_t18 * 0x38 +  *((intOrPtr*)(_t36 + 0x20))), 0xffffffff); // executed
						_t22 = _t21 - 1;
						if(_t22 == 0) {
							goto L5;
						}
						_t23 = _t22 - 1;
						if(_t23 == 0) {
							 *_a12 = _v8 + _t32;
						} else {
							_t25 = _t23 - 1;
							if(_t25 != 0) {
								_t45 = GetLastError();
								__eflags = _t45;
								if(__eflags > 0) {
									_t45 = _t45 & 0x0000ffff | 0x80070000;
									__eflags = _t45;
								}
								if(__eflags >= 0) {
									_t45 = 0x80004005;
								}
								E011938BA(_t26, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x5a5, _t45);
								_push("Failed to compare strings.");
								_push(_t45);
								E011CFB09();
							} else {
								_t32 = _v12 + 1;
								_t42 = _t42 + (_t25 | 0xffffffff) - _v8;
								L6:
								if(_t42 == 0) {
									goto L14;
								} else {
									_t36 = _a4;
									continue;
								}
							}
						}
						goto L15;
						L5:
						_t42 = _v8;
						goto L6;
					}
				}
				L15:
				return _t45;
			}















                                                            0x011956e7
                                                            0x011956ed
                                                            0x011956f0
                                                            0x011956f2
                                                            0x011956f6
                                                            0x01195796
                                                            0x0119579b
                                                            0x0119579b
                                                            0x0119579c
                                                            0x00000000
                                                            0x011956fc
                                                            0x011956fe
                                                            0x01195700
                                                            0x01195703
                                                            0x01195705
                                                            0x0119571e
                                                            0x01195724
                                                            0x01195727
                                                            0x00000000
                                                            0x00000000
                                                            0x01195729
                                                            0x0119572c
                                                            0x01195792
                                                            0x0119572e
                                                            0x0119572e
                                                            0x01195731
                                                            0x01195753
                                                            0x01195755
                                                            0x01195757
                                                            0x0119575c
                                                            0x01195762
                                                            0x01195762
                                                            0x01195764
                                                            0x01195766
                                                            0x01195766
                                                            0x01195776
                                                            0x0119577b
                                                            0x01195780
                                                            0x01195781
                                                            0x01195733
                                                            0x0119573c
                                                            0x0119573d
                                                            0x01195744
                                                            0x01195746
                                                            0x00000000
                                                            0x01195748
                                                            0x01195748
                                                            0x00000000
                                                            0x01195748
                                                            0x01195746
                                                            0x01195731
                                                            0x00000000
                                                            0x01195741
                                                            0x01195741
                                                            0x00000000
                                                            0x01195741
                                                            0x011956fc
                                                            0x0119579e
                                                            0x011957a4

                                                            APIs
                                                            • CompareStringW.KERNELBASE(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,011965B1,011965B1,?,01195678,?,?,00000000), ref: 0119571E
                                                            • GetLastError.KERNEL32(?,01195678,?,?,00000000,?,?,011965B1,?,01197F03,?,?,?,?,?), ref: 0119574D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareErrorLastString
                                                            • String ID: @Mqt$Failed to compare strings.$c:\agent\_work\66\s\src\burn\engine\variable.cpp$version.dll
                                                            • API String ID: 1733990998-930407590
                                                            • Opcode ID: bd8fc83ee468b633b7a6f949aa7cdc56d07d11d32fe85510072ff41c823c6d17
                                                            • Instruction ID: 48dbdc70fc8d36da9fc8b20ae7188581166f95fde2db673809ae22f7c2a030d3
                                                            • Opcode Fuzzy Hash: bd8fc83ee468b633b7a6f949aa7cdc56d07d11d32fe85510072ff41c823c6d17
                                                            • Instruction Fuzzy Hash: 0D21FC37605515EBDB1E8F6CCD44A5D7BB6AF05A70B65031AE931BB380D730DA0187A0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A6A0F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E011A6A0F(WCHAR* _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				struct _SECURITY_ATTRIBUTES _v16;
				void* _t10;
				void** _t18;
				void* _t21;
				void* _t22;

				_t18 = _a8;
				_t22 = 0;
				_v16.bInheritHandle = 1;
				 *_t18 =  *_t18 | 0xffffffff;
				_v16.nLength = 0;
				_v16.lpSecurityDescriptor = 0;
				_t10 = CreateFileW(_a4, 0x80000000, 5,  &_v16, 3, 0x80, 0); // executed
				_t21 = _t10;
				if(_t21 == 0xffffffff) {
					L10:
					return _t22;
				}
				_push(_t21);
				_push(L"burn.filehandle.self");
				_t22 = E01192064(_a12, L"%ls -%ls=%u",  *_a12);
				if(_t22 >= 0) {
					_t14 = _a16;
					if(_a16 == 0) {
						L7:
						 *_t18 = _t21;
						_t21 = _t21 | 0xffffffff;
						L8:
						if(_t21 != 0xffffffff) {
							CloseHandle(_t21);
						}
						goto L10;
					}
					_push(_t21);
					_push(L"burn.filehandle.self");
					_t22 = E01192022(_t14, L"%ls -%ls=%u",  *_t14);
					if(_t22 >= 0) {
						goto L7;
					}
					_push("Failed to append the file handle to the obfuscated command line.");
					L3:
					_push(_t22);
					E011CFB09();
					goto L8;
				}
				_push("Failed to append the file handle to the command line.");
				goto L3;
			}








                                                            0x011a6a16
                                                            0x011a6a1e
                                                            0x011a6a20
                                                            0x011a6a27
                                                            0x011a6a3d
                                                            0x011a6a40
                                                            0x011a6a43
                                                            0x011a6a49
                                                            0x011a6a4e
                                                            0x011a6aba
                                                            0x011a6abf
                                                            0x011a6abf
                                                            0x011a6a53
                                                            0x011a6a54
                                                            0x011a6a66
                                                            0x011a6a6d
                                                            0x011a6a7e
                                                            0x011a6a83
                                                            0x011a6aa8
                                                            0x011a6aa8
                                                            0x011a6aaa
                                                            0x011a6aad
                                                            0x011a6ab0
                                                            0x011a6ab3
                                                            0x011a6ab3
                                                            0x00000000
                                                            0x011a6ab0
                                                            0x011a6a85
                                                            0x011a6a86
                                                            0x011a6a98
                                                            0x011a6a9f
                                                            0x00000000
                                                            0x00000000
                                                            0x011a6aa1
                                                            0x011a6a74
                                                            0x011a6a74
                                                            0x011a6a75
                                                            0x00000000
                                                            0x011a6a7b
                                                            0x011a6a6f
                                                            0x00000000

                                                            APIs
                                                            • CreateFileW.KERNELBASE(?,80000000,00000005,?,00000003,00000080,00000000,?,00000000,?,?,?), ref: 011A6A43
                                                            • CloseHandle.KERNEL32(00000000), ref: 011A6AB3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateFileHandle
                                                            • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self
                                                            • API String ID: 3498533004-3263533295
                                                            • Opcode ID: d9c96d6c1924d4d2dc9cdaae8a8b0864d6d5d0ce05050d38b10e963ea07d5c7d
                                                            • Instruction ID: ed3e619d19041e4017fb9cd964068de7a0bf7b1b990adf5aff260e7f4c29cb0d
                                                            • Opcode Fuzzy Hash: d9c96d6c1924d4d2dc9cdaae8a8b0864d6d5d0ce05050d38b10e963ea07d5c7d
                                                            • Instruction Fuzzy Hash: D211C835A41215BBCB299AAA9C09F5F3FE8AF41A30F158315FA21E72D1D3B44511C791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D2DC7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CoInitialize.OLE32(00000000), ref: 011D2DD6
                                                            • InterlockedIncrement.KERNEL32(011FB69C), ref: 011D2DF3
                                                            • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,011FB688,?,?,?,?,?,?), ref: 011D2E0E
                                                            • CLSIDFromProgID.OLE32(MSXML.DOMDocument,011FB688,?,?,?,?,?,?), ref: 011D2E1A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FromProg$IncrementInitializeInterlocked
                                                            • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                            • API String ID: 2109125048-2356320334
                                                            • Opcode ID: c8c2cd1cf64260faaf6c3bb63e65eaf59ccff43bece5299dcac6e3b46b11c39b
                                                            • Instruction ID: 536a7e353cac460ca3a8f27a2629c17b1563cfa0f2508a3569530f1c01fb338f
                                                            • Opcode Fuzzy Hash: c8c2cd1cf64260faaf6c3bb63e65eaf59ccff43bece5299dcac6e3b46b11c39b
                                                            • Instruction Fuzzy Hash: B0F0E53074A135ABD73E4A67FD08F4B2E6ADF81B61F40002CEA62D6004C7B0C4818BB4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D3709 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E011D3709(long __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr* _a20) {
				signed int _v8;
				void _v4104;
				long _v4108;
				intOrPtr _v4116;
				void* _v4120;
				intOrPtr _v4124;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				long _t35;
				int _t37;
				long _t42;
				long _t44;
				intOrPtr* _t46;
				void* _t47;
				intOrPtr _t52;
				long _t53;
				intOrPtr _t55;
				void* _t56;
				void* _t59;
				signed int _t61;
				void* _t68;

				_t53 = __edx;
				E011D9760();
				_t30 =  *0x11fa008; // 0x295f764a
				_v8 = _t30 ^ _t61;
				_t46 = _a20;
				_t58 = 0;
				_v4120 = _a4;
				_t55 = 0;
				_v4124 = _a8;
				_v4116 = 0;
				do {
					if(_a12 != 0 || _a16 != 0) {
						_t53 = _a16;
						_t35 = _a12 - _t55;
						asm("sbb edx, ecx");
						__eflags = _t53;
						if(__eflags < 0) {
							L8:
							_v4108 = _t53;
							goto L9;
						}
						if(__eflags > 0) {
							L7:
							_v4108 = _v4108 & 0x00000000;
							_t35 = 0x1000;
							goto L9;
						}
						__eflags = _t35 - 0x1000;
						if(_t35 <= 0x1000) {
							goto L8;
						}
						goto L7;
					} else {
						_t35 = 0x1000;
						L9:
						_v4108 = _t35;
						_t37 = ReadFile(_v4120,  &_v4104, _t35,  &_v4108, 0); // executed
						if(_t37 == 0) {
							_t58 = GetLastError();
							__eflags = _t58;
							if(__eflags > 0) {
								__eflags = _t58;
							}
							if(__eflags >= 0) {
								_t58 = 0x80004005;
							}
							E011938BA(_t38, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x40f, _t58);
							L24:
							_pop(_t56);
							_pop(_t59);
							_pop(_t47);
							return E011BDD1F(_t47, _v8 ^ _t61, _t53, _t56, _t59);
						}
						_t42 = _v4108;
						if(_t42 == 0) {
							goto L13;
						}
						_t44 = E011D4650( &_v4108, _v4124,  &_v4104, _t42); // executed
						_t58 = _t44;
						if(_t44 < 0) {
							goto L24;
						}
						_t42 = _v4108;
					}
					L13:
					_t52 = _v4116;
					_t55 = _t55 + _t42;
					asm("adc ecx, 0x0");
					_v4116 = _t52;
					_t68 = _t52 - _a16;
				} while (_t68 <= 0 && (_t68 < 0 || _t55 < _a12) && _t42 != 0);
				if(_t46 != 0) {
					 *_t46 = _t55;
					 *((intOrPtr*)(_t46 + 4)) = _t52;
				}
				goto L24;
			}


























                                                            0x011d3709
                                                            0x011d3711
                                                            0x011d3716
                                                            0x011d371d
                                                            0x011d3724
                                                            0x011d3729
                                                            0x011d372b
                                                            0x011d3734
                                                            0x011d3738
                                                            0x011d373e
                                                            0x011d3744
                                                            0x011d3748
                                                            0x011d375a
                                                            0x011d375d
                                                            0x011d375f
                                                            0x011d3761
                                                            0x011d3763
                                                            0x011d377c
                                                            0x011d377c
                                                            0x00000000
                                                            0x011d377c
                                                            0x011d3765
                                                            0x011d376e
                                                            0x011d376e
                                                            0x011d3775
                                                            0x00000000
                                                            0x011d3775
                                                            0x011d3767
                                                            0x011d376c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d3750
                                                            0x011d3750
                                                            0x011d3782
                                                            0x011d378a
                                                            0x011d379f
                                                            0x011d37a7
                                                            0x011d3808
                                                            0x011d380a
                                                            0x011d380c
                                                            0x011d3817
                                                            0x011d3817
                                                            0x011d3819
                                                            0x011d381b
                                                            0x011d381b
                                                            0x011d382b
                                                            0x011d3830
                                                            0x011d3835
                                                            0x011d3836
                                                            0x011d3839
                                                            0x011d3840
                                                            0x011d3840
                                                            0x011d37a9
                                                            0x011d37b1
                                                            0x00000000
                                                            0x00000000
                                                            0x011d37c1
                                                            0x011d37c6
                                                            0x011d37ca
                                                            0x00000000
                                                            0x00000000
                                                            0x011d37cc
                                                            0x011d37cc
                                                            0x011d37d2
                                                            0x011d37d2
                                                            0x011d37d8
                                                            0x011d37da
                                                            0x011d37dd
                                                            0x011d37e3
                                                            0x011d37e3
                                                            0x011d37f9
                                                            0x011d37fb
                                                            0x011d37fd
                                                            0x011d37fd
                                                            0x00000000

                                                            APIs
                                                            • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 011D379F
                                                            • GetLastError.KERNEL32 ref: 011D3802
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastRead
                                                            • String ID: @Mqt$Jv_)$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 1948546556-2036765634
                                                            • Opcode ID: 4a726e693703580703d64f5a039babfba456b196b14cac99b20b220908f76719
                                                            • Instruction ID: d8d3557c8acdbaf474b78606c593f1204ade4b74dc9373698edde8f38674efe7
                                                            • Opcode Fuzzy Hash: 4a726e693703580703d64f5a039babfba456b196b14cac99b20b220908f76719
                                                            • Instruction Fuzzy Hash: C83193F2E106A99BDB29CF18CC407DA77A4FF08751F0141AAE969E7240D7B4DDC48B92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D2B5D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 54%
                                                            			E011D2B5D(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v20;
				char _v28;
				intOrPtr* _t23;
				void* _t24;
				signed int _t33;
				void* _t35;
				intOrPtr* _t38;
				intOrPtr* _t39;
				void* _t43;
				void* _t44;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t43 = 0;
				__imp__#8( &_v28);
				_t23 = _a4;
				_t24 =  *((intOrPtr*)( *_t23 + 0x44))(_t23,  &_v8);
				_t44 = _t24;
				if(_t44 < 0) {
					L9:
					_t38 = _v8;
					if(_t38 != 0) {
						 *((intOrPtr*)( *_t38 + 8))(_t38);
					}
					_t39 = _v12;
					if(_t39 != 0) {
						 *((intOrPtr*)( *_t39 + 8))(_t39);
					}
					__imp__#9( &_v28);
					if(_t43 != 0) {
						__imp__#6(_t43);
					}
					return _t44;
				}
				__imp__#2(_a8);
				_t43 = _t24;
				if(_t43 != 0) {
					_t44 = E011D2CFC( &_v12, _v8, _t43,  &_v12);
					if(_t44 != 1) {
						if(_t44 < 0) {
							goto L9;
						}
						_t33 = _v12;
						_t44 =  *((intOrPtr*)( *_t33 + 0x20))(_t33,  &_v28);
						if(_t44 == 1) {
							goto L4;
						}
						if(_t44 >= 0) {
							_t35 = E0119229E(_a12, _v20, 0); // executed
							_t44 = _t35;
						}
						goto L9;
					}
					L4:
					_t44 = 0x80070490;
					goto L9;
				}
				_t44 = 0x8007000e;
				E011938BA(_t24, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x2a6, 0x8007000e);
				goto L9;
			}















                                                            0x011d2b63
                                                            0x011d2b6a
                                                            0x011d2b71
                                                            0x011d2b73
                                                            0x011d2b79
                                                            0x011d2b83
                                                            0x011d2b86
                                                            0x011d2b8a
                                                            0x011d2bf8
                                                            0x011d2bf8
                                                            0x011d2bfd
                                                            0x011d2c02
                                                            0x011d2c02
                                                            0x011d2c05
                                                            0x011d2c0a
                                                            0x011d2c0f
                                                            0x011d2c0f
                                                            0x011d2c16
                                                            0x011d2c1e
                                                            0x011d2c21
                                                            0x011d2c21
                                                            0x011d2c2c
                                                            0x011d2c2c
                                                            0x011d2b8f
                                                            0x011d2b95
                                                            0x011d2b99
                                                            0x011d2bbf
                                                            0x011d2bc4
                                                            0x011d2bcf
                                                            0x00000000
                                                            0x00000000
                                                            0x011d2bd1
                                                            0x011d2bde
                                                            0x011d2be3
                                                            0x00000000
                                                            0x00000000
                                                            0x011d2be7
                                                            0x011d2bf1
                                                            0x011d2bf6
                                                            0x011d2bf6
                                                            0x00000000
                                                            0x011d2be7
                                                            0x011d2bc6
                                                            0x011d2bc6
                                                            0x00000000
                                                            0x011d2bc6
                                                            0x011d2b9b
                                                            0x011d2bab
                                                            0x00000000

                                                            APIs
                                                            • VariantInit.OLEAUT32(?), ref: 011D2B73
                                                            • SysAllocString.OLEAUT32(?), ref: 011D2B8F
                                                            • VariantClear.OLEAUT32(?), ref: 011D2C16
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D2C21
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp, xrefs: 011D2BA6
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: StringVariant$AllocClearFreeInit
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 760788290-3017383397
                                                            • Opcode ID: e111cdb1b7293317e135536e1d7a5aa6c23e131e8b56b1fd5b7a56df9c2d9d55
                                                            • Instruction ID: 1fb4dfe5a0961fdead8657e59e2efa03dcef1c735026c2f5ef1fc38d2534c1d1
                                                            • Opcode Fuzzy Hash: e111cdb1b7293317e135536e1d7a5aa6c23e131e8b56b1fd5b7a56df9c2d9d55
                                                            • Instruction Fuzzy Hash: D321F736901115FFCB29DFA8C848EAEBBB9EF44715F110168F921AB210CB71DD41DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011938D1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 79libraryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011938D1(void* __edx, intOrPtr _a4, struct HINSTANCE__** _a8, intOrPtr _a12) {
				signed int _v8;
				short _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				signed int _t20;
				long _t22;
				struct HINSTANCE__* _t26;
				long _t31;
				struct HINSTANCE__** _t32;
				void* _t33;
				void* _t36;
				intOrPtr _t37;
				signed int _t41;
				long _t46;

				_t36 = __edx;
				_t15 =  *0x11fa008; // 0x295f764a
				_v8 = _t15 ^ _t41;
				_t32 = _a8;
				_t37 = _a12;
				E011BF600(_t37,  &_v528, 0, 0x208);
				_t38 = 0x104;
				_t20 = GetSystemDirectoryW( &_v528, 0x104);
				if(_t20 != 0) {
					_t33 = 0x5c;
					if(_t33 ==  *((intOrPtr*)(_t41 + _t20 * 2 - 0x20e))) {
						L8:
						_t22 = E0119379B(_t33,  &_v528, _t38, _a4);
						_t39 = _t22;
						if(_t22 < 0) {
							L12:
							return E011BDD1F(_t32, _v8 ^ _t41, _t36, _t37, _t39);
						}
						_t26 = LoadLibraryW( &_v528); // executed
						 *_t32 = _t26;
						if(_t26 == 0) {
							goto L1;
						}
						if(_t37 != 0) {
							_t39 = E0119229E(_t37,  &_v528, 0x104);
						}
						goto L12;
					}
					_t31 = E0119374E(_t33,  &_v528, 0x104, "\\", 1);
					_t39 = _t31;
					if(_t31 < 0) {
						goto L12;
					}
					_t38 = 0x104;
					goto L8;
				}
				L1:
				_t39 = GetLastError();
				if(_t39 > 0) {
					_t46 = _t39;
				}
				if(_t46 >= 0) {
					_t39 = 0x80004005;
				}
				goto L12;
			}



















                                                            0x011938d1
                                                            0x011938da
                                                            0x011938e1
                                                            0x011938e5
                                                            0x011938f0
                                                            0x011938fb
                                                            0x01193909
                                                            0x01193910
                                                            0x01193918
                                                            0x0119393c
                                                            0x01193945
                                                            0x01193966
                                                            0x01193971
                                                            0x01193976
                                                            0x0119397a
                                                            0x011939a7
                                                            0x011939b7
                                                            0x011939b7
                                                            0x01193983
                                                            0x01193989
                                                            0x0119398d
                                                            0x00000000
                                                            0x00000000
                                                            0x01193991
                                                            0x011939a5
                                                            0x011939a5
                                                            0x00000000
                                                            0x01193991
                                                            0x01193956
                                                            0x0119395b
                                                            0x0119395f
                                                            0x00000000
                                                            0x00000000
                                                            0x01193961
                                                            0x00000000
                                                            0x01193961
                                                            0x0119391a
                                                            0x01193920
                                                            0x01193924
                                                            0x0119392f
                                                            0x0119392f
                                                            0x01193931
                                                            0x01193933
                                                            0x01193933
                                                            0x00000000

                                                            APIs
                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 01193910
                                                            • GetLastError.KERNEL32 ref: 0119391A
                                                            • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 01193983
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: DirectoryErrorLastLibraryLoadSystem
                                                            • String ID: @Mqt$Jv_)
                                                            • API String ID: 1230559179-3215632469
                                                            • Opcode ID: a4696fb1d7643696e2290c13a997501d49ead902b364f586b2a33e53889336a6
                                                            • Instruction ID: 936401e274bc2fdcbb33721c4b7b67895b5aa93f0b86558caef9f01551d2a105
                                                            • Opcode Fuzzy Hash: a4696fb1d7643696e2290c13a997501d49ead902b364f586b2a33e53889336a6
                                                            • Instruction Fuzzy Hash: F721F5B6D1232967DF28DBB89C49F9A77A8AF00754F110265AE34F7240E730DD408790
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B0797 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E011B0797(void* __eflags, void* _a4, void* _a8, long _a12) {
				long _v8;
				signed int _t19;
				signed int _t25;
				intOrPtr _t29;
				signed short _t32;
				signed short _t38;

				_t25 =  *0x11faa94; // 0x0
				_t32 = 0;
				_v8 = 0;
				_t29 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t25 * 4)) + 4));
				E011B11B1(__eflags, _t29 + 0x1c, _a4, _a12); // executed
				_t19 = ReadFile(_a4, _a8, _a12,  &_v8, 0); // executed
				if(_t19 == 0) {
					_t32 = GetLastError();
					if(_t32 > 0) {
						_t32 = _t32 & 0x0000ffff | 0x80070000;
						_t38 = _t32;
					}
					if(_t38 >= 0) {
						_t32 = 0x80004005;
					}
					E011938BA(_t22, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x2ec, _t32);
					_push("Failed to read during cabinet extraction.");
					_push(_t32);
					_t19 = E011CFB09();
				}
				 *(_t29 + 0x30) = _t32;
				if(_t32 >= 0) {
					return _v8;
				} else {
					return _t19 | 0xffffffff;
				}
			}









                                                            0x011b079b
                                                            0x011b07af
                                                            0x011b07b4
                                                            0x011b07b7
                                                            0x011b07c1
                                                            0x011b07d4
                                                            0x011b07dc
                                                            0x011b07e4
                                                            0x011b07e8
                                                            0x011b07ed
                                                            0x011b07f3
                                                            0x011b07f3
                                                            0x011b07f5
                                                            0x011b07f7
                                                            0x011b07f7
                                                            0x011b0807
                                                            0x011b080c
                                                            0x011b0811
                                                            0x011b0812
                                                            0x011b0818
                                                            0x011b0819
                                                            0x011b0820
                                                            0x011b082b
                                                            0x011b0822
                                                            0x011b0826
                                                            0x011b0826

                                                            APIs
                                                              • Part of subcall function 011B11B1: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,011B07C6,?,?,?), ref: 011B11D9
                                                              • Part of subcall function 011B11B1: GetLastError.KERNEL32(?,011B07C6,?,?,?), ref: 011B11E3
                                                            • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 011B07D4
                                                            • GetLastError.KERNEL32 ref: 011B07DE
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 011B0802
                                                            • @Mqt, xrefs: 011B07DE
                                                            • Failed to read during cabinet extraction., xrefs: 011B080C
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLast$PointerRead
                                                            • String ID: @Mqt$Failed to read during cabinet extraction.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 2170121939-422264233
                                                            • Opcode ID: 01833e3b4e32dff2a684accdffb91f5cb7659bed20ef2e63362a8974bc090f40
                                                            • Instruction ID: f896daac81005d401a3cf4cef1a8b896b984b41131bf79a3cc44aaff73a0da54
                                                            • Opcode Fuzzy Hash: 01833e3b4e32dff2a684accdffb91f5cb7659bed20ef2e63362a8974bc090f40
                                                            • Instruction Fuzzy Hash: C4018236A4166ABBCB29DFA5E944ECB7BA8FF08B64B010128FD14A7240D734D9108BD4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B11B1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E011B11B1(void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				int _t11;
				void* _t18;
				signed short _t19;
				signed short _t25;

				_t19 = 0x80070490;
				_t18 = E011B1188(_a4, _a8);
				if(_t18 != 0) {
					_t19 = 0;
					_push(0);
					_t11 = SetFilePointerEx(_a8,  *(_t18 + 8),  *(_t18 + 0xc), 0); // executed
					if(_t11 != 0) {
						 *(_t18 + 8) =  *(_t18 + 8) + _a12;
						asm("adc [edi+0xc], esi");
					} else {
						_t19 = GetLastError();
						if(_t19 > 0) {
							_t19 = _t19 & 0x0000ffff | 0x80070000;
							_t25 = _t19;
						}
						if(_t25 >= 0) {
							_t19 = 0x80004005;
						}
						E011938BA(_t12, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x37e, _t19);
						_push("Failed to move to virtual file pointer.");
						_push(_t19);
						E011CFB09();
					}
				}
				return _t19;
			}







                                                            0x011b11b9
                                                            0x011b11c6
                                                            0x011b11ca
                                                            0x011b11cc
                                                            0x011b11ce
                                                            0x011b11d9
                                                            0x011b11e1
                                                            0x011b1223
                                                            0x011b1226
                                                            0x011b11e3
                                                            0x011b11e9
                                                            0x011b11ed
                                                            0x011b11f2
                                                            0x011b11f8
                                                            0x011b11f8
                                                            0x011b11fa
                                                            0x011b11fc
                                                            0x011b11fc
                                                            0x011b120c
                                                            0x011b1211
                                                            0x011b1216
                                                            0x011b1217
                                                            0x011b121d
                                                            0x011b11e1
                                                            0x011b122e

                                                            APIs
                                                            • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,011B07C6,?,?,?), ref: 011B11D9
                                                            • GetLastError.KERNEL32(?,011B07C6,?,?,?), ref: 011B11E3
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 011B1207
                                                            • Failed to move to virtual file pointer., xrefs: 011B1211
                                                            • @Mqt, xrefs: 011B11E3
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID: @Mqt$Failed to move to virtual file pointer.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 2976181284-307820024
                                                            • Opcode ID: 07304490c38d52413417a512baf3d271b92ef23b0ee4ef6f9f2f7d0d0562b986
                                                            • Instruction ID: 19fd25406ca8536a9d9cd62984eb4214e255995ff2f220a46e9ddb13a7909501
                                                            • Opcode Fuzzy Hash: 07304490c38d52413417a512baf3d271b92ef23b0ee4ef6f9f2f7d0d0562b986
                                                            • Instruction Fuzzy Hash: 6001F73390153BB7C7291A9ABC18ECBBF29FF10A707128129FD18A7100D726D81087D0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D4650 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011D4650(void* __ecx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				int _t14;
				intOrPtr _t19;
				void* _t23;
				signed short _t26;
				signed short _t32;

				_t19 = _a8;
				_t26 = 0;
				_v8 = _v8 & 0;
				_t23 = 0;
				do {
					_t14 = WriteFile(_a4, _t23 + _t19, _a12 - _t23,  &_v8, 0); // executed
					if(_t14 != 0) {
						goto L5;
					} else {
						_t26 = GetLastError();
						if(_t26 > 0) {
							_t26 = _t26 & 0x0000ffff | 0x80070000;
							_t32 = _t26;
						}
						if(_t32 < 0) {
							E011938BA(_t16, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x3ef, _t26);
						} else {
							goto L5;
						}
					}
					L8:
					return _t26;
					L5:
					_t23 = _t23 + _v8;
				} while (_t23 < _a12);
				goto L8;
			}









                                                            0x011d4655
                                                            0x011d4659
                                                            0x011d465b
                                                            0x011d465f
                                                            0x011d4661
                                                            0x011d4674
                                                            0x011d467c
                                                            0x00000000
                                                            0x011d467e
                                                            0x011d4684
                                                            0x011d4688
                                                            0x011d468d
                                                            0x011d4693
                                                            0x011d4693
                                                            0x011d4695
                                                            0x011d46ac
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d4695
                                                            0x011d46b1
                                                            0x011d46b7
                                                            0x011d4697
                                                            0x011d4697
                                                            0x011d469a
                                                            0x00000000

                                                            APIs
                                                            • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,011D37C6,?,?,?), ref: 011D4674
                                                            • GetLastError.KERNEL32(?,?,011D37C6,?,?,?), ref: 011D467E
                                                            Strings
                                                            • @Mqt, xrefs: 011D467E
                                                            • c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp, xrefs: 011D46A7
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastWrite
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 442123175-1324176156
                                                            • Opcode ID: 9904d1890b905d3a130b22505cb4a47130070e5205cfd8d9b5bbcab39f19cdf1
                                                            • Instruction ID: 271c056be41c2a173923b352da7a2ca5925e5d77b53e43916d6c5bbccfe21e8a
                                                            • Opcode Fuzzy Hash: 9904d1890b905d3a130b22505cb4a47130070e5205cfd8d9b5bbcab39f19cdf1
                                                            • Instruction Fuzzy Hash: 18F08133A01129FBD725CE9ACD44EDFBBADBB40661F010125BE15EB900E770E91086E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D412E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 92%
                                                            			E011D412E(void* __ecx, void* _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				void* _v12;
				int _t11;
				intOrPtr* _t12;
				signed short _t20;
				signed short _t25;

				_push(_a20);
				_t20 = 0;
				_t11 = SetFilePointerEx(_a4, _a8, _a12,  &_v12); // executed
				if(_t11 != 0) {
					_t12 = _a16;
					if(_t12 != 0) {
						 *_t12 = _v12;
						 *((intOrPtr*)(_t12 + 4)) = _v8;
					}
				} else {
					_t20 = GetLastError();
					if(_t20 > 0) {
						_t20 = _t20 & 0x0000ffff | 0x80070000;
						_t25 = _t20;
					}
					if(_t25 >= 0) {
						_t20 = 0x80004005;
					}
					E011938BA(_t14, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x212, _t20);
				}
				return _t20;
			}









                                                            0x011d4134
                                                            0x011d413a
                                                            0x011d4146
                                                            0x011d414e
                                                            0x011d4180
                                                            0x011d4185
                                                            0x011d418a
                                                            0x011d418f
                                                            0x011d418f
                                                            0x011d4150
                                                            0x011d4156
                                                            0x011d415a
                                                            0x011d415f
                                                            0x011d4165
                                                            0x011d4165
                                                            0x011d4167
                                                            0x011d4169
                                                            0x011d4169
                                                            0x011d4179
                                                            0x011d4179
                                                            0x011d4196

                                                            APIs
                                                            • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,011A8651,00000000,00000000,00000000,00000000,00000000), ref: 011D4146
                                                            • GetLastError.KERNEL32(?,?,?,011A8651,00000000,00000000,00000000,00000000,00000000), ref: 011D4150
                                                            Strings
                                                            • @Mqt, xrefs: 011D4150
                                                            • c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp, xrefs: 011D4174
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 2976181284-1324176156
                                                            • Opcode ID: 04295e153ebe68519520375d26afccc626e874dd1f6bf95c43907c22905e6fe1
                                                            • Instruction ID: 72443e0b87e3147b7eeb78196ce162f4ad23c2504f34917fc6176e891228c433
                                                            • Opcode Fuzzy Hash: 04295e153ebe68519520375d26afccc626e874dd1f6bf95c43907c22905e6fe1
                                                            • Instruction Fuzzy Hash: E1F08176A0112ABB9B298FA5DC04D9B7FA9EF14750B014118FE14AB610E330EC10C7A0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01193AA4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E01193AA4(void* _a4) {
				char _t3;
				signed short _t6;

				_t6 = 0;
				_t3 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
				if(_t3 == 0) {
					_t6 = GetLastError();
					if(_t6 > 0) {
						_t6 = _t6 & 0x0000ffff | 0x80070000;
					}
				}
				return _t6;
			}





                                                            0x01193aab
                                                            0x01193ab5
                                                            0x01193abd
                                                            0x01193ac5
                                                            0x01193ac9
                                                            0x01193ace
                                                            0x01193ace
                                                            0x01193ac9
                                                            0x01193ad8

                                                            APIs
                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,011CFB87,00000000,8007139F,?,00000000,00000000,8007139F,?,?,?,011CFB1B,000001C7), ref: 01193AAE
                                                            • RtlFreeHeap.NTDLL(00000000,?,011CFB87,00000000,8007139F,?,00000000,00000000,8007139F,?,?,?,011CFB1B,000001C7,?,?), ref: 01193AB5
                                                            • GetLastError.KERNEL32(?,011CFB87,00000000,8007139F,?,00000000,00000000,8007139F,?,?,?,011CFB1B,000001C7,?,?), ref: 01193ABF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$ErrorFreeLastProcess
                                                            • String ID: @Mqt
                                                            • API String ID: 406640338-2740872224
                                                            • Opcode ID: 06741194aa0aaa6b3ae482dac97069057588829f58e762a9497611e07a4c3d0d
                                                            • Instruction ID: d230cf4974721130b8873a6929b7ce390b9af0d74a6aa6d567ee33815973de0f
                                                            • Opcode Fuzzy Hash: 06741194aa0aaa6b3ae482dac97069057588829f58e762a9497611e07a4c3d0d
                                                            • Instruction Fuzzy Hash: ECD01273A0213A578B3556F9680C957BE5CEF055E17054131FD74E7200DA29D84097E4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D2E25 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 73%
                                                            			E011D2E25(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v28;
				short _v30;
				void _v32;
				void* _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				void* _v56;
				short _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				void* _t39;
				void* _t45;
				void* _t47;
				short _t48;
				intOrPtr* _t57;
				signed int _t58;
				void* _t63;
				intOrPtr _t67;
				signed int _t70;
				void* _t71;
				void* _t72;

				_t31 =  *0x11fa008; // 0x295f764a
				_v8 = _t31 ^ _t70;
				_v40 = _a4;
				_v48 = _a12;
				_t58 = 6;
				memset( &_v32, 0, _t58 << 2);
				_t72 = _t71 + 0xc;
				_v36 = 0;
				_v44 = 0;
				__imp__#8( &_v64);
				_t39 = E011D28BD(0,  &_v36, 0); // executed
				_t68 = _t39;
				_t67 = 1;
				if(_t68 == 1) {
					_t68 = 0x80004005;
				}
				_t57 = _v36;
				if(_t68 >= 0) {
					_t45 =  *((intOrPtr*)( *_t57 + 0x110))(_t57, 0);
					_t68 = _t45;
					if(_t45 >= 0) {
						_t47 =  *((intOrPtr*)( *_t57 + 0x118))(_t57, 0);
						_t68 = _t47;
						if(_t47 >= 0) {
							_t48 = 0x12;
							_v30 = _t48;
							_v20 = _v40;
							_v32 = _t67;
							_v28 = _t67;
							_v16 = _a8;
							_t67 = _t72 - 0x10;
							_v64 = 0x2011;
							_v56 =  &_v32;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd"); // executed
							_t68 =  *((intOrPtr*)( *_t57 + 0xe8))(_t57,  &_v44);
							if(_t68 == 1) {
								_t68 = 0x8007006e;
							}
							if(_t68 >= 0) {
								 *_v48 = _t57;
								_t57 = 0;
							}
						}
					}
				}
				if(_t57 != 0) {
					 *((intOrPtr*)( *_t57 + 8))(_t57);
				}
				return E011BDD1F(_t57, _v8 ^ _t70, _t63, _t67, _t68);
			}






























                                                            0x011d2e2b
                                                            0x011d2e32
                                                            0x011d2e3b
                                                            0x011d2e48
                                                            0x011d2e4d
                                                            0x011d2e4e
                                                            0x011d2e4e
                                                            0x011d2e53
                                                            0x011d2e57
                                                            0x011d2e5a
                                                            0x011d2e66
                                                            0x011d2e6d
                                                            0x011d2e6f
                                                            0x011d2e72
                                                            0x011d2e74
                                                            0x011d2e74
                                                            0x011d2e79
                                                            0x011d2e7e
                                                            0x011d2e85
                                                            0x011d2e8b
                                                            0x011d2e8f
                                                            0x011d2e96
                                                            0x011d2e9c
                                                            0x011d2ea0
                                                            0x011d2ea4
                                                            0x011d2ea5
                                                            0x011d2eb2
                                                            0x011d2eb8
                                                            0x011d2ebc
                                                            0x011d2ec0
                                                            0x011d2ecb
                                                            0x011d2ecd
                                                            0x011d2ed4
                                                            0x011d2ed9
                                                            0x011d2edb
                                                            0x011d2edc
                                                            0x011d2edd
                                                            0x011d2ee4
                                                            0x011d2ee9
                                                            0x011d2eeb
                                                            0x011d2eeb
                                                            0x011d2ef2
                                                            0x011d2ef7
                                                            0x011d2ef9
                                                            0x011d2ef9
                                                            0x011d2ef2
                                                            0x011d2ea0
                                                            0x011d2e8f
                                                            0x011d2efd
                                                            0x011d2f02
                                                            0x011d2f02
                                                            0x011d2f15

                                                            APIs
                                                            • VariantInit.OLEAUT32(?), ref: 011D2E5A
                                                              • Part of subcall function 011D28BD: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,011D2E6B,00000000,?,00000000), ref: 011D28D7
                                                              • Part of subcall function 011D28BD: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,011BBD14,?,01195442,?,00000000,?), ref: 011D28E3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorHandleInitLastModuleVariant
                                                            • String ID: Jv_)
                                                            • API String ID: 52713655-4194347600
                                                            • Opcode ID: 57a1999fc7e7d03ce3820b4767bee023991fa2ea178c847e8dedd536d5ab2c69
                                                            • Instruction ID: 6452e3ed3fbce8b3c6142c653c2dd8e3c3caf7d1e57ae18fd40ad74a097683cf
                                                            • Opcode Fuzzy Hash: 57a1999fc7e7d03ce3820b4767bee023991fa2ea178c847e8dedd536d5ab2c69
                                                            • Instruction Fuzzy Hash: BA313E76E016299FCB15DFA8C884ADEBBF4EF08710F01456AEA15FB311D7749D048BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D0823 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011D0823(void* _a4, short* _a8, int _a12, void** _a16) {
				signed short _t5;
				signed int _t9;
				signed short _t10;
				signed int _t12;

				_t12 = 0;
				_t5 = RegOpenKeyExW(_a4, _a8, 0, _a12, _a16); // executed
				_t10 = _t5;
				_t9 = _t5 & 0x0000ffff | 0x80070000;
				if(_t5 > 0) {
					_t10 = _t9;
				}
				if(_t10 != 0x80070002) {
					__eflags = _t5;
					if(__eflags != 0) {
						_t12 = _t5;
						if(__eflags > 0) {
							_t12 = _t9;
						}
						__eflags = _t12;
						if(_t12 >= 0) {
							_t12 = 0x80004005;
						}
						E011938BA(_t5, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp", 0xa7, _t12);
					}
				} else {
					_t12 = 0x80070002;
				}
				return _t12;
			}







                                                            0x011d082b
                                                            0x011d0837
                                                            0x011d0840
                                                            0x011d0842
                                                            0x011d084a
                                                            0x011d084c
                                                            0x011d084c
                                                            0x011d0855
                                                            0x011d085b
                                                            0x011d085d
                                                            0x011d085f
                                                            0x011d0861
                                                            0x011d0863
                                                            0x011d0863
                                                            0x011d0865
                                                            0x011d0867
                                                            0x011d0869
                                                            0x011d0869
                                                            0x011d0879
                                                            0x011d0879
                                                            0x011d0857
                                                            0x011d0857
                                                            0x011d0857
                                                            0x011d0883

                                                            APIs
                                                            • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,011FAA7C,00000000,?,011D4FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 011D0837
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 011D0874
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Open
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 71445658-3237223240
                                                            • Opcode ID: e1a000b2b185c2fcfc43f2f28e3f70d0f6bab5c8d0711c2514ee110981bcd694
                                                            • Instruction ID: 044ccf857deff0a375c90c121bbd74af343622a44ee1c68b091b7dd11de35aa4
                                                            • Opcode Fuzzy Hash: e1a000b2b185c2fcfc43f2f28e3f70d0f6bab5c8d0711c2514ee110981bcd694
                                                            • Instruction Fuzzy Hash: 99F0E932F40226B3DB39099A8C05BAB7E569B985F0F164139BE4DEF214D725CC5083E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01193B7C Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E01193B7C(void* _a4, long _a8, signed int _a12) {
				void* _t8;

				asm("sbb eax, eax");
				_t8 = RtlReAllocateHeap(GetProcessHeap(),  ~_a12 & 0x00000008, _a4, _a8); // executed
				return _t8;
			}




                                                            0x01193b8a
                                                            0x01193b97
                                                            0x01193b9e

                                                            APIs
                                                            • GetProcessHeap.KERNEL32(?,000001C7,?,?,01192375,000001C7,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000), ref: 01193B90
                                                            • RtlReAllocateHeap.NTDLL(00000000,?,01192375,000001C7,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01193B97
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateProcess
                                                            • String ID:
                                                            • API String ID: 1357844191-0
                                                            • Opcode ID: d8f4f124f9d2d6d60a6c28d80f8a9cf5df95a9f04ae5ed1fd75ce366a674f275
                                                            • Instruction ID: b21118dfecb4b0694e1a8f25e14b439884c68129b842b22f50c3e0ed9a96cbec
                                                            • Opcode Fuzzy Hash: d8f4f124f9d2d6d60a6c28d80f8a9cf5df95a9f04ae5ed1fd75ce366a674f275
                                                            • Instruction Fuzzy Hash: 91D0C93215520DAB8F009FF8EC09DAA3BADEB586427088415B925C2100C63DE4609B60
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D506B Relevance: 1.6, APIs: 1, Instructions: 59registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E011D506B(void* __ecx, intOrPtr _a4, short* _a8, intOrPtr _a12, char** _a16) {
				void* _v8;
				void* _t13;
				char** _t24;
				void* _t27;

				_push(__ecx);
				_v8 = 0;
				_t13 = E011D4FAB(__ecx, _a4,  &_v8); // executed
				_t24 = _a16;
				_t27 = _t13;
				if(_t27 == 0x80070002 || _t27 == 0x80070003) {
					L5:
					_t27 = 1;
					goto L6;
				} else {
					if(_t27 < 0) {
						L6:
						if(_v8 != 0) {
							RegCloseKey(_v8);
							_v8 = 0;
						}
						if(_t27 == 1 || _t27 < 0) {
							if(_a12 != 0) {
								_t27 = E0119229E(_t24, _a12, 0);
							} else {
								if( *_t24 != 0) {
									E01192762( *_t24);
									 *_t24 = 0;
								}
							}
						}
						return _t27;
					}
					_t27 = E011D095E(_v8, _a8, _t24);
					if(_t27 == 0x80070002 || _t27 == 0x80070003) {
						goto L5;
					} else {
						goto L6;
					}
				}
			}







                                                            0x011d506e
                                                            0x011d507b
                                                            0x011d507e
                                                            0x011d5083
                                                            0x011d5086
                                                            0x011d508e
                                                            0x011d50ba
                                                            0x011d50bc
                                                            0x00000000
                                                            0x011d5098
                                                            0x011d509a
                                                            0x011d50bd
                                                            0x011d50c0
                                                            0x011d50c5
                                                            0x011d50cb
                                                            0x011d50cb
                                                            0x011d50d1
                                                            0x011d50da
                                                            0x011d50f5
                                                            0x011d50dc
                                                            0x011d50de
                                                            0x011d50e2
                                                            0x011d50e7
                                                            0x011d50e7
                                                            0x011d50de
                                                            0x011d50da
                                                            0x011d50fd
                                                            0x011d50fd
                                                            0x011d50a8
                                                            0x011d50b0
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d50b0

                                                            APIs
                                                            • RegCloseKey.ADVAPI32(80070490,00000000,80070490,011FAA7C,00000000,80070490,?,?,011A89F4,WiX\Burn,PackageCache,00000000,011FAA7C,00000000,00000000,80070490), ref: 011D50C5
                                                              • Part of subcall function 011D095E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 011D09D4
                                                              • Part of subcall function 011D095E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 011D0A0C
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$Close
                                                            • String ID:
                                                            • API String ID: 1979452859-0
                                                            • Opcode ID: 5fcd7239b547fb6aeed131a67294d8429ddafd7de8cfadd3871d34c5f7155016
                                                            • Instruction ID: 782ddef3134fffec585fdf8be3efc912d1eae5b37f82035fdbf9ac3560063741
                                                            • Opcode Fuzzy Hash: 5fcd7239b547fb6aeed131a67294d8429ddafd7de8cfadd3871d34c5f7155016
                                                            • Instruction Fuzzy Hash: 8211E53780122AEBDF7AAE98C9849AEBB76EF14264F114139EE5127110C7314D50DBD2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01192DE3 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E01192DE3(void* __ecx, WCHAR* _a4, WCHAR* _a8, intOrPtr* _a12) {
				signed int _v8;
				signed int _v12;
				void* _t22;
				void* _t27;

				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t27 = E01193171( &_v12, _a4, 3);
				if(_t27 >= 0) {
					_t22 = E01193171( &_v8, _a8, 3); // executed
					_t27 = _t22;
					if(_t27 >= 0) {
						 *_a12 = CompareStringW(0, 1, _v12, 0xffffffff, _v8, 0xffffffff);
					}
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				if(_v12 != 0) {
					E01192762(_v12);
				}
				return _t27;
			}







                                                            0x01192de8
                                                            0x01192def
                                                            0x01192dff
                                                            0x01192e03
                                                            0x01192e0e
                                                            0x01192e13
                                                            0x01192e17
                                                            0x01192e30
                                                            0x01192e30
                                                            0x01192e17
                                                            0x01192e36
                                                            0x01192e3b
                                                            0x01192e3b
                                                            0x01192e44
                                                            0x01192e49
                                                            0x01192e49
                                                            0x01192e52

                                                            APIs
                                                              • Part of subcall function 01193171: ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000040,00000000,00000000), ref: 011931BC
                                                              • Part of subcall function 01193171: GetLastError.KERNEL32 ref: 011931C2
                                                              • Part of subcall function 01193171: ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000000), ref: 0119321C
                                                              • Part of subcall function 01193171: GetLastError.KERNEL32 ref: 01193222
                                                              • Part of subcall function 01193171: GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 011932D6
                                                              • Part of subcall function 01193171: GetLastError.KERNEL32 ref: 011932E0
                                                            • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,00000000,000000FF,00000000,00000000,00000003,00000000,00000000,00000003,00000000), ref: 01192E27
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$EnvironmentExpandStrings$CompareFullNamePathString
                                                            • String ID:
                                                            • API String ID: 1340564764-0
                                                            • Opcode ID: 3b3f015fc0292bfe09bd3a55db00690f28cc29ddc85060858132a9d6024353ed
                                                            • Instruction ID: 78a441ba4d7e864d69426a9ed6044ca687bdb1fe2ff405b5cf43416477edf2cf
                                                            • Opcode Fuzzy Hash: 3b3f015fc0292bfe09bd3a55db00690f28cc29ddc85060858132a9d6024353ed
                                                            • Instruction Fuzzy Hash: 79018F31901229FBDF2A9BA4CC45FDEBF79AF10765F104260BA20761E0C7749B40DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C71F5 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E011C71F5(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				signed int _t16;
				signed int _t18;
				long _t19;

				_t15 = __ecx;
				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x11fb578, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E011C4380();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E011C3728())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E011C43CF(_t15, _t16, __eflags, _t19);
						_pop(_t15);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t16 = _t13 % _t18;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}










                                                            0x011c71f5
                                                            0x011c71fb
                                                            0x011c7200
                                                            0x011c720e
                                                            0x011c720e
                                                            0x011c7214
                                                            0x011c7216
                                                            0x011c7216
                                                            0x011c722d
                                                            0x011c7236
                                                            0x011c723e
                                                            0x00000000
                                                            0x00000000
                                                            0x011c721e
                                                            0x011c7220
                                                            0x011c7242
                                                            0x011c7247
                                                            0x011c724d
                                                            0x00000000
                                                            0x011c724d
                                                            0x011c7223
                                                            0x011c7228
                                                            0x011c7229
                                                            0x011c722b
                                                            0x00000000
                                                            0x00000000
                                                            0x011c722b
                                                            0x00000000
                                                            0x011c722d
                                                            0x011c7206
                                                            0x011c7207
                                                            0x011c720c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,011C59DE,00000001,00000364), ref: 011C7236
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 905529afb65768859f9e5bca4202cc609b7edcebd1b66e3774f8f77289cb7800
                                                            • Instruction ID: 52d83fafa0140f0334cf14da5219ddfe91a6d00318ad2530d7aad539c85cdd6b
                                                            • Opcode Fuzzy Hash: 905529afb65768859f9e5bca4202cc609b7edcebd1b66e3774f8f77289cb7800
                                                            • Instruction Fuzzy Hash: 65F0E03160912567B73D5A67AC05B5A3FAAAFB1FB0B19D11DFD14971C4CBB0D8004AA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C5D22 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 94%
                                                            			E011C5D22(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = _a4;
				if(_t9 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E011C3728())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t9 == 0) {
					_t9 = _t9 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x11fb578, 0, _t9); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E011C4380();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E011C43CF(_t7, _t8, __eflags, _t9);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}








                                                            0x011c5d22
                                                            0x011c5d28
                                                            0x011c5d2e
                                                            0x011c5d60
                                                            0x011c5d65
                                                            0x011c5d6b
                                                            0x00000000
                                                            0x011c5d6b
                                                            0x011c5d32
                                                            0x011c5d34
                                                            0x011c5d34
                                                            0x011c5d4b
                                                            0x011c5d54
                                                            0x011c5d5c
                                                            0x00000000
                                                            0x00000000
                                                            0x011c5d3c
                                                            0x011c5d3e
                                                            0x00000000
                                                            0x00000000
                                                            0x011c5d41
                                                            0x011c5d46
                                                            0x011c5d47
                                                            0x011c5d49
                                                            0x00000000
                                                            0x00000000
                                                            0x011c5d49
                                                            0x00000000

                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,011C1782,?,0000015D,?,?,?,?,011C2BDB,000000FF,00000000,?,?), ref: 011C5D54
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 0f8dcf9f596477e4f0c6a17fc2f8e80c12cc643e92da3026bca3a66d8904276e
                                                            • Instruction ID: 442281f8df91654d29874d9b8f76858a726ebca8461803b26b2e54fb6e97f549
                                                            • Opcode Fuzzy Hash: 0f8dcf9f596477e4f0c6a17fc2f8e80c12cc643e92da3026bca3a66d8904276e
                                                            • Instruction Fuzzy Hash: D0E0E53170532566FB7D2669AC0C77E3E5A9F71EE0F4A0529ED149A080DF10F80342B5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011935A8 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,011A8AAE,0000001C,80070490,00000000,00000000,80070490), ref: 011935C8
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FolderPath
                                                            • String ID:
                                                            • API String ID: 1514166925-0
                                                            • Opcode ID: e7629bb581a6a4a380c4142ee34899563c24b0889f6104759849ae3c71c1a0d1
                                                            • Instruction ID: e45b9fc38fe2f8e4c91910ca9128e73110df8437b367fc93101a189c6e8a2ada
                                                            • Opcode Fuzzy Hash: e7629bb581a6a4a380c4142ee34899563c24b0889f6104759849ae3c71c1a0d1
                                                            • Instruction Fuzzy Hash: B7E017723522197BAF056AB5AC04DEB7B9CEF296A5B004021FF70E7000DB72EA5157B1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011914AC Relevance: 1.3, APIs: 1, Instructions: 52stringCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011914AC(void* __ecx, unsigned int _a4, WCHAR* _a8, int _a12, intOrPtr _a16) {
				void* _t10;
				void* _t15;
				unsigned int _t20;

				_t15 = __ecx;
				_t14 = _a4;
				_t19 = 0;
				if( *_a4 == 0) {
					L4:
					_t17 = _a12;
					if(_a12 == 0) {
						_t17 = lstrlenW(_a8);
					}
					_t10 = E01191FB8(_t17, 1,  &_a4);
					if(_t10 < 0) {
						L10:
						return _t10;
					} else {
						if(_t19 >= _a4) {
							L9:
							_t10 = E01191AB2(_t15,  *_t14, _t19, _a8, _t17, 0, 0, 0x200);
							goto L10;
						}
						_t19 = _a4;
						_t10 = E01191433(_t14, _a4, _a16); // executed
						if(_t10 < 0) {
							goto L10;
						}
						goto L9;
					}
				}
				_t20 = E01193C5F( *_t14);
				if(_t20 != 0xffffffff) {
					_t19 = _t20 >> 1;
					goto L4;
				}
				return 0x80070057;
			}






                                                            0x011914ac
                                                            0x011914b0
                                                            0x011914b4
                                                            0x011914b8
                                                            0x011914d1
                                                            0x011914d2
                                                            0x011914d7
                                                            0x011914e2
                                                            0x011914e2
                                                            0x011914eb
                                                            0x011914f2
                                                            0x0119151f
                                                            0x00000000
                                                            0x011914f4
                                                            0x011914f7
                                                            0x0119150a
                                                            0x0119151a
                                                            0x00000000
                                                            0x0119151a
                                                            0x011914fc
                                                            0x01191501
                                                            0x01191508
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01191508
                                                            0x011914f2
                                                            0x011914c1
                                                            0x011914c6
                                                            0x011914cf
                                                            0x00000000
                                                            0x011914cf
                                                            0x00000000

                                                            APIs
                                                            • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,011922B1,?,00000000,?,00000000,?,011939A5,00000000,?,00000104), ref: 011914DC
                                                              • Part of subcall function 01193C5F: GetProcessHeap.KERNEL32(00000000,000001C7,?,011922D5,000001C7,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01193C67
                                                              • Part of subcall function 01193C5F: HeapSize.KERNEL32(00000000,?,011922D5,000001C7,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01193C6E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$ProcessSizelstrlen
                                                            • String ID:
                                                            • API String ID: 3492610842-0
                                                            • Opcode ID: 9cbd1be3ca4c8fe107a2a7b73e36f518cf9e5ce5e3b06794507f47b43f359be1
                                                            • Instruction ID: a4537073897ad14041ed8b4838797c8fd8b8d80b1f736f968bc851561999847f
                                                            • Opcode Fuzzy Hash: 9cbd1be3ca4c8fe107a2a7b73e36f518cf9e5ce5e3b06794507f47b43f359be1
                                                            • Instruction Fuzzy Hash: F601D832100126BBEF266E25DC80FCA7BA9BF45770F154111FE396B191C770E88096A0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 01193D4E Relevance: 47.6, APIs: 23, Strings: 4, Instructions: 309fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 81%
                                                            			E01193D4E(void* __edx, WCHAR* _a4, signed int _a8) {
				signed int _v8;
				short _v528;
				short _v1048;
				short _v1078;
				intOrPtr _v1592;
				intOrPtr _v1594;
				struct _WIN32_FIND_DATAW _v1640;
				signed int _v1644;
				signed int _v1648;
				WCHAR* _v1652;
				signed short _v1656;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				WCHAR* _t77;
				void* _t78;
				void* _t86;
				signed char _t91;
				signed short _t92;
				long _t93;
				signed short _t96;
				signed short _t97;
				signed short _t100;
				signed short _t102;
				signed short _t105;
				signed short _t112;
				signed short _t113;
				WCHAR* _t115;
				void* _t119;
				WCHAR* _t120;
				void* _t121;
				signed short _t122;
				signed int _t133;
				signed short _t139;

				_t119 = __edx;
				_t69 =  *0x11fa008; // 0x295f764a
				_v8 = _t69 ^ _t133;
				_v1648 = _v1648 | 0xffffffff;
				_t120 = _a4;
				_t122 = 0;
				_v1656 = _a8 & 0x00000001;
				_v1644 = _v1644 & 0;
				_v1652 = _t120;
				E011BF600(_t120,  &_v1048, 0, 0x208);
				E011BF600(_t120,  &_v528, 0, 0x208);
				_t77 = GetFileAttributesW(_t120);
				_t121 = GetLastError;
				_t115 = _t77;
				if(_t115 != 0xffffffff) {
					L8:
					__eflags = _t115 & 0x00000010;
					if((_t115 & 0x00000010) == 0) {
						_t122 = 0x8000ffff;
						L87:
						_t78 = _v1648;
						__eflags = _t78 - 0xffffffff;
						if(_t78 != 0xffffffff) {
							FindClose(_t78);
						}
						L89:
						if(_v1644 != 0) {
							E01192762(_v1644);
						}
						return E011BDD1F(_t115, _v8 ^ _t133, _t119, _t121, _t122);
					}
					__eflags = _t115 & 0x00000001;
					_t115 = _v1652;
					if(__eflags == 0) {
						L16:
						__eflags = _v1656;
						if(_v1656 != 0) {
							L18:
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								L25:
								_t122 = E01192E55(_t116, _t115, L"*.*",  &_v1644);
								__eflags = _t122;
								if(_t122 < 0) {
									goto L89;
								}
								_t86 = FindFirstFileW(_v1644,  &_v1640);
								_v1648 = _t86;
								__eflags = _t86 - 0xffffffff;
								if(_t86 != 0xffffffff) {
									while(1) {
										_t119 = 0x2e;
										__eflags = _t119 - _v1640.cFileName;
										if(_t119 != _v1640.cFileName) {
											goto L36;
										}
										_t116 = 0;
										__eflags = 0 - _v1594;
										if(0 == _v1594) {
											L52:
											_t116 =  &_v1640;
											_t92 = FindNextFileW(_t86,  &_v1640);
											__eflags = _t92;
											if(_t92 == 0) {
												_t93 = GetLastError();
												__eflags = _t93 - 0x12;
												if(_t93 != 0x12) {
													_t122 = GetLastError();
													__eflags = _t122;
													if(__eflags > 0) {
														_t122 = _t122 & 0x0000ffff | 0x80070000;
														__eflags = _t122;
													}
													if(__eflags >= 0) {
														_t122 = 0x80004005;
													}
													_push(_t122);
													_push(0x132);
													L59:
													_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dirutil.cpp");
													E011938BA(_t94);
													goto L87;
												}
												_t122 = 0;
												__eflags = 0;
												L72:
												_t96 = RemoveDirectoryW(_t115);
												__eflags = _t96;
												if(_t96 != 0) {
													goto L87;
												}
												_t122 = GetLastError();
												__eflags = _t122;
												if(_t122 > 0) {
													_t122 = _t122 & 0x0000ffff | 0x80070000;
													__eflags = _t122;
												}
												__eflags = _t122 - 0x80070020;
												if(_t122 != 0x80070020) {
													L79:
													__eflags = _t122;
													if(_t122 >= 0) {
														goto L87;
													}
													goto L80;
												} else {
													__eflags = _a8 & 0x00000004;
													if((_a8 & 0x00000004) == 0) {
														L80:
														_push(_t122);
														_push(0x141);
														goto L59;
													}
													_t94 = MoveFileExW(_t115, 0, 4);
													__eflags = _t94;
													if(_t94 == 0) {
														goto L80;
													}
													_t122 = 0;
													__eflags = 0;
													goto L79;
												}
											}
											_t86 = _v1648;
											continue;
										}
										__eflags = _t119 - _v1594;
										if(_t119 != _v1594) {
											goto L36;
										}
										__eflags = 0 - _v1592;
										if(0 == _v1592) {
											goto L52;
										}
										L36:
										_v1078 = 0;
										_t122 = E01192E55(_t116, _t115,  &(_v1640.cFileName),  &_v1644);
										__eflags = _t122;
										if(_t122 < 0) {
											goto L87;
										}
										__eflags = _a8 & 0x00000002;
										_t91 = _v1640.dwFileAttributes;
										if((_a8 & 0x00000002) == 0) {
											L41:
											__eflags = _v1656;
											if(_v1656 == 0) {
												L51:
												_t86 = _v1648;
												goto L52;
											}
											__eflags = _t91 & 0x00000007;
											if((_t91 & 0x00000007) == 0) {
												L44:
												_t97 = DeleteFileW(_v1644);
												__eflags = _t97;
												if(_t97 != 0) {
													goto L51;
												}
												__eflags = _a8 & 0x00000004;
												if((_a8 & 0x00000004) == 0) {
													_t122 = GetLastError();
													__eflags = _t122;
													if(__eflags > 0) {
														_t122 = _t122 & 0x0000ffff | 0x80070000;
														__eflags = _t122;
													}
													if(__eflags >= 0) {
														_t122 = 0x80004005;
													}
													_push(_t122);
													_push(0x125);
													goto L59;
												}
												_t100 = GetTempFileNameW( &_v1048, L"DEL", 0,  &_v528);
												__eflags = _t100;
												if(_t100 == 0) {
													_t122 = GetLastError();
													__eflags = _t122;
													if(__eflags > 0) {
														_t122 = _t122 & 0x0000ffff | 0x80070000;
														__eflags = _t122;
													}
													if(__eflags >= 0) {
														_t122 = 0x80004005;
													}
													_push(_t122);
													_push(0x115);
													goto L59;
												}
												_t102 = MoveFileExW(_v1644,  &_v528, 1);
												_push(4);
												_push(0);
												__eflags = _t102;
												if(_t102 == 0) {
													_push(_v1644);
												} else {
													_push( &_v528);
												}
												MoveFileExW();
												goto L51;
											}
											_t105 = SetFileAttributesW(_v1644, 0x80);
											__eflags = _t105;
											if(_t105 == 0) {
												_t122 = GetLastError();
												__eflags = _t122;
												if(__eflags > 0) {
													_t122 = _t122 & 0x0000ffff | 0x80070000;
													__eflags = _t122;
												}
												if(__eflags >= 0) {
													_t122 = 0x80004005;
												}
												_push(_t122);
												_push(0x10b);
												goto L59;
											}
											goto L44;
										}
										__eflags = _t91 & 0x00000010;
										if((_t91 & 0x00000010) == 0) {
											goto L41;
										}
										_t122 = E01192BFE(_t116, _t121,  &_v1644);
										__eflags = _t122;
										if(_t122 < 0) {
											goto L87;
										}
										E01193D4E(_t119, _v1644, _a8);
										goto L51;
									}
								}
								_t122 = GetLastError();
								__eflags = _t122;
								if(__eflags > 0) {
									_t122 = _t122 & 0x0000ffff | 0x80070000;
									__eflags = _t122;
								}
								if(__eflags >= 0) {
									_t122 = 0x80004005;
								}
								_push(_t122);
								_push(0xe7);
								L7:
								_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dirutil.cpp");
								E011938BA(_t109);
								goto L89;
							}
							_t112 = GetTempPathW(0x104,  &_v1048);
							__eflags = _t112;
							if(_t112 != 0) {
								goto L25;
							}
							_t122 = GetLastError();
							__eflags = _t122;
							if(__eflags > 0) {
								_t122 = _t122 & 0x0000ffff | 0x80070000;
								__eflags = _t122;
							}
							if(__eflags >= 0) {
								_t122 = 0x80004005;
							}
							_push(_t122);
							_push(0xdc);
							goto L7;
						}
						__eflags = _a8 & 0x00000002;
						if((_a8 & 0x00000002) == 0) {
							goto L72;
						}
						goto L18;
					}
					_t113 = SetFileAttributesW(_t115, 0x80);
					__eflags = _t113;
					if(_t113 != 0) {
						goto L16;
					}
					_t122 = GetLastError();
					__eflags = _t122;
					if(__eflags > 0) {
						_t122 = _t122 & 0x0000ffff | 0x80070000;
						__eflags = _t122;
					}
					if(__eflags >= 0) {
						_t122 = 0x80004005;
					}
					_push(_t122);
					_push(0xd1);
					goto L7;
				}
				_t122 = GetLastError();
				if(_t122 == 2) {
					_t122 = 3;
				}
				if(_t122 > 0) {
					_t122 = _t122 & 0x0000ffff | 0x80070000;
					_t139 = _t122;
				}
				if(_t139 >= 0) {
					goto L8;
				} else {
					_push(_t122);
					_push(0xc8);
					goto L7;
				}
			}






































                                                            0x01193d4e
                                                            0x01193d57
                                                            0x01193d5e
                                                            0x01193d64
                                                            0x01193d71
                                                            0x01193d79
                                                            0x01193d7b
                                                            0x01193d81
                                                            0x01193d90
                                                            0x01193d96
                                                            0x01193da4
                                                            0x01193dad
                                                            0x01193db3
                                                            0x01193db9
                                                            0x01193dbe
                                                            0x01193df2
                                                            0x01193df2
                                                            0x01193df5
                                                            0x01194121
                                                            0x01194126
                                                            0x01194126
                                                            0x0119412c
                                                            0x0119412f
                                                            0x01194132
                                                            0x01194132
                                                            0x01194138
                                                            0x0119413f
                                                            0x01194147
                                                            0x01194147
                                                            0x0119415c
                                                            0x0119415c
                                                            0x01193dfb
                                                            0x01193dfe
                                                            0x01193e04
                                                            0x01193e38
                                                            0x01193e38
                                                            0x01193e3f
                                                            0x01193e4b
                                                            0x01193e4b
                                                            0x01193e4f
                                                            0x01193e8c
                                                            0x01193e9e
                                                            0x01193ea0
                                                            0x01193ea2
                                                            0x00000000
                                                            0x00000000
                                                            0x01193eb5
                                                            0x01193ebb
                                                            0x01193ec1
                                                            0x01193ec4
                                                            0x01193eeb
                                                            0x01193eed
                                                            0x01193eee
                                                            0x01193ef5
                                                            0x00000000
                                                            0x00000000
                                                            0x01193ef7
                                                            0x01193ef9
                                                            0x01193f00
                                                            0x01194019
                                                            0x01194019
                                                            0x01194021
                                                            0x01194027
                                                            0x01194029
                                                            0x011940a9
                                                            0x011940ab
                                                            0x011940ae
                                                            0x011940fe
                                                            0x01194100
                                                            0x01194102
                                                            0x01194107
                                                            0x0119410d
                                                            0x0119410d
                                                            0x0119410f
                                                            0x01194111
                                                            0x01194111
                                                            0x01194116
                                                            0x01194117
                                                            0x01194056
                                                            0x01194056
                                                            0x0119405b
                                                            0x00000000
                                                            0x0119405b
                                                            0x011940b0
                                                            0x011940b0
                                                            0x011940b2
                                                            0x011940b3
                                                            0x011940b9
                                                            0x011940bb
                                                            0x00000000
                                                            0x00000000
                                                            0x011940bf
                                                            0x011940c1
                                                            0x011940c3
                                                            0x011940c8
                                                            0x011940c8
                                                            0x011940c8
                                                            0x011940ce
                                                            0x011940d4
                                                            0x011940ed
                                                            0x011940ed
                                                            0x011940ef
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011940d6
                                                            0x011940d6
                                                            0x011940da
                                                            0x011940f1
                                                            0x011940f1
                                                            0x011940f2
                                                            0x00000000
                                                            0x011940f2
                                                            0x011940e1
                                                            0x011940e7
                                                            0x011940e9
                                                            0x00000000
                                                            0x00000000
                                                            0x011940eb
                                                            0x011940eb
                                                            0x00000000
                                                            0x011940eb
                                                            0x011940d4
                                                            0x0119402b
                                                            0x00000000
                                                            0x0119402b
                                                            0x01193f06
                                                            0x01193f0d
                                                            0x00000000
                                                            0x00000000
                                                            0x01193f0f
                                                            0x01193f16
                                                            0x00000000
                                                            0x00000000
                                                            0x01193f1c
                                                            0x01193f1e
                                                            0x01193f39
                                                            0x01193f3b
                                                            0x01193f3d
                                                            0x00000000
                                                            0x00000000
                                                            0x01193f43
                                                            0x01193f47
                                                            0x01193f4d
                                                            0x01193f7c
                                                            0x01193f7c
                                                            0x01193f83
                                                            0x01194013
                                                            0x01194013
                                                            0x00000000
                                                            0x01194013
                                                            0x01193f89
                                                            0x01193f8b
                                                            0x01193fa6
                                                            0x01193fac
                                                            0x01193fb2
                                                            0x01193fb4
                                                            0x00000000
                                                            0x00000000
                                                            0x01193fb6
                                                            0x01193fba
                                                            0x01194089
                                                            0x0119408b
                                                            0x0119408d
                                                            0x01194092
                                                            0x01194098
                                                            0x01194098
                                                            0x0119409a
                                                            0x0119409c
                                                            0x0119409c
                                                            0x011940a1
                                                            0x011940a2
                                                            0x00000000
                                                            0x011940a2
                                                            0x01193fd5
                                                            0x01193fdb
                                                            0x01193fdd
                                                            0x01194067
                                                            0x01194069
                                                            0x0119406b
                                                            0x01194070
                                                            0x01194076
                                                            0x01194076
                                                            0x01194078
                                                            0x0119407a
                                                            0x0119407a
                                                            0x0119407f
                                                            0x01194080
                                                            0x00000000
                                                            0x01194080
                                                            0x01193ff8
                                                            0x01193ffa
                                                            0x01193ffc
                                                            0x01193ffe
                                                            0x01194000
                                                            0x0119400b
                                                            0x01194002
                                                            0x01194008
                                                            0x01194008
                                                            0x01194011
                                                            0x00000000
                                                            0x01194011
                                                            0x01193f98
                                                            0x01193f9e
                                                            0x01193fa0
                                                            0x01194038
                                                            0x0119403a
                                                            0x0119403c
                                                            0x01194041
                                                            0x01194047
                                                            0x01194047
                                                            0x01194049
                                                            0x0119404b
                                                            0x0119404b
                                                            0x01194050
                                                            0x01194051
                                                            0x00000000
                                                            0x01194051
                                                            0x00000000
                                                            0x01193fa0
                                                            0x01193f4f
                                                            0x01193f51
                                                            0x00000000
                                                            0x00000000
                                                            0x01193f5f
                                                            0x01193f61
                                                            0x01193f63
                                                            0x00000000
                                                            0x00000000
                                                            0x01193f72
                                                            0x00000000
                                                            0x01193f72
                                                            0x01193eeb
                                                            0x01193ec8
                                                            0x01193eca
                                                            0x01193ecc
                                                            0x01193ed1
                                                            0x01193ed7
                                                            0x01193ed7
                                                            0x01193ed9
                                                            0x01193edb
                                                            0x01193edb
                                                            0x01193ee0
                                                            0x01193ee1
                                                            0x01193de3
                                                            0x01193de3
                                                            0x01193de8
                                                            0x00000000
                                                            0x01193de8
                                                            0x01193e5d
                                                            0x01193e63
                                                            0x01193e65
                                                            0x00000000
                                                            0x00000000
                                                            0x01193e69
                                                            0x01193e6b
                                                            0x01193e6d
                                                            0x01193e72
                                                            0x01193e78
                                                            0x01193e78
                                                            0x01193e7a
                                                            0x01193e7c
                                                            0x01193e7c
                                                            0x01193e81
                                                            0x01193e82
                                                            0x00000000
                                                            0x01193e82
                                                            0x01193e41
                                                            0x01193e45
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01193e45
                                                            0x01193e0c
                                                            0x01193e12
                                                            0x01193e14
                                                            0x00000000
                                                            0x00000000
                                                            0x01193e18
                                                            0x01193e1a
                                                            0x01193e1c
                                                            0x01193e21
                                                            0x01193e27
                                                            0x01193e27
                                                            0x01193e29
                                                            0x01193e2b
                                                            0x01193e2b
                                                            0x01193e30
                                                            0x01193e31
                                                            0x00000000
                                                            0x01193e31
                                                            0x01193dc2
                                                            0x01193dc7
                                                            0x01193dcb
                                                            0x01193dcb
                                                            0x01193dce
                                                            0x01193dd3
                                                            0x01193dd9
                                                            0x01193dd9
                                                            0x01193ddb
                                                            0x00000000
                                                            0x01193ddd
                                                            0x01193ddd
                                                            0x01193dde
                                                            0x00000000
                                                            0x01193dde

                                                            APIs
                                                            • GetFileAttributesW.KERNEL32(?,?,?,?,00000001,00000000,?), ref: 01193DAD
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 01193DC0
                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000001,00000000,?), ref: 01193E0C
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 01193E16
                                                            • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000001,00000000,?), ref: 01193E5D
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 01193E67
                                                            • FindFirstFileW.KERNEL32(?,?,?,*.*,?,?,?,?,00000001,00000000,?), ref: 01193EB5
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 01193EC6
                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000001,00000000,?), ref: 01193F98
                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00000001,00000000,?), ref: 01193FAC
                                                            • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000001,00000000,?), ref: 01193FD5
                                                            • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000001,00000000,?), ref: 01193FF8
                                                            • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 01194011
                                                            • FindNextFileW.KERNEL32(000000FF,?,?,?,?,?,?,?,00000001,00000000,?), ref: 01194021
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 01194036
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 01194065
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 01194087
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 011940A9
                                                            • RemoveDirectoryW.KERNEL32(?,?,?,?,00000001,00000000,?), ref: 011940B3
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 011940BD
                                                            • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 011940E1
                                                            • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 011940FC
                                                            • FindClose.KERNEL32(000000FF,?,?,?,00000001,00000000,?), ref: 01194132
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                            • String ID: *.*$DEL$Jv_)$c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                            • API String ID: 1544372074-878550681
                                                            • Opcode ID: d870d2cc6f297cc0436bcd04bd76c47b4a6feb99354f1dd1e00f0f62ce15d0e0
                                                            • Instruction ID: 57653bb39d181be38494a92972cfc7bad9b39ebc02db4660d0bb4f82e7efeeee
                                                            • Opcode Fuzzy Hash: d870d2cc6f297cc0436bcd04bd76c47b4a6feb99354f1dd1e00f0f62ce15d0e0
                                                            • Instruction Fuzzy Hash: 94A12E72D01239A7DF3996798D44BEA7EA86F10760F0502A1EE74FB180D7359D81CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BC01F Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 375COMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 83%
                                                            			E011BC01F(void* __ebx, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr* _a56, intOrPtr* _a60, intOrPtr* _a64, intOrPtr* _a68, intOrPtr* _a72, intOrPtr _a76) {
				intOrPtr _t85;
				intOrPtr* _t87;
				intOrPtr _t90;
				intOrPtr* _t92;
				intOrPtr* _t96;
				intOrPtr* _t101;
				intOrPtr* _t102;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr _t117;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t150;
				void* _t163;
				intOrPtr _t166;
				void* _t167;
				intOrPtr* _t168;
				intOrPtr* _t175;
				intOrPtr _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr _t180;
				intOrPtr _t190;
				char _t191;
				intOrPtr* _t192;
				intOrPtr* _t197;
				intOrPtr* _t199;
				intOrPtr _t200;
				void* _t201;

				_t163 = __ebx;
				_t191 = _a12;
				_a12 = 0;
				if(E011A7FEC(_a24) != 0) {
					E01192022( &_a12, L" -%ls", _t84);
					_t201 = _t201 + 0xc;
				}
				_push(_t163);
				_t85 = E011939DF(8, 1);
				 *((intOrPtr*)(_t191 + 0x7c)) = _t85;
				if(_t85 != 0) {
					 *((intOrPtr*)(_t191 + 0x80)) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) = E011939DF(0x58, 1);
					_t87 =  *((intOrPtr*)(_t191 + 0x7c));
					__eflags = _t87;
					if(_t87 != 0) {
						_t166 = _a44;
						 *((intOrPtr*)( *_t87 + 4)) = 3;
						_t90 =  *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c))));
						 *((intOrPtr*)(_t90 + 0x10)) = _t166;
						 *((intOrPtr*)(_t90 + 0x14)) = _a48;
						_t92 = E0119229E( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))), _a20, 0);
						__eflags = _t92;
						if(_t92 >= 0) {
							_t96 = E0119229E( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x18, _a32, 0);
							__eflags = _t96;
							if(_t96 >= 0) {
								_t101 = E0119229E( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x38, _a36, 0);
								__eflags = _t101;
								if(_t101 >= 0) {
									_t102 = _a40;
									_t175 = 0;
									__eflags = _t102;
									if(_t102 == 0) {
										L18:
										__eflags = _a72;
										if(_a72 == 0) {
											L22:
											_t176 = _a28;
											__eflags = _t176 - 4;
											if(_t176 == 4) {
												L25:
												_t190 = 1;
												_t197 = 0;
												__eflags = 0;
											} else {
												__eflags = _t176 - 3;
												if(_t176 == 3) {
													goto L25;
												} else {
													_t197 = 0;
													_t190 = 0;
												}
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)) + 4)) = _t190;
											 *((intOrPtr*)(_t191 + 0x40)) = _t176;
											 *((intOrPtr*)(_t191 + 0xa8)) = 1;
											 *((intOrPtr*)(_t191 + 0x8c)) = 1;
											 *((intOrPtr*)(_t191 + 0x14)) = _a16;
											__eflags = _t176 - 4;
											if(_t176 == 4) {
												L29:
												_t107 = 2;
											} else {
												__eflags = _t176 - 3;
												if(_t176 == 3) {
													goto L29;
												} else {
													_t107 = _t197;
												}
											}
											 *((intOrPtr*)(_t191 + 0x44)) = _t107;
											_t108 = _a48;
											 *((intOrPtr*)(_t191 + 0x2c)) = _t108;
											 *((intOrPtr*)(_t191 + 0x34)) = _t108;
											 *((intOrPtr*)(_t191 + 0x28)) = _t166;
											 *((intOrPtr*)(_t191 + 0x30)) = _t166;
											 *((intOrPtr*)(_t191 + 0x1c)) = _a52;
											_t110 = E0119229E(_t191, _a20, _t197);
											__eflags = _t110;
											if(_t110 >= 0) {
												_t52 = _t191 + 0x24; // 0x2e4
												_t199 = E0119229E(_t52, _a20, 0);
												__eflags = _t199;
												if(_t199 >= 0) {
													__eflags = _a56;
													_t54 = _t191 + 0x94; // 0x354
													_t167 = _t54;
													if(_a56 == 0) {
														L37:
														_t114 = _a12;
														__eflags = _t114;
														if(_t114 == 0) {
															L40:
															__eflags = _a60;
															if(_a60 == 0) {
																L47:
																__eflags = _a64;
																if(_a64 == 0) {
																	L54:
																	_t178 = _a4 + 0xf7530000;
																	asm("adc eax, 0xfffcfff9");
																	__eflags = _a8 - 5;
																	if(__eflags > 0) {
																		L58:
																		_t179 = 0;
																		__eflags = 0;
																		_t116 = 0;
																	} else {
																		if(__eflags < 0) {
																			L57:
																			_t116 = 1;
																			_t179 = 0;
																		} else {
																			__eflags = _t178 - 0x8f70000;
																			if(_t178 > 0x8f70000) {
																				goto L58;
																			} else {
																				goto L57;
																			}
																		}
																	}
																	__eflags = _a8 - 0x30009;
																	 *((intOrPtr*)(_t191 + 0xb0)) = _t116;
																	if(__eflags < 0) {
																		L63:
																		_t117 = _t179;
																	} else {
																		if(__eflags > 0) {
																			L62:
																			_t117 = 1;
																		} else {
																			__eflags = _a4 - 0x3ee0000;
																			if(_a4 < 0x3ee0000) {
																				goto L63;
																			} else {
																				goto L62;
																			}
																		}
																	}
																	_t168 = _a68;
																	 *((intOrPtr*)(_t191 + 0xb4)) = _t117;
																	__eflags = _t168;
																	if(_t168 != 0) {
																		_t180 = E011939DF(0x10, 1);
																		 *((intOrPtr*)(_t191 + 0x84)) = _t180;
																		__eflags = _t180;
																		if(_t180 != 0) {
																			 *((intOrPtr*)(_t191 + 0x88)) = 1;
																			 *((intOrPtr*)(_t180 + 0xc)) =  *((intOrPtr*)(_t168 + 0xc));
																			_t199 = E0119229E( *((intOrPtr*)(_t191 + 0x84)),  *_t168, 0);
																			__eflags = _t199;
																			if(_t199 < 0) {
																				goto L31;
																			} else {
																				_t199 = E0119229E( *((intOrPtr*)(_t191 + 0x84)) + 4,  *((intOrPtr*)(_t168 + 4)), 0);
																				__eflags = _t199;
																				if(_t199 >= 0) {
																					_t199 = E0119229E( *((intOrPtr*)(_t191 + 0x84)) + 8,  *((intOrPtr*)(_t168 + 8)), 0);
																					__eflags = _t199;
																					if(_t199 < 0) {
																						_push("Failed to copy display name for pseudo bundle.");
																						goto L72;
																					}
																				} else {
																					_push("Failed to copy version for pseudo bundle.");
																					goto L72;
																				}
																			}
																		} else {
																			_t192 = 0x8007000e;
																			_t199 = 0x8007000e;
																			E011938BA(_t121, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0x89, 0x8007000e);
																			_push("Failed to allocate memory for dependency providers.");
																			goto L4;
																		}
																	}
																} else {
																	_t63 = _t191 + 0x9c; // 0x35c
																	_t170 = _t63;
																	_t199 = E0119229E(_t63, _a64, 0);
																	__eflags = _t199;
																	if(_t199 >= 0) {
																		_t139 = _a12;
																		__eflags = _t139;
																		if(_t139 == 0) {
																			L53:
																			 *((intOrPtr*)(_t191 + 0x18)) = 1;
																			goto L54;
																		} else {
																			_t199 = E01191FF4(_t170, _t139, 0);
																			__eflags = _t199;
																			if(_t199 >= 0) {
																				goto L53;
																			} else {
																				_push("Failed to append relation type to uninstall arguments for related bundle package");
																				goto L72;
																			}
																		}
																	} else {
																		_push("Failed to copy uninstall arguments for related bundle package");
																		goto L72;
																	}
																}
															} else {
																_t58 = _t191 + 0x98; // 0x358
																_t171 = _t58;
																_t199 = E0119229E(_t58, _a60, 0);
																__eflags = _t199;
																if(_t199 >= 0) {
																	_t143 = _a12;
																	__eflags = _t143;
																	if(_t143 == 0) {
																		L46:
																		 *((intOrPtr*)(_t191 + 0xac)) = 1;
																		goto L47;
																	} else {
																		_t199 = E01191FF4(_t171, _t143, 0);
																		__eflags = _t199;
																		if(_t199 >= 0) {
																			goto L46;
																		} else {
																			_push("Failed to append relation type to repair arguments for related bundle package");
																			goto L72;
																		}
																	}
																} else {
																	_push("Failed to copy repair arguments for related bundle package");
																	goto L72;
																}
															}
														} else {
															_t199 = E01191FF4(_t167, _t114, 0);
															__eflags = _t199;
															if(_t199 >= 0) {
																goto L40;
															} else {
																_push("Failed to append relation type to install arguments for related bundle package");
																goto L72;
															}
														}
													} else {
														_t199 = E0119229E(_t167, _a56, 0);
														__eflags = _t199;
														if(_t199 >= 0) {
															goto L37;
														} else {
															_push("Failed to copy install arguments for related bundle package");
															goto L72;
														}
													}
												} else {
													_push("Failed to copy cache id for pseudo bundle.");
													goto L72;
												}
											} else {
												L31:
												_push("Failed to copy key for pseudo bundle.");
												goto L72;
											}
										} else {
											_t200 = _a76;
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x30)) = E011939DF(_t200, _t175);
											_t150 =  *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c))));
											__eflags =  *((intOrPtr*)(_t150 + 0x30));
											if( *((intOrPtr*)(_t150 + 0x30)) != 0) {
												 *((intOrPtr*)(_t150 + 0x34)) = _t200;
												E01193C78( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x34)), _a72, _t200);
												goto L22;
											} else {
												_t192 = 0x8007000e;
												_t199 = 0x8007000e;
												E011938BA(_t150, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0x3f, 0x8007000e);
												_push("Failed to allocate memory for pseudo bundle payload hash.");
												goto L4;
											}
										}
									} else {
										__eflags =  *_t102;
										if( *_t102 == 0) {
											goto L18;
										} else {
											_t199 = E0119229E( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x40, _t102, 0);
											__eflags = _t199;
											if(_t199 >= 0) {
												_t175 = 0;
												__eflags = 0;
												goto L18;
											} else {
												_push("Failed to copy download source for pseudo bundle.");
												goto L72;
											}
										}
									}
								} else {
									_push("Failed to copy local source path for pseudo bundle.");
									goto L72;
								}
							} else {
								_push("Failed to copy filename for pseudo bundle.");
								goto L72;
							}
						} else {
							_push("Failed to copy key for pseudo bundle payload.");
							L72:
							_push(_t199);
							goto L73;
						}
					} else {
						_t192 = 0x8007000e;
						_t199 = 0x8007000e;
						E011938BA(_t87, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0x29, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L4;
					}
				} else {
					_t192 = 0x8007000e;
					_t199 = 0x8007000e;
					E011938BA(_t85, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0x25, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of related bundle struct");
					L4:
					_push(_t192);
					L73:
					E011CFB09();
				}
				_t118 = _a12;
				if(_a12 != 0) {
					E01192762(_t118);
				}
				return _t199;
			}



































                                                            0x011bc01f
                                                            0x011bc024
                                                            0x011bc02c
                                                            0x011bc036
                                                            0x011bc042
                                                            0x011bc047
                                                            0x011bc047
                                                            0x011bc04a
                                                            0x011bc051
                                                            0x011bc056
                                                            0x011bc05b
                                                            0x011bc07f
                                                            0x011bc08d
                                                            0x011bc08f
                                                            0x011bc092
                                                            0x011bc094
                                                            0x011bc0b3
                                                            0x011bc0bd
                                                            0x011bc0c7
                                                            0x011bc0c9
                                                            0x011bc0cc
                                                            0x011bc0d4
                                                            0x011bc0db
                                                            0x011bc0dd
                                                            0x011bc0f8
                                                            0x011bc0ff
                                                            0x011bc101
                                                            0x011bc11c
                                                            0x011bc123
                                                            0x011bc125
                                                            0x011bc131
                                                            0x011bc134
                                                            0x011bc136
                                                            0x011bc138
                                                            0x011bc161
                                                            0x011bc161
                                                            0x011bc165
                                                            0x011bc1bd
                                                            0x011bc1bd
                                                            0x011bc1c0
                                                            0x011bc1c3
                                                            0x011bc1d0
                                                            0x011bc1d2
                                                            0x011bc1d3
                                                            0x011bc1d3
                                                            0x011bc1c5
                                                            0x011bc1c5
                                                            0x011bc1c8
                                                            0x00000000
                                                            0x011bc1ca
                                                            0x011bc1ca
                                                            0x011bc1cc
                                                            0x011bc1cc
                                                            0x011bc1c8
                                                            0x011bc1d8
                                                            0x011bc1de
                                                            0x011bc1e1
                                                            0x011bc1e7
                                                            0x011bc1f0
                                                            0x011bc1f3
                                                            0x011bc1f6
                                                            0x011bc201
                                                            0x011bc203
                                                            0x011bc1f8
                                                            0x011bc1f8
                                                            0x011bc1fb
                                                            0x00000000
                                                            0x011bc1fd
                                                            0x011bc1fd
                                                            0x011bc1fd
                                                            0x011bc1fb
                                                            0x011bc208
                                                            0x011bc20b
                                                            0x011bc20e
                                                            0x011bc211
                                                            0x011bc218
                                                            0x011bc21b
                                                            0x011bc21e
                                                            0x011bc221
                                                            0x011bc228
                                                            0x011bc22a
                                                            0x011bc23c
                                                            0x011bc245
                                                            0x011bc247
                                                            0x011bc249
                                                            0x011bc255
                                                            0x011bc259
                                                            0x011bc259
                                                            0x011bc25f
                                                            0x011bc27d
                                                            0x011bc27d
                                                            0x011bc280
                                                            0x011bc282
                                                            0x011bc29e
                                                            0x011bc29e
                                                            0x011bc2a2
                                                            0x011bc2f1
                                                            0x011bc2f1
                                                            0x011bc2f5
                                                            0x011bc341
                                                            0x011bc347
                                                            0x011bc34d
                                                            0x011bc352
                                                            0x011bc355
                                                            0x011bc368
                                                            0x011bc368
                                                            0x011bc368
                                                            0x011bc36a
                                                            0x011bc357
                                                            0x011bc357
                                                            0x011bc361
                                                            0x011bc363
                                                            0x011bc364
                                                            0x011bc359
                                                            0x011bc359
                                                            0x011bc35f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011bc35f
                                                            0x011bc357
                                                            0x011bc36c
                                                            0x011bc373
                                                            0x011bc379
                                                            0x011bc38b
                                                            0x011bc38b
                                                            0x011bc37b
                                                            0x011bc37b
                                                            0x011bc386
                                                            0x011bc388
                                                            0x011bc37d
                                                            0x011bc37d
                                                            0x011bc384
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011bc384
                                                            0x011bc37b
                                                            0x011bc38d
                                                            0x011bc390
                                                            0x011bc396
                                                            0x011bc398
                                                            0x011bc3a7
                                                            0x011bc3a9
                                                            0x011bc3af
                                                            0x011bc3b1
                                                            0x011bc3d4
                                                            0x011bc3e1
                                                            0x011bc3f4
                                                            0x011bc3f6
                                                            0x011bc3f8
                                                            0x00000000
                                                            0x011bc3fe
                                                            0x011bc413
                                                            0x011bc415
                                                            0x011bc417
                                                            0x011bc435
                                                            0x011bc437
                                                            0x011bc439
                                                            0x011bc43b
                                                            0x00000000
                                                            0x011bc43b
                                                            0x011bc419
                                                            0x011bc419
                                                            0x00000000
                                                            0x011bc419
                                                            0x011bc417
                                                            0x011bc3b3
                                                            0x011bc3b3
                                                            0x011bc3c3
                                                            0x011bc3c5
                                                            0x011bc3ca
                                                            0x00000000
                                                            0x011bc3ca
                                                            0x011bc3b1
                                                            0x011bc2f7
                                                            0x011bc2f9
                                                            0x011bc2f9
                                                            0x011bc309
                                                            0x011bc30b
                                                            0x011bc30d
                                                            0x011bc319
                                                            0x011bc31c
                                                            0x011bc31e
                                                            0x011bc33a
                                                            0x011bc33a
                                                            0x00000000
                                                            0x011bc320
                                                            0x011bc32a
                                                            0x011bc32c
                                                            0x011bc32e
                                                            0x00000000
                                                            0x011bc330
                                                            0x011bc330
                                                            0x00000000
                                                            0x011bc330
                                                            0x011bc32e
                                                            0x011bc30f
                                                            0x011bc30f
                                                            0x00000000
                                                            0x011bc30f
                                                            0x011bc30d
                                                            0x011bc2a4
                                                            0x011bc2a6
                                                            0x011bc2a6
                                                            0x011bc2b6
                                                            0x011bc2b8
                                                            0x011bc2ba
                                                            0x011bc2c6
                                                            0x011bc2c9
                                                            0x011bc2cb
                                                            0x011bc2e7
                                                            0x011bc2e7
                                                            0x00000000
                                                            0x011bc2cd
                                                            0x011bc2d7
                                                            0x011bc2d9
                                                            0x011bc2db
                                                            0x00000000
                                                            0x011bc2dd
                                                            0x011bc2dd
                                                            0x00000000
                                                            0x011bc2dd
                                                            0x011bc2db
                                                            0x011bc2bc
                                                            0x011bc2bc
                                                            0x00000000
                                                            0x011bc2bc
                                                            0x011bc2ba
                                                            0x011bc284
                                                            0x011bc28e
                                                            0x011bc290
                                                            0x011bc292
                                                            0x00000000
                                                            0x011bc294
                                                            0x011bc294
                                                            0x00000000
                                                            0x011bc294
                                                            0x011bc292
                                                            0x011bc261
                                                            0x011bc26d
                                                            0x011bc26f
                                                            0x011bc271
                                                            0x00000000
                                                            0x011bc273
                                                            0x011bc273
                                                            0x00000000
                                                            0x011bc273
                                                            0x011bc271
                                                            0x011bc24b
                                                            0x011bc24b
                                                            0x00000000
                                                            0x011bc24b
                                                            0x011bc22c
                                                            0x011bc22c
                                                            0x011bc22c
                                                            0x00000000
                                                            0x011bc22c
                                                            0x011bc167
                                                            0x011bc167
                                                            0x011bc176
                                                            0x011bc17e
                                                            0x011bc180
                                                            0x011bc183
                                                            0x011bc1a3
                                                            0x011bc1b5
                                                            0x00000000
                                                            0x011bc185
                                                            0x011bc185
                                                            0x011bc192
                                                            0x011bc194
                                                            0x011bc199
                                                            0x00000000
                                                            0x011bc199
                                                            0x011bc183
                                                            0x011bc13a
                                                            0x011bc13a
                                                            0x011bc13d
                                                            0x00000000
                                                            0x011bc13f
                                                            0x011bc14f
                                                            0x011bc151
                                                            0x011bc153
                                                            0x011bc15f
                                                            0x011bc15f
                                                            0x00000000
                                                            0x011bc155
                                                            0x011bc155
                                                            0x00000000
                                                            0x011bc155
                                                            0x011bc153
                                                            0x011bc13d
                                                            0x011bc127
                                                            0x011bc127
                                                            0x00000000
                                                            0x011bc127
                                                            0x011bc103
                                                            0x011bc103
                                                            0x00000000
                                                            0x011bc103
                                                            0x011bc0df
                                                            0x011bc0df
                                                            0x011bc440
                                                            0x011bc440
                                                            0x00000000
                                                            0x011bc440
                                                            0x011bc096
                                                            0x011bc096
                                                            0x011bc0a3
                                                            0x011bc0a5
                                                            0x011bc0aa
                                                            0x00000000
                                                            0x011bc0aa
                                                            0x011bc05d
                                                            0x011bc05d
                                                            0x011bc06a
                                                            0x011bc06c
                                                            0x011bc071
                                                            0x011bc076
                                                            0x011bc076
                                                            0x011bc441
                                                            0x011bc441
                                                            0x011bc447
                                                            0x011bc448
                                                            0x011bc44e
                                                            0x011bc451
                                                            0x011bc451
                                                            0x011bc45b

                                                            Strings
                                                            • Failed to copy key for pseudo bundle., xrefs: 011BC22C
                                                            • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 011BC0AA
                                                            • Failed to copy repair arguments for related bundle package, xrefs: 011BC2BC
                                                            • Failed to append relation type to repair arguments for related bundle package, xrefs: 011BC2DD
                                                            • Failed to copy download source for pseudo bundle., xrefs: 011BC155
                                                            • Failed to copy filename for pseudo bundle., xrefs: 011BC103
                                                            • Failed to copy key for pseudo bundle payload., xrefs: 011BC0DF
                                                            • Failed to copy local source path for pseudo bundle., xrefs: 011BC127
                                                            • c:\agent\_work\66\s\src\burn\engine\pseudobundle.cpp, xrefs: 011BC065, 011BC09E, 011BC18D, 011BC3BE
                                                            • Failed to copy display name for pseudo bundle., xrefs: 011BC43B
                                                            • Failed to allocate memory for dependency providers., xrefs: 011BC3CA
                                                            • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 011BC330
                                                            • Failed to copy cache id for pseudo bundle., xrefs: 011BC24B
                                                            • Failed to copy install arguments for related bundle package, xrefs: 011BC273
                                                            • Failed to append relation type to install arguments for related bundle package, xrefs: 011BC294
                                                            • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 011BC071
                                                            • -%ls, xrefs: 011BC03C
                                                            • Failed to copy version for pseudo bundle., xrefs: 011BC419
                                                            • Failed to copy uninstall arguments for related bundle package, xrefs: 011BC30F
                                                            • Failed to allocate memory for pseudo bundle payload hash., xrefs: 011BC199
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateProcess
                                                            • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$c:\agent\_work\66\s\src\burn\engine\pseudobundle.cpp
                                                            • API String ID: 1357844191-3959581252
                                                            • Opcode ID: d843645bdef59e5e7c4e4aaf6d4f370b50a5606523bab97151b137c2d32d3bcd
                                                            • Instruction ID: 22c2226fe2d3195a9aa2ced9527247671b281e3785b67c26eba09dbfa60ed2f5
                                                            • Opcode Fuzzy Hash: d843645bdef59e5e7c4e4aaf6d4f370b50a5606523bab97151b137c2d32d3bcd
                                                            • Instruction Fuzzy Hash: ADC1D271700657BBEB2E9F78C885BAA7BA8BF04654F01412AFD25EB210D770E8108BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01194639 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 140sleepshutdownCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 64%
                                                            			E01194639(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				signed short _t20;
				signed short _t22;
				signed short _t23;
				int _t24;
				void* _t42;
				int _t44;
				signed short _t45;
				signed int _t50;
				signed short _t53;

				_t42 = __edx;
				_t13 =  *0x11fa008; // 0x295f764a
				_v8 = _t13 ^ _t50;
				asm("stosd");
				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t44 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 0x20,  &_v28) != 0) {
					_v24.PrivilegeCount = 1;
					_v12 = 2;
					_t20 = LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v24.Privileges));
					__eflags = _t20;
					if(_t20 != 0) {
						_t22 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0x10, 0, 0);
						__eflags = _t22;
						if(_t22 != 0) {
							while(1) {
								_t45 = 0;
								Sleep(0x3e8);
								_t23 =  *0x11faa30(0, 0, 0, 0, 1, 0x80040002);
								__eflags = _t23;
								if(_t23 == 0) {
									_t45 = GetLastError();
									__eflags = _t45;
									if(_t45 > 0) {
										_t45 = _t45 & 0x0000ffff | 0x80070000;
										__eflags = _t45;
									}
								}
								_t24 = _t44;
								_t44 = _t44 + 1;
								__eflags = _t24 - 0xa;
								if(_t24 >= 0xa) {
									break;
								}
								__eflags = _t45 - 0x800704f7;
								if(_t45 == 0x800704f7) {
									continue;
								}
								__eflags = _t45 - 0x80070015;
								if(_t45 == 0x80070015) {
									continue;
								}
								break;
							}
							__eflags = _t45;
							if(_t45 >= 0) {
								L27:
								if(_v28 != 0) {
									CloseHandle(_v28);
								}
								return E011BDD1F(0, _v8 ^ _t50, _t42, _t44, _t45);
							}
							E011938BA(_t24, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\engine.cpp", 0x376, _t45);
							_push("Failed to schedule restart.");
							L26:
							_push(_t45);
							E011CFB09();
							goto L27;
						}
						_t45 = GetLastError();
						__eflags = _t45;
						if(__eflags > 0) {
							_t45 = _t45 & 0x0000ffff | 0x80070000;
							__eflags = _t45;
						}
						if(__eflags >= 0) {
							_t45 = 0x80004005;
						}
						E011938BA(_t31, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\engine.cpp", 0x362, _t45);
						_push("Failed to adjust token to add shutdown privileges.");
						goto L26;
					}
					_t45 = GetLastError();
					__eflags = _t45;
					if(__eflags > 0) {
						_t45 = _t45 & 0x0000ffff | 0x80070000;
						__eflags = _t45;
					}
					if(__eflags >= 0) {
						_t45 = 0x80004005;
					}
					E011938BA(_t33, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\engine.cpp", 0x35d, _t45);
					_push("Failed to get shutdown privilege LUID.");
					goto L26;
				}
				_t45 = GetLastError();
				if(_t45 > 0) {
					_t45 = _t45 & 0x0000ffff | 0x80070000;
					_t53 = _t45;
				}
				if(_t53 >= 0) {
					_t45 = 0x80004005;
				}
				E011938BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\engine.cpp", 0x356, _t45);
				_push("Failed to get process token.");
				goto L26;
			}




















                                                            0x01194639
                                                            0x0119463f
                                                            0x01194646
                                                            0x01194651
                                                            0x01194654
                                                            0x01194657
                                                            0x01194658
                                                            0x01194659
                                                            0x01194660
                                                            0x01194671
                                                            0x011946ae
                                                            0x011946bc
                                                            0x011946c3
                                                            0x011946c9
                                                            0x011946cb
                                                            0x01194711
                                                            0x01194717
                                                            0x01194719
                                                            0x01194750
                                                            0x01194755
                                                            0x01194757
                                                            0x01194768
                                                            0x0119476e
                                                            0x01194770
                                                            0x01194778
                                                            0x0119477a
                                                            0x0119477c
                                                            0x01194781
                                                            0x01194781
                                                            0x01194781
                                                            0x0119477c
                                                            0x01194787
                                                            0x01194789
                                                            0x0119478a
                                                            0x0119478d
                                                            0x00000000
                                                            0x00000000
                                                            0x0119478f
                                                            0x01194795
                                                            0x00000000
                                                            0x00000000
                                                            0x01194797
                                                            0x0119479d
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119479d
                                                            0x0119479f
                                                            0x011947a1
                                                            0x011947c0
                                                            0x011947c3
                                                            0x011947c8
                                                            0x011947c8
                                                            0x011947de
                                                            0x011947de
                                                            0x011947ae
                                                            0x011947b3
                                                            0x011947b8
                                                            0x011947b8
                                                            0x011947b9
                                                            0x00000000
                                                            0x011947bf
                                                            0x01194721
                                                            0x01194723
                                                            0x01194725
                                                            0x0119472a
                                                            0x01194730
                                                            0x01194730
                                                            0x01194732
                                                            0x01194734
                                                            0x01194734
                                                            0x01194744
                                                            0x01194749
                                                            0x00000000
                                                            0x01194749
                                                            0x011946d3
                                                            0x011946d5
                                                            0x011946d7
                                                            0x011946dc
                                                            0x011946e2
                                                            0x011946e2
                                                            0x011946e4
                                                            0x011946e6
                                                            0x011946e6
                                                            0x011946f6
                                                            0x011946fb
                                                            0x00000000
                                                            0x011946fb
                                                            0x01194679
                                                            0x0119467d
                                                            0x01194682
                                                            0x01194688
                                                            0x01194688
                                                            0x0119468a
                                                            0x0119468c
                                                            0x0119468c
                                                            0x0119469c
                                                            0x011946a1
                                                            0x00000000

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(00000020,?,00000001,00000000,?,?,?,?,?,?,?), ref: 01194662
                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 01194669
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 01194673
                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 011946C3
                                                            • GetLastError.KERNEL32 ref: 011946CD
                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 01194711
                                                            • GetLastError.KERNEL32 ref: 0119471B
                                                            • Sleep.KERNEL32(000003E8), ref: 01194757
                                                            • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,80040002), ref: 01194768
                                                            • GetLastError.KERNEL32 ref: 01194772
                                                            • CloseHandle.KERNEL32(?), ref: 011947C8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$ProcessToken$AdjustCloseCurrentHandleInitiateLookupOpenPrivilegePrivilegesShutdownSleepSystemValue
                                                            • String ID: @Mqt$Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$Jv_)$SeShutdownPrivilege$c:\agent\_work\66\s\src\burn\engine\engine.cpp
                                                            • API String ID: 2241679041-320834957
                                                            • Opcode ID: 9613909ac783134f7db6f640168c298ad190e7b4f35c86bd6d171be25700a3d6
                                                            • Instruction ID: 883cbc3e6d9d6b44020b03121f224ec6efb559de9918f0fb9b08ab60d1c4636d
                                                            • Opcode Fuzzy Hash: 9613909ac783134f7db6f640168c298ad190e7b4f35c86bd6d171be25700a3d6
                                                            • Instruction Fuzzy Hash: 41415D7794163AB7EB3C9AB56E45B6F7AA8BF01654F020128FF21BB140D7289C4146D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A4E6A Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 164pipeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 42%
                                                            			E011A4E6A(intOrPtr* _a4, signed short _a8, signed short* _a12) {
				long _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				signed int _v24;
				void* _v28;
				void* _t38;
				signed short* _t39;
				void** _t53;
				void* _t59;
				intOrPtr* _t64;
				signed short _t65;
				signed short _t77;

				_v16 = _v16 | 0xffffffff;
				asm("stosd");
				_v12 = 0;
				_v8 = 0;
				asm("stosd");
				asm("stosd");
				if(_a8 != 0) {
					L8:
					_t64 = _a4;
					_t65 = E01192022( &_v8, L"\\\\.\\pipe\\%ls",  *_t64);
					__eflags = _t65;
					if(_t65 >= 0) {
						asm("sbb eax, eax");
						_t59 = CreateNamedPipeW(_v8, 0x80003, 0, 1, 0x10000, 0x10000, 1,  ~_v12 &  &_v28);
						__eflags = _t59 - 0xffffffff;
						if(_t59 != 0xffffffff) {
							__eflags = _a8;
							if(_a8 == 0) {
								_t38 = _v16;
								goto L28;
							} else {
								_t65 = E01192022( &_v8, L"\\\\.\\pipe\\%ls.Cache",  *_t64);
								__eflags = _t65;
								if(_t65 >= 0) {
									_t38 = CreateNamedPipeW(_v8, 0x80003, 0, 1, 0x10000, 0x10000, 1, 0);
									__eflags = _t38 - 0xffffffff;
									if(_t38 != 0xffffffff) {
										L28:
										 *(_t64 + 0x14) = _t38;
										_t39 = _a12;
										 *(_t64 + 0x10) = _t59;
										 *_t39 =  *_t39 & 0x00000000;
										__eflags =  *_t39;
									} else {
										_t65 = GetLastError();
										__eflags = _t65;
										if(__eflags > 0) {
											_t65 = _t65 & 0x0000ffff | 0x80070000;
											__eflags = _t65;
										}
										if(__eflags >= 0) {
											_t65 = 0x80004005;
										}
										E011938BA(_t46, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x132, _t65);
										_push(_v8);
										_push("Failed to create pipe: %ls");
										goto L26;
									}
								} else {
									_push( *_t64);
									_push("Failed to allocate full name of cache pipe: %ls");
									L26:
									_push(_t65);
									E011CFB09();
									CloseHandle(_t59);
								}
							}
						} else {
							_t65 = GetLastError();
							__eflags = _t65;
							if(__eflags > 0) {
								_t65 = _t65 & 0x0000ffff | 0x80070000;
								__eflags = _t65;
							}
							if(__eflags >= 0) {
								_t65 = 0x80004005;
							}
							E011938BA(_t50, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x126, _t65);
							_push(_v8);
							_push("Failed to create pipe: %ls");
							goto L10;
						}
					} else {
						_push( *_t64);
						_push("Failed to allocate full name of pipe: %ls");
						L10:
						_push(_t65);
						E011CFB09();
					}
				} else {
					_push(0);
					_t53 =  &_v12;
					_push(_t53);
					_push(1);
					_push(L"D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)");
					L011BDD19();
					if(_t53 != 0) {
						_v28 = 0xc;
						_v24 = _v12;
						_v20 = 0;
						goto L8;
					} else {
						_t65 = GetLastError();
						if(_t65 > 0) {
							_t65 = _t65 & 0x0000ffff | 0x80070000;
							_t77 = _t65;
						}
						if(_t77 >= 0) {
							_t65 = 0x80004005;
						}
						E011938BA(_t55, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x116, _t65);
						_push("Failed to create the security descriptor for the connection event and pipe.");
						_push(_t65);
						E011CFB09();
					}
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				if(_v12 != 0) {
					LocalFree(_v12);
				}
				return _t65;
			}
















                                                            0x011a4e70
                                                            0x011a4e7e
                                                            0x011a4e7f
                                                            0x011a4e82
                                                            0x011a4e85
                                                            0x011a4e86
                                                            0x011a4e8a
                                                            0x011a4ef1
                                                            0x011a4ef1
                                                            0x011a4f04
                                                            0x011a4f09
                                                            0x011a4f0b
                                                            0x011a4f2a
                                                            0x011a4f49
                                                            0x011a4f4b
                                                            0x011a4f4e
                                                            0x011a4f88
                                                            0x011a4f8c
                                                            0x011a501e
                                                            0x00000000
                                                            0x011a4f92
                                                            0x011a4fa2
                                                            0x011a4fa7
                                                            0x011a4fa9
                                                            0x011a4fcb
                                                            0x011a4fd1
                                                            0x011a4fd4
                                                            0x011a5021
                                                            0x011a5021
                                                            0x011a5024
                                                            0x011a5027
                                                            0x011a502a
                                                            0x011a502a
                                                            0x011a4fd6
                                                            0x011a4fdc
                                                            0x011a4fde
                                                            0x011a4fe0
                                                            0x011a4fe5
                                                            0x011a4feb
                                                            0x011a4feb
                                                            0x011a4fed
                                                            0x011a4fef
                                                            0x011a4fef
                                                            0x011a4fff
                                                            0x011a5004
                                                            0x011a5007
                                                            0x00000000
                                                            0x011a5007
                                                            0x011a4fab
                                                            0x011a4fab
                                                            0x011a4fad
                                                            0x011a500c
                                                            0x011a500c
                                                            0x011a500d
                                                            0x011a5016
                                                            0x011a5016
                                                            0x011a4fa9
                                                            0x011a4f50
                                                            0x011a4f56
                                                            0x011a4f58
                                                            0x011a4f5a
                                                            0x011a4f5f
                                                            0x011a4f65
                                                            0x011a4f65
                                                            0x011a4f67
                                                            0x011a4f69
                                                            0x011a4f69
                                                            0x011a4f79
                                                            0x011a4f7e
                                                            0x011a4f81
                                                            0x00000000
                                                            0x011a4f81
                                                            0x011a4f0d
                                                            0x011a4f0d
                                                            0x011a4f0f
                                                            0x011a4f14
                                                            0x011a4f14
                                                            0x011a4f15
                                                            0x011a4f1a
                                                            0x011a4e8c
                                                            0x011a4e8c
                                                            0x011a4e8d
                                                            0x011a4e90
                                                            0x011a4e91
                                                            0x011a4e93
                                                            0x011a4e98
                                                            0x011a4e9f
                                                            0x011a4ee4
                                                            0x011a4eeb
                                                            0x011a4eee
                                                            0x00000000
                                                            0x011a4ea1
                                                            0x011a4ea7
                                                            0x011a4eab
                                                            0x011a4eb0
                                                            0x011a4eb6
                                                            0x011a4eb6
                                                            0x011a4eb8
                                                            0x011a4eba
                                                            0x011a4eba
                                                            0x011a4eca
                                                            0x011a4ecf
                                                            0x011a4ed4
                                                            0x011a4ed5
                                                            0x011a4edb
                                                            0x011a4e9f
                                                            0x011a5031
                                                            0x011a5036
                                                            0x011a5036
                                                            0x011a503f
                                                            0x011a5044
                                                            0x011a5044
                                                            0x011a5050

                                                            APIs
                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 011A4E98
                                                            • GetLastError.KERNEL32(?,00000000,?,?,0119457C,?), ref: 011A4EA1
                                                            • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,?,?,00000000,?,?,0119457C,?), ref: 011A4F43
                                                            • GetLastError.KERNEL32(?,0119457C,?), ref: 011A4F50
                                                            • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,00000000,?,?,?,?,?,?,?,0119457C), ref: 011A4FCB
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,0119457C,?), ref: 011A4FD6
                                                            • CloseHandle.KERNEL32(00000000,c:\agent\_work\66\s\src\burn\engine\pipe.cpp,00000132,00000000,?,?,?,?,?,?,?,0119457C,?), ref: 011A5016
                                                            • LocalFree.KERNEL32(00000000,?,0119457C,?), ref: 011A5044
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CreateDescriptorNamedPipeSecurity$CloseConvertFreeHandleLocalString
                                                            • String ID: @Mqt$D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$c:\agent\_work\66\s\src\burn\engine\pipe.cpp
                                                            • API String ID: 1214480349-2519884553
                                                            • Opcode ID: e371328530b507486f7a99b48d836fa6e9c66a16167cf7aadb666482e2b56854
                                                            • Instruction ID: 01825a749dd9ad282bd5b4fe2d512c47f895ce3c5ef6f7ab4ed4d18b36654940
                                                            • Opcode Fuzzy Hash: e371328530b507486f7a99b48d836fa6e9c66a16167cf7aadb666482e2b56854
                                                            • Instruction Fuzzy Hash: 1F510976D41226BBDB299AE8DC09B9EBFB5BF14710F110124FE10B7280D3B55E408BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CF79E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 131threadtimeCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E011CF79E(void* __edi, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				signed int _v28;
				signed int _v32;
				long _v36;
				long _v40;
				void* __ebx;
				void* __esi;
				signed int _t33;
				void* _t39;
				intOrPtr* _t42;
				void* _t43;
				signed int _t48;
				signed int _t49;
				char* _t50;
				void* _t58;
				signed int _t59;
				char* _t60;
				intOrPtr _t63;
				signed int _t67;
				intOrPtr _t69;
				signed int _t70;
				void* _t73;

				_t64 = __edi;
				_t33 =  *0x11fa008; // 0x295f764a
				_v8 = _t33 ^ _t70;
				_t59 = _a12;
				_t68 = 0;
				_v32 = _v32 & 0;
				_v28 = _v28 & 0;
				_t73 =  *0x11fb5c8 - _t68; // 0x0
				if(_t73 != 0) {
					L27:
					return E011BDD1F(_t59, _v8 ^ _t70, _t63, _t64, _t68);
				}
				EnterCriticalSection(0x11fb5d4);
				if(_a16 == 0) {
					L16:
					_t37 = _v32;
					if(_v32 == 0) {
						_t37 = _t59;
					}
					_t39 = E0119252E(_t63,  &_v28, _t37, 0, 0xfde9);
					_t68 = _t39;
					if(_t39 >= 0) {
						_t42 =  *0x11fb5fc; // 0x0
						if(_t42 == 0) {
							_t43 = E011D002E(_t60, _v28);
						} else {
							_t43 =  *_t42(_v28,  *0x11fb600);
						}
						_t68 = _t43;
					}
					L23:
					LeaveCriticalSection(0x11fb5d4);
					if(_v32 != 0) {
						E01192762(_v32);
					}
					if(_v28 != 0) {
						E01192762(_v28);
					}
					goto L27;
				}
				_push(__edi);
				_v40 = GetCurrentProcessId();
				_v36 = GetCurrentThreadId();
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				GetLocalTime( &_v24);
				_t48 = _a8;
				_t49 = _t48 & 0xf0000000;
				_t67 = _t48 & 0x0fffffff;
				if(_t49 == 0xe0000000 || _a4 == 5) {
					_t50 = "e";
				} else {
					if(_t49 == 0xa0000000 || _a4 == 1) {
						_t50 = "w";
					} else {
						_t50 = "i";
					}
				}
				_t60 =  *0x11fb5f4; // 0x0
				if(_t60 == 0) {
					_t60 = L"\r\n";
				}
				_t69 =  *0x11fb5f8; // 0x0
				if(_t69 == 0) {
					_t69 = 0x11da534;
				}
				_t63 =  *0x11fb5f0; // 0x0
				if(_t63 == 0) {
					_t63 = 0x11da534;
				}
				_push(_t60);
				_push(_t59);
				_push(_t69);
				_push(_t67);
				_push(_t50);
				_push(_v24.wSecond & 0x0000ffff);
				_push(_v24.wMinute & 0x0000ffff);
				_push(_v24.wHour & 0x0000ffff);
				_push(_v24.wDay & 0x0000ffff);
				_push(_v24.wMonth & 0x0000ffff);
				_push(_v24.wYear & 0x0000ffff);
				_push(_v36);
				_push(_v40);
				_t58 = E01192022( &_v32, L"%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls", _t63);
				_t68 = _t58;
				_pop(_t64);
				if(_t58 < 0) {
					goto L23;
				} else {
					goto L16;
				}
			}


























                                                            0x011cf79e
                                                            0x011cf7a4
                                                            0x011cf7ab
                                                            0x011cf7af
                                                            0x011cf7b3
                                                            0x011cf7b5
                                                            0x011cf7b8
                                                            0x011cf7bb
                                                            0x011cf7c1
                                                            0x011cf914
                                                            0x011cf923
                                                            0x011cf923
                                                            0x011cf7cc
                                                            0x011cf7d5
                                                            0x011cf8ad
                                                            0x011cf8ad
                                                            0x011cf8b2
                                                            0x011cf8b4
                                                            0x011cf8b4
                                                            0x011cf8c2
                                                            0x011cf8c7
                                                            0x011cf8cb
                                                            0x011cf8cd
                                                            0x011cf8d4
                                                            0x011cf8e6
                                                            0x011cf8d6
                                                            0x011cf8df
                                                            0x011cf8df
                                                            0x011cf8eb
                                                            0x011cf8eb
                                                            0x011cf8ed
                                                            0x011cf8f2
                                                            0x011cf8fc
                                                            0x011cf901
                                                            0x011cf901
                                                            0x011cf90a
                                                            0x011cf90f
                                                            0x011cf90f
                                                            0x00000000
                                                            0x011cf90a
                                                            0x011cf7db
                                                            0x011cf7e2
                                                            0x011cf7eb
                                                            0x011cf7f3
                                                            0x011cf7f4
                                                            0x011cf7f5
                                                            0x011cf7f6
                                                            0x011cf7fb
                                                            0x011cf801
                                                            0x011cf806
                                                            0x011cf80b
                                                            0x011cf816
                                                            0x011cf839
                                                            0x011cf81e
                                                            0x011cf823
                                                            0x011cf832
                                                            0x011cf82b
                                                            0x011cf82b
                                                            0x011cf82b
                                                            0x011cf823
                                                            0x011cf83e
                                                            0x011cf846
                                                            0x011cf848
                                                            0x011cf848
                                                            0x011cf84d
                                                            0x011cf855
                                                            0x011cf857
                                                            0x011cf857
                                                            0x011cf85c
                                                            0x011cf864
                                                            0x011cf866
                                                            0x011cf866
                                                            0x011cf86b
                                                            0x011cf86c
                                                            0x011cf86d
                                                            0x011cf86e
                                                            0x011cf86f
                                                            0x011cf874
                                                            0x011cf879
                                                            0x011cf87e
                                                            0x011cf883
                                                            0x011cf888
                                                            0x011cf88d
                                                            0x011cf88e
                                                            0x011cf894
                                                            0x011cf89e
                                                            0x011cf8a6
                                                            0x011cf8a8
                                                            0x011cf8ab
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(011FB5D4,00000000,?,?,?,?,011B1074,8007139F,Invalid operation for this state.,c:\agent\_work\66\s\src\burn\engine\cabextract.cpp,000001C7,8007139F), ref: 011CF7CC
                                                            • GetCurrentProcessId.KERNEL32(00000000,?,011B1074,8007139F,Invalid operation for this state.,c:\agent\_work\66\s\src\burn\engine\cabextract.cpp,000001C7,8007139F), ref: 011CF7DC
                                                            • GetCurrentThreadId.KERNEL32 ref: 011CF7E5
                                                            • GetLocalTime.KERNEL32(8007139F,?,011B1074,8007139F,Invalid operation for this state.,c:\agent\_work\66\s\src\burn\engine\cabextract.cpp,000001C7,8007139F), ref: 011CF7FB
                                                            • LeaveCriticalSection.KERNEL32(011FB5D4,011B1074,?,00000000,0000FDE9,?,011B1074,8007139F,Invalid operation for this state.,c:\agent\_work\66\s\src\burn\engine\cabextract.cpp,000001C7,8007139F), ref: 011CF8F2
                                                            Strings
                                                            • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 011CF898
                                                            • Jv_), xrefs: 011CF7A4
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                            • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls$Jv_)
                                                            • API String ID: 296830338-3902020211
                                                            • Opcode ID: 5bd891f594db0b9e89958f87c011aada2ec2deb922589bbe86eb8986b2d971a9
                                                            • Instruction ID: 7b4d846ed7c6e0f1442598d908e60e9e059c1dddbb5f92d423b9b0f4648c379c
                                                            • Opcode Fuzzy Hash: 5bd891f594db0b9e89958f87c011aada2ec2deb922589bbe86eb8986b2d971a9
                                                            • Instruction Fuzzy Hash: 78419371D0111AABDF298FA9D844ABFB6B6EB18B44F10402DF611B6154D7389D82CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D8039 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 76timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 39%
                                                            			E011D8039(void* __ebx, signed int __edx, intOrPtr _a4, struct _SYSTEMTIME* _a8, intOrPtr _a12) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				struct _TIME_ZONE_INFORMATION _v196;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t39;
				void* _t59;
				signed int _t60;
				intOrPtr _t65;
				struct _SYSTEMTIME* _t66;
				signed int _t67;

				_t63 = __edx;
				_t59 = __ebx;
				_t30 =  *0x11fa008; // 0x295f764a
				_v8 = _t30 ^ _t67;
				_t66 = _a8;
				_t65 = _a4;
				if(_a12 == 0) {
					GetTimeZoneInformation( &_v196);
					SystemTimeToTzSpecificLocalTime( &_v196, _t66,  &_v24);
					asm("cdq");
					_t39 = (_v196.Bias ^ _t63) - _t63;
					_t60 = 0x3c;
					_t63 = _t39 % _t60;
					_push(_t39 % _t60);
					_push(_t39 / _t60);
					_push(0x2b + (0 | _v196.Bias > 0x00000000) * 2);
					_push(_v24.wSecond & 0x0000ffff);
					_push(_v24.wMinute & 0x0000ffff);
					_push(_v24.wHour & 0x0000ffff);
					_push(_v24.wDay & 0x0000ffff);
					_push(_v24.wMonth & 0x0000ffff);
					E01192022(_t65, L"%04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u", _v24.wYear & 0x0000ffff);
				} else {
					_push(_t66->wSecond & 0x0000ffff);
					_push(_t66->wMinute & 0x0000ffff);
					_push(_t66->wHour & 0x0000ffff);
					_push(_t66->wDay & 0x0000ffff);
					_push(_t66->wMonth & 0x0000ffff);
					E01192022(_t65, L"%04hu-%02hu-%02huT%02hu:%02hu:%02huZ", _t66->wYear & 0x0000ffff);
				}
				return E011BDD1F(_t59, _v8 ^ _t67, _t63, _t65, _t66);
			}















                                                            0x011d8039
                                                            0x011d8039
                                                            0x011d8042
                                                            0x011d8049
                                                            0x011d8051
                                                            0x011d8055
                                                            0x011d8058
                                                            0x011d808e
                                                            0x011d80a0
                                                            0x011d80ac
                                                            0x011d80af
                                                            0x011d80b5
                                                            0x011d80b6
                                                            0x011d80b8
                                                            0x011d80b9
                                                            0x011d80cc
                                                            0x011d80d1
                                                            0x011d80d6
                                                            0x011d80db
                                                            0x011d80e0
                                                            0x011d80e5
                                                            0x011d80f1
                                                            0x011d805a
                                                            0x011d805e
                                                            0x011d8063
                                                            0x011d8068
                                                            0x011d806d
                                                            0x011d8072
                                                            0x011d807d
                                                            0x011d8082
                                                            0x011d8106

                                                            APIs
                                                            • GetTimeZoneInformation.KERNEL32(?,00000001,00000000), ref: 011D808E
                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 011D80A0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Time$InformationLocalSpecificSystemZone
                                                            • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ$Jv_)$crypt32.dll$feclient.dll
                                                            • API String ID: 1772835396-1662924260
                                                            • Opcode ID: 5c471a7767a32f41e1af096790ad3778a5defa46306109827b58648745d337e2
                                                            • Instruction ID: 66e716c1c3cc7bbcef5515ef25162198e4c6bf4c719c2f0081a0c32f4ac9a146
                                                            • Opcode Fuzzy Hash: 5c471a7767a32f41e1af096790ad3778a5defa46306109827b58648745d337e2
                                                            • Instruction Fuzzy Hash: D4210CA2901128BADB24DFAA9C04FBFB3FCAB5C611F04445AF955D2080E73CAA80D770
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01192078 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E01192078(void* __ecx, intOrPtr _a4, long _a8, signed int _a12, char _a16) {
				short _v8;
				char* _v12;
				long _t20;
				signed short _t29;
				signed short _t34;

				_v12 =  &_a16;
				_v8 = 0;
				_t16 = _a12;
				asm("sbb eax, eax");
				_t20 = FormatMessageW(( ~_a12 & 0x00000800) + 0x11ff, _t16, _a8, 0,  &_v8, 0,  &_v12);
				_v12 = 0;
				if(_t20 != 0) {
					_t29 = E0119229E(_a4, _v8, _t20);
				} else {
					_t29 = GetLastError();
					if(_t29 > 0) {
						_t29 = _t29 & 0x0000ffff | 0x80070000;
						_t34 = _t29;
					}
					if(_t34 >= 0) {
						_t29 = 0x80004005;
					}
					E011938BA(_t24, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\strutil.cpp", 0x4a9, _t29);
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return _t29;
			}








                                                            0x01192083
                                                            0x0119208e
                                                            0x01192092
                                                            0x0119209c
                                                            0x011920a9
                                                            0x011920af
                                                            0x011920b4
                                                            0x011920f2
                                                            0x011920b6
                                                            0x011920bc
                                                            0x011920c0
                                                            0x011920c5
                                                            0x011920cb
                                                            0x011920cb
                                                            0x011920cd
                                                            0x011920cf
                                                            0x011920cf
                                                            0x011920df
                                                            0x011920df
                                                            0x011920f8
                                                            0x011920fd
                                                            0x011920fd
                                                            0x01192107

                                                            APIs
                                                            • FormatMessageW.KERNEL32(011942CC,011954CB,?,00000000,00000000,00000000,?,80070656,?,?,?,011AE5B6,00000000,011954CB,00000000,80070656), ref: 011920A9
                                                            • GetLastError.KERNEL32(?,?,?,011AE5B6,00000000,011954CB,00000000,80070656,?,?,011A4042,011954CB,?,80070656,00000001,crypt32.dll), ref: 011920B6
                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,?,011AE5B6,00000000,011954CB,00000000,80070656,?,?,011A4042,011954CB), ref: 011920FD
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\strutil.cpp, xrefs: 011920DA
                                                            • @Mqt, xrefs: 011920B6
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\strutil.cpp
                                                            • API String ID: 1365068426-178104475
                                                            • Opcode ID: 0103cd0474729ac9390405a4d57229aff563a09748ca5b83e2b0be402e972717
                                                            • Instruction ID: 9e5da7610e578054176ca991eed8fdd5b068253183ba302eab4f87293f50736b
                                                            • Opcode Fuzzy Hash: 0103cd0474729ac9390405a4d57229aff563a09748ca5b83e2b0be402e972717
                                                            • Instruction Fuzzy Hash: 89018EB790112AFBDF28DA94DD04ADE7AACEF04650F014161BE11F7100E7348E40D7A0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C34A2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 81%
                                                            			E011C34A2(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				void* _t69;
				intOrPtr _t70;
				signed int _t72;
				signed int _t74;

				_t70 = __esi;
				_t66 = __edx;
				_t61 = __ebx;
				_t72 = _t74;
				_t40 =  *0x11fa008; // 0x295f764a
				_t41 = _t40 ^ _t72;
				_v8 = _t40 ^ _t72;
				_push(_t67);
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E011BE754(_t41);
					_pop(_t62);
				}
				E011BF600(_t67,  &_v804, 0, 0x50);
				E011BF600(_t67,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t70;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t25 =  &_v0; // 0x80004009
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x80003cdd
				if(UnhandledExceptionFilter(_t36) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E011BE754(_t57);
				}
				_pop(_t69);
				return E011BDD1F(_t61, _v8 ^ _t72, _t66, _t69, _t70);
			}








































                                                            0x011c34a2
                                                            0x011c34a2
                                                            0x011c34a2
                                                            0x011c34a5
                                                            0x011c34ad
                                                            0x011c34b2
                                                            0x011c34b4
                                                            0x011c34bb
                                                            0x011c34bc
                                                            0x011c34be
                                                            0x011c34c1
                                                            0x011c34c6
                                                            0x011c34c6
                                                            0x011c34d2
                                                            0x011c34e5
                                                            0x011c34f3
                                                            0x011c34f9
                                                            0x011c34ff
                                                            0x011c3505
                                                            0x011c350b
                                                            0x011c3511
                                                            0x011c3517
                                                            0x011c351d
                                                            0x011c3523
                                                            0x011c3529
                                                            0x011c3530
                                                            0x011c3537
                                                            0x011c353e
                                                            0x011c3545
                                                            0x011c354c
                                                            0x011c3553
                                                            0x011c3554
                                                            0x011c355d
                                                            0x011c3563
                                                            0x011c3563
                                                            0x011c3566
                                                            0x011c356c
                                                            0x011c3579
                                                            0x011c3582
                                                            0x011c358b
                                                            0x011c3594
                                                            0x011c35a2
                                                            0x011c35a4
                                                            0x011c35aa
                                                            0x011c35b9
                                                            0x011c35c5
                                                            0x011c35c8
                                                            0x011c35cd
                                                            0x011c35d3
                                                            0x011c35dc

                                                            APIs
                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 011C359A
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 011C35A4
                                                            • UnhandledExceptionFilter.KERNEL32(80003CDD,?,?,?,?,?,?), ref: 011C35B1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                            • String ID: Jv_)
                                                            • API String ID: 3906539128-4194347600
                                                            • Opcode ID: 0261407aa5633ef66ca0aa2f27a866739d7d35307fa4aa6e1e12e0f0629b716f
                                                            • Instruction ID: 8802b5e022e46cf6aaa8b2f14da04234146804c9f152002f9984b8e3e5104940
                                                            • Opcode Fuzzy Hash: 0261407aa5633ef66ca0aa2f27a866739d7d35307fa4aa6e1e12e0f0629b716f
                                                            • Instruction Fuzzy Hash: 6931E97490121DABCB25DF68D8887CCBBB4FF18710F6041EAE41CA7250EB709B858F44
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D3C72 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011D3C72(WCHAR* _a4, signed char* _a8) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t15;
				signed char _t19;
				signed char* _t20;
				void* _t23;
				void* _t24;
				signed int _t27;

				_t10 =  *0x11fa008; // 0x295f764a
				_v8 = _t10 ^ _t27;
				_t20 = _a8;
				_t26 = _a4;
				_t24 = 0;
				E011BF600(0,  &_v600, 0, 0x250);
				_t15 = FindFirstFileW(_a4,  &_v600);
				if(_t15 != 0xffffffff) {
					FindClose(_t15);
					_t19 = _v600.dwFileAttributes;
					if((_t19 & 0x00000010) == 0) {
						if(_t20 != 0) {
							 *_t20 = _t19;
						}
						_t24 = 1;
					}
				}
				return E011BDD1F(_t20, _v8 ^ _t27, _t23, _t24, _t26);
			}















                                                            0x011d3c7b
                                                            0x011d3c82
                                                            0x011d3c86
                                                            0x011d3c90
                                                            0x011d3c99
                                                            0x011d3c9d
                                                            0x011d3cad
                                                            0x011d3cb6
                                                            0x011d3cb9
                                                            0x011d3cbf
                                                            0x011d3cc7
                                                            0x011d3ccb
                                                            0x011d3ccd
                                                            0x011d3ccd
                                                            0x011d3cd1
                                                            0x011d3cd1
                                                            0x011d3cc7
                                                            0x011d3ce2

                                                            APIs
                                                            • FindFirstFileW.KERNEL32(011B8F6B,?,00000100,00000000,00000000), ref: 011D3CAD
                                                            • FindClose.KERNEL32(00000000), ref: 011D3CB9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Find$CloseFileFirst
                                                            • String ID: Jv_)
                                                            • API String ID: 2295610775-4194347600
                                                            • Opcode ID: a509541e5fd5a23d344996eb0f8654e78d7d1ac2be1eeab778174ce6f4349edb
                                                            • Instruction ID: 64414bea045fcc3dd47e5f4d8ca9eb50d2978256c984551bf254b0af999d2206
                                                            • Opcode Fuzzy Hash: a509541e5fd5a23d344996eb0f8654e78d7d1ac2be1eeab778174ce6f4349edb
                                                            • Instruction Fuzzy Hash: 7D0186726012196BDB24EE7AAD89E9AB7ACEFC5319F000065E929D3180D7349D498754
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C4104 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011C4104(int _a4) {
				void* _t14;
				void* _t15;
				void* _t17;
				void* _t18;
				void* _t19;

				if(E011C84A1(_t14, _t15, _t17, _t18, _t19) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E011C4189(_t15, _a4);
				ExitProcess(_a4);
			}








                                                            0x011c4110
                                                            0x011c412c
                                                            0x011c412c
                                                            0x011c4135
                                                            0x011c413e

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(00000000,?,011C40DA,00000000,011F7908,0000000C,011C4231,00000000,00000002,00000000), ref: 011C4125
                                                            • TerminateProcess.KERNEL32(00000000,?,011C40DA,00000000,011F7908,0000000C,011C4231,00000000,00000002,00000000), ref: 011C412C
                                                            • ExitProcess.KERNEL32 ref: 011C413E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentExitTerminate
                                                            • String ID:
                                                            • API String ID: 1703294689-0
                                                            • Opcode ID: 99a2af86a4383ee2c24c8a8d0b9de55f3ddd8a8e663e95a80d43100b9e890938
                                                            • Instruction ID: 7d506818092ef4d69ca3c39cbd716f6c2d24eee43ec2b7e87991147925f8dbeb
                                                            • Opcode Fuzzy Hash: 99a2af86a4383ee2c24c8a8d0b9de55f3ddd8a8e663e95a80d43100b9e890938
                                                            • Instruction Fuzzy Hash: 67E0E631156114BFCF19BF64ED18A487F6AEF70A55F404028F9554B521CB35ED82CB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D3349 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E011D3349(void* __ebx, intOrPtr* _a4, signed int* _a8) {
				signed int _v8;
				char _v10;
				signed short _v14;
				signed short _v16;
				struct _OSVERSIONINFOW _v292;
				void* __edi;
				void* __esi;
				signed int _t24;
				intOrPtr _t28;
				signed int _t29;
				void* _t43;
				intOrPtr _t49;
				void* _t50;
				signed int* _t51;
				intOrPtr* _t52;
				signed int _t53;

				_t43 = __ebx;
				_t24 =  *0x11fa008; // 0x295f764a
				_v8 = _t24 ^ _t53;
				_t52 = _a4;
				_t51 = _a8;
				E011BF600(_t51,  &(_v292.dwMajorVersion), 0, 0x118);
				_t28 =  *0x11fb6a4; // 0x0
				if(_t28 == 0) {
					_v292.dwOSVersionInfoSize = 0x11c;
					GetVersionExW( &_v292);
					 *0x11fb6a8 = (_v16 & 0x0000ffff) << 0x00000010 | _v14 & 0x0000ffff;
					if(_v292.dwMajorVersion != 4) {
						if(_v292.dwMajorVersion != 5) {
							if(_v292.dwMajorVersion != 6) {
								L14:
								_push(9);
								goto L15;
							} else {
								if(_v292.dwMinorVersion != 0) {
									if(_v292.dwMinorVersion != 1) {
										goto L14;
									} else {
										_t28 = (0 | _v10 != 0x00000001) + 7;
									}
								} else {
									_t28 = (0 | _v10 != 0x00000001) + 5;
								}
							}
						} else {
							_t49 = _v292.dwMinorVersion;
							if(_t49 != 0) {
								if(_t49 != 1) {
									_t28 = ((0 | _t49 != 0x00000002) - 0x00000001 & 0xfffffffb) + 9;
								} else {
									_push(3);
									goto L15;
								}
							} else {
								_push(2);
								L15:
								_pop(_t28);
							}
						}
					} else {
						_t28 = 1;
					}
					 *0x11fb6a4 = _t28;
				}
				 *_t52 = _t28;
				_t29 =  *0x11fb6a8; // 0x0
				 *_t51 = _t29;
				return E011BDD1F(_t43, _v8 ^ _t53, _t50, _t51, _t52);
			}



















                                                            0x011d3349
                                                            0x011d3352
                                                            0x011d3359
                                                            0x011d335d
                                                            0x011d3367
                                                            0x011d3372
                                                            0x011d3377
                                                            0x011d3381
                                                            0x011d338d
                                                            0x011d3398
                                                            0x011d33b2
                                                            0x011d33b8
                                                            0x011d33c6
                                                            0x011d33f7
                                                            0x011d3427
                                                            0x011d3427
                                                            0x00000000
                                                            0x011d33f9
                                                            0x011d3400
                                                            0x011d3417
                                                            0x00000000
                                                            0x011d3419
                                                            0x011d3422
                                                            0x011d3422
                                                            0x011d3402
                                                            0x011d340b
                                                            0x011d340b
                                                            0x011d3400
                                                            0x011d33c8
                                                            0x011d33c8
                                                            0x011d33d0
                                                            0x011d33d9
                                                            0x011d33eb
                                                            0x011d33db
                                                            0x011d33db
                                                            0x00000000
                                                            0x011d33db
                                                            0x011d33d2
                                                            0x011d33d2
                                                            0x011d3429
                                                            0x011d3429
                                                            0x011d3429
                                                            0x011d33d0
                                                            0x011d33ba
                                                            0x011d33bc
                                                            0x011d33bc
                                                            0x011d342a
                                                            0x011d342a
                                                            0x011d3432
                                                            0x011d3436
                                                            0x011d343b
                                                            0x011d3445

                                                            APIs
                                                            • GetVersionExW.KERNEL32(?,?,?,00000000), ref: 011D3398
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Version
                                                            • String ID: Jv_)
                                                            • API String ID: 1889659487-4194347600
                                                            • Opcode ID: dba596f540166b5d2ca65c86512c8fc6dd6a2c954e42ebd76780343afc69b7fb
                                                            • Instruction ID: b7f67b39d5a21ba40aec64a233838ff15ae339bd67c2fb7cc6a4e6ecd7961474
                                                            • Opcode Fuzzy Hash: dba596f540166b5d2ca65c86512c8fc6dd6a2c954e42ebd76780343afc69b7fb
                                                            • Instruction Fuzzy Hash: AB2194B9A14219EBDF6DCB29DC467ED73F4BB05314F104069D922E6141E7789AC4CB42
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119CD76 Relevance: 73.9, APIs: 3, Strings: 39, Instructions: 365COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E0119CD76(void* __ebx, void* __edi, signed int* _a4, signed int _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr* _t92;
				signed int _t94;
				signed int _t102;
				signed int _t103;
				int _t112;
				int _t113;
				int _t114;
				signed int _t136;
				signed int* _t157;
				signed int _t160;
				signed int _t161;
				signed int* _t162;
				signed int _t165;
				void* _t175;
				signed int _t176;

				_v20 = _v20 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t176 = E011D3183(_a16, L"Payload",  &_v20);
				if(_t176 >= 0) {
					_t92 = _v20;
					_t176 =  *((intOrPtr*)( *_t92 + 0x20))(_t92,  &_v16);
					__eflags = _t176;
					if(_t176 >= 0) {
						_t94 = _v16;
						__eflags = _t94;
						if(_t94 != 0) {
							_t102 = E011939DF(_t94 * 0x58, 1);
							_t157 = _a4;
							 *_t157 = _t102;
							__eflags = _t102;
							if(_t102 != 0) {
								_t103 = _v16;
								_a16 = _a16 & 0x00000000;
								_t157[1] = _t103;
								__eflags = _t103;
								if(_t103 == 0) {
									L50:
									_t176 = 0;
									__eflags = 0;
								} else {
									_t162 = 0;
									__eflags = 0;
									_a4 = 0;
									while(1) {
										_t175 = _t162 +  *_t157;
										_t176 = E011D30E2(_t162, _v20,  &_v12, 0);
										__eflags = _t176;
										if(_t176 < 0) {
											break;
										}
										_t176 = E011D2B5D(_v12, L"Id", _t175);
										__eflags = _t176;
										if(_t176 < 0) {
											_push("Failed to get @Id.");
											goto L81;
										} else {
											_t24 = _t175 + 0x18; // 0x119549a
											_t176 = E011D2B5D(_v12, L"FilePath", _t24);
											__eflags = _t176;
											if(_t176 < 0) {
												_push("Failed to get @FilePath.");
												goto L81;
											} else {
												_t176 = E011D2B5D(_v12, L"Packaging",  &_v8);
												__eflags = _t176;
												if(_t176 < 0) {
													_push("Failed to get @Packaging.");
													goto L81;
												} else {
													_t112 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"download", 0xffffffff);
													__eflags = _t112 - 2;
													if(_t112 != 2) {
														_t113 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"embedded", 0xffffffff);
														__eflags = _t113 - 2;
														if(_t113 != 2) {
															_t114 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"external", 0xffffffff);
															__eflags = _t114 - 2;
															if(_t114 != 2) {
																_push(_v8);
																_t176 = 0x80070057;
																_push("Invalid value for @Packaging: %ls");
																goto L76;
															} else {
																 *(_t175 + 4) = 3;
																goto L20;
															}
														} else {
															 *(_t175 + 4) = _t113;
															goto L20;
														}
													} else {
														 *(_t175 + 4) = 1;
														L20:
														__eflags = _a8;
														if(_a8 == 0) {
															L25:
															_t41 = _t175 + 8; // 0x119548a
															_t176 = E011D2D69(_t162, _v12, L"LayoutOnly", _t41);
															__eflags = _t176 - 0x80070490;
															if(_t176 == 0x80070490) {
																L27:
																_t43 = _t175 + 0x38; // 0x11954ba
																_t176 = E011D2B5D(_v12, L"SourcePath", _t43);
																__eflags = _t176 - 0x80070490;
																if(_t176 != 0x80070490) {
																	L29:
																	__eflags = _t176;
																	if(_t176 < 0) {
																		_push("Failed to get @SourcePath.");
																		goto L81;
																	} else {
																		goto L30;
																	}
																} else {
																	__eflags =  *(_t175 + 4) - 1;
																	if( *(_t175 + 4) == 1) {
																		L30:
																		_t46 = _t175 + 0x40; // 0x11954c2
																		_t176 = E011D2B5D(_v12, L"DownloadUrl", _t46);
																		__eflags = _t176 - 0x80070490;
																		if(_t176 != 0x80070490) {
																			L32:
																			__eflags = _t176;
																			if(_t176 < 0) {
																				_push("Failed to get @DownloadUrl.");
																				goto L81;
																			} else {
																				goto L33;
																			}
																		} else {
																			__eflags =  *(_t175 + 4) - 1;
																			if( *(_t175 + 4) != 1) {
																				L33:
																				_t176 = E011D2B5D(_v12, L"FileSize",  &_v8);
																				__eflags = _t176 - 0x80070490;
																				if(_t176 == 0x80070490) {
																					L36:
																					_t176 = E011D2B5D(_v12, L"CertificateRootPublicKeyIdentifier",  &_v8);
																					__eflags = _t176 - 0x80070490;
																					if(_t176 == 0x80070490) {
																						L39:
																						_t176 = E011D2B5D(_v12, L"CertificateRootThumbprint",  &_v8);
																						__eflags = _t176 - 0x80070490;
																						if(_t176 == 0x80070490) {
																							L42:
																							_t176 = E011D2B5D(_v12, L"Hash",  &_v8);
																							__eflags = _t176;
																							if(__eflags < 0) {
																								_push("Failed to get @Hash.");
																								goto L81;
																							} else {
																								_t65 = _t175 + 0x34; // 0x11954b6
																								_t66 = _t175 + 0x30; // 0x11954b2
																								_t176 = E01192108(_t162, __eflags, _v8, _t66, _t65);
																								__eflags = _t176;
																								if(_t176 < 0) {
																									_push("Failed to hex decode the Payload/@Hash.");
																									goto L81;
																								} else {
																									_t176 = E011D2B5D(_v12, L"Catalog",  &_v8);
																									__eflags = _t176 - 0x80070490;
																									if(_t176 == 0x80070490) {
																										L47:
																										_t165 = _v12;
																										__eflags = _t165;
																										if(_t165 != 0) {
																											 *((intOrPtr*)( *_t165 + 8))(_t165);
																											_t75 =  &_v12;
																											 *_t75 = _v12 & 0x00000000;
																											__eflags =  *_t75;
																										}
																										_t136 = _a16 + 1;
																										_t162 =  &(_a4[0x16]);
																										_a16 = _t136;
																										_a4 = _t162;
																										__eflags = _t136 - _v16;
																										if(_t136 < _v16) {
																											continue;
																										} else {
																											goto L50;
																										}
																									} else {
																										__eflags = _t176;
																										if(_t176 < 0) {
																											_push("Failed to get @Catalog.");
																											goto L81;
																										} else {
																											_t70 = _t175 + 0x1c; // 0x119549e
																											_t176 = E0119BC01(_t162, _a12, _v8, _t70);
																											__eflags = _t176;
																											if(_t176 < 0) {
																												_push("Failed to find catalog.");
																												goto L81;
																											} else {
																												goto L47;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							__eflags = _t176;
																							if(__eflags < 0) {
																								_push("Failed to get @CertificateRootThumbprint.");
																								goto L81;
																							} else {
																								_t60 = _t175 + 0x2c; // 0x11954ae
																								_t61 = _t175 + 0x28; // 0x11954aa
																								_t176 = E01192108(_t162, __eflags, _v8, _t61, _t60);
																								__eflags = _t176;
																								if(_t176 < 0) {
																									_push("Failed to hex decode @CertificateRootThumbprint.");
																									goto L81;
																								} else {
																									goto L42;
																								}
																							}
																						}
																					} else {
																						__eflags = _t176;
																						if(__eflags < 0) {
																							_push("Failed to get @CertificateRootPublicKeyIdentifier.");
																							goto L81;
																						} else {
																							_t55 = _t175 + 0x24; // 0x11954a6
																							_t56 = _t175 + 0x20; // 0x11954a2
																							_t176 = E01192108(_t162, __eflags, _v8, _t56, _t55);
																							__eflags = _t176;
																							if(_t176 < 0) {
																								_push("Failed to hex decode @CertificateRootPublicKeyIdentifier.");
																								goto L81;
																							} else {
																								goto L39;
																							}
																						}
																					}
																				} else {
																					__eflags = _t176;
																					if(_t176 < 0) {
																						_push("Failed to get @FileSize.");
																						goto L81;
																					} else {
																						_t51 = _t175 + 0x10; // 0x1195492
																						_t176 = E01192B03(_t162, _v8, 0, _t51);
																						__eflags = _t176;
																						if(_t176 < 0) {
																							_push("Failed to parse @FileSize.");
																							goto L81;
																						} else {
																							goto L36;
																						}
																					}
																				}
																			} else {
																				goto L32;
																			}
																		}
																	} else {
																		goto L29;
																	}
																}
															} else {
																__eflags = _t176;
																if(_t176 < 0) {
																	_push("Failed to get @LayoutOnly.");
																	goto L81;
																} else {
																	goto L27;
																}
															}
														} else {
															_t176 = E011D2B5D(_v12, L"Container",  &_v8);
															__eflags = _t176 - 0x80070490;
															if(_t176 != 0x80070490) {
																L23:
																__eflags = _t176;
																if(_t176 < 0) {
																	_push("Failed to get @Container.");
																	L81:
																	_push(_t176);
																	E011CFB09();
																} else {
																	_t38 = _t175 + 0x3c; // 0x11954be
																	_t176 = E0119C1D4(_t162, _a8, _v8, _t38);
																	__eflags = _t176;
																	if(_t176 < 0) {
																		_push(_v8);
																		_push("Failed to to find container: %ls");
																		L76:
																		_push(_t176);
																		E011CFB09();
																	} else {
																		goto L25;
																	}
																}
															} else {
																__eflags =  *(_t175 + 4) - 2;
																if( *(_t175 + 4) != 2) {
																	goto L25;
																} else {
																	goto L23;
																}
															}
														}
													}
												}
											}
										}
										goto L51;
									}
									_push("Failed to get next node.");
									goto L81;
								}
								L51:
							} else {
								_t176 = 0x8007000e;
								E011938BA(_t102, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\payload.cpp", 0x2e, 0x8007000e);
								_push("Failed to allocate memory for payload structs.");
								_push(0x8007000e);
								E011CFB09();
							}
						}
					} else {
						_push("Failed to get payload node count.");
						goto L2;
					}
				} else {
					_push("Failed to select payload nodes.");
					L2:
					_push(_t176);
					E011CFB09();
				}
				_t160 = _v20;
				if(_t160 != 0) {
					 *((intOrPtr*)( *_t160 + 8))(_t160);
				}
				_t161 = _v12;
				if(_t161 != 0) {
					 *((intOrPtr*)( *_t161 + 8))(_t161);
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t176;
			}






















                                                            0x0119cd7c
                                                            0x0119cd83
                                                            0x0119cd87
                                                            0x0119cd8b
                                                            0x0119cd9e
                                                            0x0119cda2
                                                            0x0119cdb6
                                                            0x0119cdc3
                                                            0x0119cdc5
                                                            0x0119cdc7
                                                            0x0119cdd0
                                                            0x0119cdd3
                                                            0x0119cdd5
                                                            0x0119cde2
                                                            0x0119cde7
                                                            0x0119cdea
                                                            0x0119cdec
                                                            0x0119cdee
                                                            0x0119ce14
                                                            0x0119ce17
                                                            0x0119ce1b
                                                            0x0119ce1f
                                                            0x0119ce21
                                                            0x0119d107
                                                            0x0119d107
                                                            0x0119d107
                                                            0x0119ce27
                                                            0x0119ce27
                                                            0x0119ce27
                                                            0x0119ce29
                                                            0x0119ce2c
                                                            0x0119ce37
                                                            0x0119ce3e
                                                            0x0119ce40
                                                            0x0119ce42
                                                            0x00000000
                                                            0x00000000
                                                            0x0119ce56
                                                            0x0119ce58
                                                            0x0119ce5a
                                                            0x0119d1d8
                                                            0x00000000
                                                            0x0119ce60
                                                            0x0119ce60
                                                            0x0119ce71
                                                            0x0119ce73
                                                            0x0119ce75
                                                            0x0119d1d1
                                                            0x00000000
                                                            0x0119ce7b
                                                            0x0119ce8c
                                                            0x0119ce8e
                                                            0x0119ce90
                                                            0x0119d1ca
                                                            0x00000000
                                                            0x0119ce96
                                                            0x0119ceac
                                                            0x0119ceae
                                                            0x0119ceb1
                                                            0x0119cecc
                                                            0x0119cece
                                                            0x0119ced1
                                                            0x0119cee8
                                                            0x0119ceea
                                                            0x0119ceed
                                                            0x0119d1af
                                                            0x0119d1b2
                                                            0x0119d1b7
                                                            0x00000000
                                                            0x0119cef3
                                                            0x0119cef3
                                                            0x00000000
                                                            0x0119cef3
                                                            0x0119ced3
                                                            0x0119ced3
                                                            0x00000000
                                                            0x0119ced3
                                                            0x0119ceb3
                                                            0x0119ceb3
                                                            0x0119cefa
                                                            0x0119cefa
                                                            0x0119cefe
                                                            0x0119cf42
                                                            0x0119cf42
                                                            0x0119cf53
                                                            0x0119cf55
                                                            0x0119cf5b
                                                            0x0119cf65
                                                            0x0119cf65
                                                            0x0119cf76
                                                            0x0119cf78
                                                            0x0119cf7e
                                                            0x0119cf86
                                                            0x0119cf86
                                                            0x0119cf88
                                                            0x0119d1a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cf80
                                                            0x0119cf80
                                                            0x0119cf84
                                                            0x0119cf8e
                                                            0x0119cf8e
                                                            0x0119cf9f
                                                            0x0119cfa1
                                                            0x0119cfa7
                                                            0x0119cfaf
                                                            0x0119cfaf
                                                            0x0119cfb1
                                                            0x0119d1a1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cfa9
                                                            0x0119cfa9
                                                            0x0119cfad
                                                            0x0119cfb7
                                                            0x0119cfc8
                                                            0x0119cfca
                                                            0x0119cfd0
                                                            0x0119cff2
                                                            0x0119d003
                                                            0x0119d005
                                                            0x0119d00b
                                                            0x0119d02f
                                                            0x0119d040
                                                            0x0119d042
                                                            0x0119d048
                                                            0x0119d06c
                                                            0x0119d07d
                                                            0x0119d07f
                                                            0x0119d081
                                                            0x0119d19a
                                                            0x00000000
                                                            0x0119d087
                                                            0x0119d087
                                                            0x0119d08b
                                                            0x0119d097
                                                            0x0119d099
                                                            0x0119d09b
                                                            0x0119d193
                                                            0x00000000
                                                            0x0119d0a1
                                                            0x0119d0b2
                                                            0x0119d0b4
                                                            0x0119d0ba
                                                            0x0119d0dd
                                                            0x0119d0dd
                                                            0x0119d0e0
                                                            0x0119d0e2
                                                            0x0119d0e7
                                                            0x0119d0ea
                                                            0x0119d0ea
                                                            0x0119d0ea
                                                            0x0119d0ea
                                                            0x0119d0f4
                                                            0x0119d0f5
                                                            0x0119d0f8
                                                            0x0119d0fb
                                                            0x0119d0fe
                                                            0x0119d101
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119d0bc
                                                            0x0119d0bc
                                                            0x0119d0be
                                                            0x0119d18c
                                                            0x00000000
                                                            0x0119d0c4
                                                            0x0119d0c4
                                                            0x0119d0d3
                                                            0x0119d0d5
                                                            0x0119d0d7
                                                            0x0119d185
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119d0d7
                                                            0x0119d0be
                                                            0x0119d0ba
                                                            0x0119d09b
                                                            0x0119d04a
                                                            0x0119d04a
                                                            0x0119d04c
                                                            0x0119d17e
                                                            0x00000000
                                                            0x0119d052
                                                            0x0119d052
                                                            0x0119d056
                                                            0x0119d062
                                                            0x0119d064
                                                            0x0119d066
                                                            0x0119d177
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119d066
                                                            0x0119d04c
                                                            0x0119d00d
                                                            0x0119d00d
                                                            0x0119d00f
                                                            0x0119d170
                                                            0x00000000
                                                            0x0119d015
                                                            0x0119d015
                                                            0x0119d019
                                                            0x0119d025
                                                            0x0119d027
                                                            0x0119d029
                                                            0x0119d169
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119d029
                                                            0x0119d00f
                                                            0x0119cfd2
                                                            0x0119cfd2
                                                            0x0119cfd4
                                                            0x0119d162
                                                            0x00000000
                                                            0x0119cfda
                                                            0x0119cfda
                                                            0x0119cfe8
                                                            0x0119cfea
                                                            0x0119cfec
                                                            0x0119d158
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cfec
                                                            0x0119cfd4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cfad
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cf84
                                                            0x0119cf5d
                                                            0x0119cf5d
                                                            0x0119cf5f
                                                            0x0119d14e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cf5f
                                                            0x0119cf00
                                                            0x0119cf11
                                                            0x0119cf13
                                                            0x0119cf19
                                                            0x0119cf21
                                                            0x0119cf21
                                                            0x0119cf23
                                                            0x0119d144
                                                            0x0119d1e4
                                                            0x0119d1e4
                                                            0x0119d1e5
                                                            0x0119cf29
                                                            0x0119cf29
                                                            0x0119cf38
                                                            0x0119cf3a
                                                            0x0119cf3c
                                                            0x0119d13a
                                                            0x0119d13d
                                                            0x0119d1bc
                                                            0x0119d1bc
                                                            0x0119d1bd
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cf3c
                                                            0x0119cf1b
                                                            0x0119cf1b
                                                            0x0119cf1f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cf1f
                                                            0x0119cf19
                                                            0x0119cefe
                                                            0x0119ceb1
                                                            0x0119ce90
                                                            0x0119ce75
                                                            0x00000000
                                                            0x0119ce5a
                                                            0x0119d1df
                                                            0x00000000
                                                            0x0119d1df
                                                            0x0119d109
                                                            0x0119cdf0
                                                            0x0119cdf0
                                                            0x0119cdfd
                                                            0x0119ce02
                                                            0x0119ce07
                                                            0x0119ce08
                                                            0x0119ce0e
                                                            0x0119d10a
                                                            0x0119cdc9
                                                            0x0119cdc9
                                                            0x00000000
                                                            0x0119cdc9
                                                            0x0119cda4
                                                            0x0119cda4
                                                            0x0119cda9
                                                            0x0119cda9
                                                            0x0119cdaa
                                                            0x0119cdb0
                                                            0x0119d10b
                                                            0x0119d110
                                                            0x0119d115
                                                            0x0119d115
                                                            0x0119d118
                                                            0x0119d11d
                                                            0x0119d122
                                                            0x0119d122
                                                            0x0119d129
                                                            0x0119d12e
                                                            0x0119d12e
                                                            0x0119d137

                                                            APIs
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000000,Packaging,00000000,00000000,FilePath,0119549A,00000000,011DBB64,01195482,00000000), ref: 0119CEAC
                                                            Strings
                                                            • Failed to select payload nodes., xrefs: 0119CDA4
                                                            • SourcePath, xrefs: 0119CF69
                                                            • Packaging, xrefs: 0119CE7F
                                                            • Failed to parse @FileSize., xrefs: 0119D158
                                                            • Failed to get @Hash., xrefs: 0119D19A
                                                            • FilePath, xrefs: 0119CE64
                                                            • LayoutOnly, xrefs: 0119CF46
                                                            • Failed to get @Container., xrefs: 0119D144
                                                            • CertificateRootThumbprint, xrefs: 0119D033
                                                            • Failed to get next node., xrefs: 0119D1DF
                                                            • Failed to hex decode @CertificateRootPublicKeyIdentifier., xrefs: 0119D169
                                                            • Failed to get @FilePath., xrefs: 0119D1D1
                                                            • Failed to find catalog., xrefs: 0119D185
                                                            • Failed to get @CertificateRootThumbprint., xrefs: 0119D17E
                                                            • Container, xrefs: 0119CF04
                                                            • Payload, xrefs: 0119CD91
                                                            • Failed to get @Packaging., xrefs: 0119D1CA
                                                            • Failed to allocate memory for payload structs., xrefs: 0119CE02
                                                            • c:\agent\_work\66\s\src\burn\engine\payload.cpp, xrefs: 0119CDF8
                                                            • Invalid value for @Packaging: %ls, xrefs: 0119D1B7
                                                            • external, xrefs: 0119CEDA
                                                            • Failed to get payload node count., xrefs: 0119CDC9
                                                            • Hash, xrefs: 0119D070
                                                            • download, xrefs: 0119CE9E
                                                            • DownloadUrl, xrefs: 0119CF92
                                                            • Failed to hex decode the Payload/@Hash., xrefs: 0119D193
                                                            • Failed to get @DownloadUrl., xrefs: 0119D1A1
                                                            • Catalog, xrefs: 0119D0A5
                                                            • Failed to get @Id., xrefs: 0119D1D8
                                                            • CertificateRootPublicKeyIdentifier, xrefs: 0119CFF6
                                                            • Failed to get @CertificateRootPublicKeyIdentifier., xrefs: 0119D170
                                                            • FileSize, xrefs: 0119CFBB
                                                            • embedded, xrefs: 0119CEBE
                                                            • Failed to hex decode @CertificateRootThumbprint., xrefs: 0119D177
                                                            • Failed to get @SourcePath., xrefs: 0119D1A8
                                                            • Failed to get @FileSize., xrefs: 0119D162
                                                            • Failed to get @LayoutOnly., xrefs: 0119D14E
                                                            • Failed to get @Catalog., xrefs: 0119D18C
                                                            • Failed to to find container: %ls, xrefs: 0119D13D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateCompareProcessString
                                                            • String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$c:\agent\_work\66\s\src\burn\engine\payload.cpp$download$embedded$external
                                                            • API String ID: 1171520630-705547078
                                                            • Opcode ID: bc09dcaaf4ae79c122cd9b72ff4d8715c71b6a6b3629ca4cd118c4c17758fd69
                                                            • Instruction ID: 62b20984da7835d6a2aabf181468fadc3c5090214c6fc701cec7d27070aa4a7c
                                                            • Opcode Fuzzy Hash: bc09dcaaf4ae79c122cd9b72ff4d8715c71b6a6b3629ca4cd118c4c17758fd69
                                                            • Instruction Fuzzy Hash: 20C1D6B294262AFBDF1D9A94DC01FADBE64AF00B25F110279EA31BB150D771EE0087D5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01198463 Relevance: 59.8, APIs: 5, Strings: 29, Instructions: 331COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E01198463(struct _CRITICAL_SECTION* _a4, intOrPtr _a8) {
				char _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				void* _v24;
				int _v28;
				char _v32;
				char _v36;
				void _v60;
				intOrPtr* _t97;
				int _t148;
				struct _CRITICAL_SECTION* _t154;
				signed int _t155;
				intOrPtr* _t158;
				signed int _t159;
				intOrPtr _t162;
				int _t168;
				signed int _t169;
				void* _t170;
				signed int _t171;
				struct _CRITICAL_SECTION* _t173;
				void* _t175;
				int _t176;
				void* _t178;
				void* _t179;

				_t154 = _a4;
				_t155 = 6;
				_v24 = 0;
				_v16 = 0;
				memset( &_v60, 0, _t155 << 2);
				_t179 = _t178 + 0xc;
				_v32 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v36 = 0;
				_v28 = 0;
				EnterCriticalSection(_t154);
				if(E011D3183(_a8, L"Variable",  &_v24) >= 0) {
					_t97 = _v24;
					_t157 =  *_t97;
					_t175 =  *((intOrPtr*)( *_t97 + 0x20))(_t97,  &_v32);
					if(_t175 >= 0) {
						_t168 = 0;
						_a4 = 0;
						if(_v32 > 0) {
							while(1) {
								_t175 = E011D30E2(_t157, _v24,  &_v16, _t168);
								if(_t175 < 0) {
									break;
								}
								_t175 = E011D2B5D(_v16, L"Id",  &_v8);
								if(_t175 < 0) {
									_push("Failed to get @Id.");
									goto L58;
								} else {
									_t175 = E011D2D69(_t157, _v16, L"Hidden",  &_v20);
									if(_t175 < 0) {
										_push("Failed to get @Hidden.");
										goto L58;
									} else {
										_t175 = E011D2D69(_t157, _v16, L"Persisted",  &_v36);
										if(_t175 < 0) {
											_push("Failed to get @Persisted.");
											goto L58;
										} else {
											_t175 = E011D2B5D(_v16, L"Value",  &_v12);
											if(_t175 == 0x80070490) {
												_t176 = _t168;
												goto L25;
											} else {
												if(_t175 < 0) {
													_push("Failed to get @Value.");
													goto L58;
												} else {
													_t175 = E011B033F( &_v60, _v12, _t168);
													if(_t175 < 0) {
														_push("Failed to set variant value.");
														goto L58;
													} else {
														_t175 = E011D2B5D(_v16, L"Type",  &_v12);
														if(_t175 < 0) {
															_push("Failed to get @Type.");
															goto L58;
														} else {
															_t148 = CompareStringW(0x7f, _t168, _v12, 0xffffffff, L"numeric", 0xffffffff);
															_t176 = 2;
															if(_t148 != _t176) {
																if(CompareStringW(0x7f, _t168, _v12, 0xffffffff, L"string", 0xffffffff) != _t176) {
																	if(CompareStringW(0x7f, _t168, _v12, 0xffffffff, L"version", 0xffffffff) != _t176) {
																		_push(_v12);
																		_t170 = 0x80070057;
																		_t175 = 0x80070057;
																		_push("Invalid value for @Type: %ls");
																		goto L42;
																	} else {
																		if(_v20 == 0) {
																			_push(_v60);
																			E011CFFF0(_t176, "Initializing version variable \'%ls\' to value \'%ls\'", _v8);
																			_t179 = _t179 + 0x10;
																		}
																		_t176 = 3;
																		goto L25;
																	}
																} else {
																	if(_v20 != 0) {
																		goto L26;
																	} else {
																		_push(_v60);
																		E011CFFF0(_t176, "Initializing string variable \'%ls\' to value \'%ls\'", _v8);
																		_t179 = _t179 + 0x10;
																		goto L25;
																	}
																	goto L27;
																}
															} else {
																if(_v20 == 0) {
																	_push(_v60);
																	E011CFFF0(_t176, "Initializing numeric variable \'%ls\' to value \'%ls\'", _v8);
																	_t179 = _t179 + 0x10;
																}
																_t176 = 1;
																L25:
																if(_v20 != 0) {
																	L26:
																	E011CFFF0(2, "Initializing hidden variable \'%ls\'", _v8);
																	_t179 = _t179 + 0xc;
																}
																L27:
																_t175 = E011AFF10( &_v60, _t176);
																if(_t175 < 0) {
																	_push("Failed to change variant type.");
																	goto L58;
																} else {
																	_t175 = E011956E2(_t157, _t154, _v8,  &_v28);
																	if(_t175 < 0) {
																		_push(_v8);
																		_push("Failed to find variable value \'%ls\'.");
																		goto L52;
																	} else {
																		_t169 = _v28;
																		if(_t175 != 1) {
																			_t53 = _t154 + 0x20; // 0x85f08bff
																			_t162 =  *_t53;
																			_t124 = _t169 * 0x38;
																			if( *((intOrPtr*)(_t169 * 0x38 + _t162 + 0x2c)) > 0) {
																				_t170 = 0x80070057;
																				_t175 = 0x80070057;
																				E011938BA(_t124, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x190, 0x80070057);
																				_push(_v8);
																				_push("Attempt to set built-in variable value: %ls");
																				L42:
																				_push(_t170);
																				goto L43;
																			} else {
																				goto L33;
																			}
																		} else {
																			_t175 = E01196C3C(_t157, _t154, _v8, _t169);
																			if(_t175 < 0) {
																				_push(_v8);
																				_push("Failed to insert variable \'%ls\'.");
																				goto L52;
																			} else {
																				_t52 = _t154 + 0x20; // 0x85f08bff
																				_t162 =  *_t52;
																				L33:
																				_t171 = _t169 * 0x38;
																				 *((intOrPtr*)(_t171 + _t162 + 0x20)) = _v20;
																				_t59 = _t154 + 0x20; // 0x85f08bff
																				 *((intOrPtr*)(_t171 +  *_t59 + 0x28)) = _v36;
																				_t64 = _t154 + 0x20; // 0x85f08bff
																				_t175 = E011B03A6( *_t64 + 8 + _t171,  &_v60);
																				if(_t175 < 0) {
																					_push(_v8);
																					_push("Failed to set value of variable: %ls");
																					L52:
																					_push(_t175);
																					L43:
																					E011CFB09();
																				} else {
																					_t65 = _t154 + 0x20; // 0x85f08bff
																					_t175 = E011B0291( *_t65 + 8 + _t171, _v20);
																					if(_t175 < 0) {
																						_push("Failed to set variant encryption");
																						goto L58;
																					} else {
																						_t157 = _v16;
																						if(_t157 != 0) {
																							 *((intOrPtr*)( *_t157 + 8))(_t157);
																							_v16 = _v16 & 0x00000000;
																						}
																						E011B04E3( &_v60);
																						if(_v12 != 0) {
																							E0119287D(_v12);
																							_v12 = _v12 & 0x00000000;
																						}
																						_t173 = _a4 + 1;
																						_a4 = _t173;
																						if(_t173 < _v32) {
																							_t168 = 0;
																							continue;
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
								goto L59;
							}
							_push("Failed to get next node.");
							goto L58;
						}
					} else {
						_push("Failed to get variable node count.");
						goto L58;
					}
				} else {
					_push("Failed to select variable nodes.");
					L58:
					_push(_t175);
					E011CFB09();
				}
				L59:
				LeaveCriticalSection(_t154);
				_t158 = _v24;
				if(_t158 != 0) {
					 *((intOrPtr*)( *_t158 + 8))(_t158);
				}
				_t159 = _v16;
				if(_t159 != 0) {
					 *((intOrPtr*)( *_t159 + 8))(_t159);
				}
				if(_v12 != 0) {
					E01192762(_v12);
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				E011B04E3( &_v60);
				return _t175;
			}




























                                                            0x0119846a
                                                            0x01198473
                                                            0x01198476
                                                            0x0119847c
                                                            0x0119847f
                                                            0x0119847f
                                                            0x01198482
                                                            0x01198485
                                                            0x01198488
                                                            0x0119848b
                                                            0x0119848e
                                                            0x01198491
                                                            0x01198494
                                                            0x011984af
                                                            0x011984bb
                                                            0x011984c3
                                                            0x011984c8
                                                            0x011984cc
                                                            0x011984d8
                                                            0x011984da
                                                            0x011984e0
                                                            0x011984e6
                                                            0x011984f3
                                                            0x011984f7
                                                            0x00000000
                                                            0x00000000
                                                            0x0119850e
                                                            0x01198512
                                                            0x011987e2
                                                            0x00000000
                                                            0x01198518
                                                            0x01198529
                                                            0x0119852d
                                                            0x011987db
                                                            0x00000000
                                                            0x01198533
                                                            0x01198544
                                                            0x01198548
                                                            0x011987d4
                                                            0x00000000
                                                            0x0119854e
                                                            0x0119855f
                                                            0x01198567
                                                            0x01198653
                                                            0x00000000
                                                            0x0119856d
                                                            0x0119856f
                                                            0x0119877f
                                                            0x00000000
                                                            0x01198575
                                                            0x01198582
                                                            0x01198586
                                                            0x01198778
                                                            0x00000000
                                                            0x0119858c
                                                            0x0119859d
                                                            0x011985a1
                                                            0x01198771
                                                            0x00000000
                                                            0x011985a7
                                                            0x011985b6
                                                            0x011985be
                                                            0x011985c1
                                                            0x011985f9
                                                            0x0119862e
                                                            0x01198754
                                                            0x01198757
                                                            0x0119875c
                                                            0x0119875e
                                                            0x00000000
                                                            0x01198634
                                                            0x01198638
                                                            0x0119863a
                                                            0x01198646
                                                            0x0119864b
                                                            0x0119864b
                                                            0x01198650
                                                            0x00000000
                                                            0x01198650
                                                            0x011985fb
                                                            0x011985ff
                                                            0x00000000
                                                            0x01198601
                                                            0x01198601
                                                            0x0119860d
                                                            0x01198612
                                                            0x00000000
                                                            0x01198612
                                                            0x00000000
                                                            0x011985ff
                                                            0x011985c3
                                                            0x011985c7
                                                            0x011985c9
                                                            0x011985d5
                                                            0x011985da
                                                            0x011985da
                                                            0x011985df
                                                            0x01198655
                                                            0x01198659
                                                            0x0119865b
                                                            0x01198665
                                                            0x0119866a
                                                            0x0119866a
                                                            0x0119866d
                                                            0x01198677
                                                            0x0119867b
                                                            0x011987cd
                                                            0x00000000
                                                            0x01198681
                                                            0x0119868e
                                                            0x01198692
                                                            0x011987c2
                                                            0x011987c5
                                                            0x00000000
                                                            0x01198698
                                                            0x01198698
                                                            0x0119869e
                                                            0x011986b9
                                                            0x011986b9
                                                            0x011986bc
                                                            0x011986c4
                                                            0x011987a1
                                                            0x011987b1
                                                            0x011987b3
                                                            0x011987b8
                                                            0x011987bb
                                                            0x01198763
                                                            0x01198763
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011986a0
                                                            0x011986aa
                                                            0x011986ae
                                                            0x01198786
                                                            0x01198789
                                                            0x00000000
                                                            0x011986b4
                                                            0x011986b4
                                                            0x011986b4
                                                            0x011986ca
                                                            0x011986cd
                                                            0x011986d0
                                                            0x011986d4
                                                            0x011986da
                                                            0x011986e2
                                                            0x011986f0
                                                            0x011986f4
                                                            0x01198797
                                                            0x0119879a
                                                            0x011987ca
                                                            0x011987ca
                                                            0x01198764
                                                            0x01198764
                                                            0x011986fa
                                                            0x011986fa
                                                            0x0119870b
                                                            0x0119870f
                                                            0x01198790
                                                            0x00000000
                                                            0x01198711
                                                            0x01198711
                                                            0x01198716
                                                            0x0119871b
                                                            0x0119871e
                                                            0x0119871e
                                                            0x01198726
                                                            0x0119872f
                                                            0x01198734
                                                            0x01198739
                                                            0x01198739
                                                            0x01198740
                                                            0x01198741
                                                            0x01198747
                                                            0x0119874d
                                                            0x00000000
                                                            0x0119874d
                                                            0x01198747
                                                            0x0119870f
                                                            0x011986f4
                                                            0x011986ae
                                                            0x0119869e
                                                            0x01198692
                                                            0x0119867b
                                                            0x011985c1
                                                            0x011985a1
                                                            0x01198586
                                                            0x0119856f
                                                            0x01198567
                                                            0x01198548
                                                            0x0119852d
                                                            0x00000000
                                                            0x01198512
                                                            0x011987e9
                                                            0x00000000
                                                            0x011987e9
                                                            0x011984ce
                                                            0x011984ce
                                                            0x00000000
                                                            0x011984ce
                                                            0x011984b1
                                                            0x011984b1
                                                            0x011987ee
                                                            0x011987ee
                                                            0x011987ef
                                                            0x011987f5
                                                            0x011987f6
                                                            0x011987f7
                                                            0x011987fd
                                                            0x01198802
                                                            0x01198807
                                                            0x01198807
                                                            0x0119880a
                                                            0x0119880f
                                                            0x01198814
                                                            0x01198814
                                                            0x0119881b
                                                            0x01198820
                                                            0x01198820
                                                            0x01198829
                                                            0x0119882e
                                                            0x0119882e
                                                            0x01198837
                                                            0x01198842

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(01195482,?,00000000,80070490,?,?,?,?,?,?,?,?,011BBEAE,?,01195482,?), ref: 01198494
                                                            • LeaveCriticalSection.KERNEL32(01195482,?,?,?,?,?,?,?,?,011BBEAE,?,01195482,?,01195482,01195482,Chain), ref: 011987F7
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\variable.cpp, xrefs: 011987AC
                                                            • Persisted, xrefs: 01198537
                                                            • Failed to get @Value., xrefs: 0119877F
                                                            • Value, xrefs: 01198552
                                                            • Failed to find variable value '%ls'., xrefs: 011987C5
                                                            • version, xrefs: 01198619
                                                            • Failed to set variant encryption, xrefs: 01198790
                                                            • Failed to get next node., xrefs: 011987E9
                                                            • Initializing numeric variable '%ls' to value '%ls', xrefs: 011985CF
                                                            • Failed to set variant value., xrefs: 01198778
                                                            • string, xrefs: 011985E4
                                                            • numeric, xrefs: 011985A9
                                                            • Failed to insert variable '%ls'., xrefs: 01198789
                                                            • Failed to get @Persisted., xrefs: 011987D4
                                                            • Hidden, xrefs: 0119851C
                                                            • Failed to get @Type., xrefs: 01198771
                                                            • Variable, xrefs: 0119849E
                                                            • Initializing string variable '%ls' to value '%ls', xrefs: 01198607
                                                            • Initializing hidden variable '%ls', xrefs: 0119865E
                                                            • Failed to get variable node count., xrefs: 011984CE
                                                            • Failed to get @Id., xrefs: 011987E2
                                                            • Type, xrefs: 01198590
                                                            • Invalid value for @Type: %ls, xrefs: 0119875E
                                                            • Failed to change variant type., xrefs: 011987CD
                                                            • Attempt to set built-in variable value: %ls, xrefs: 011987BB
                                                            • Initializing version variable '%ls' to value '%ls', xrefs: 01198640
                                                            • Failed to select variable nodes., xrefs: 011984B1
                                                            • Failed to get @Hidden., xrefs: 011987DB
                                                            • Failed to set value of variable: %ls, xrefs: 0119879A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$c:\agent\_work\66\s\src\burn\engine\variable.cpp$numeric$string$version
                                                            • API String ID: 3168844106-1329848934
                                                            • Opcode ID: e1fd587c37292ce4efe73c936816a65bc84928b71864a97067d18c45a7292ed8
                                                            • Instruction ID: 58f18d1d9e33267ea5a49cb6ace4da28226e79173b63974768d28ac5e6b0b621
                                                            • Opcode Fuzzy Hash: e1fd587c37292ce4efe73c936816a65bc84928b71864a97067d18c45a7292ed8
                                                            • Instruction Fuzzy Hash: 41B1D072D0461EBBCF2E9B95CC44EAEBB75BF06714F120259F921BB250C7709A50CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BD10E Relevance: 51.0, APIs: 12, Strings: 17, Instructions: 283synchronizationprocessCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 61%
                                                            			E011BD10E(void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, DWORD* _a20) {
				signed int _v8;
				char _v88;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				struct _SECURITY_ATTRIBUTES* _v120;
				WCHAR* _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				struct _PROCESS_INFORMATION _v148;
				intOrPtr _v152;
				DWORD* _v156;
				intOrPtr _v160;
				void* _v164;
				signed int _v168;
				signed short _v172;
				signed int _v176;
				char _v180;
				struct _STARTUPINFOW _v248;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t78;
				signed int _t90;
				signed short _t92;
				signed short _t95;
				signed short _t106;
				signed short _t110;
				intOrPtr _t124;
				DWORD* _t127;
				signed short _t128;
				signed short _t131;
				void* _t140;
				void* _t147;
				void* _t151;
				signed short _t156;
				signed int _t160;

				_t147 = __edx;
				_t78 =  *0x11fa008; // 0x295f764a
				_v8 = _t78 ^ _t160;
				_v124 = _a4;
				_v152 = _a8;
				_v132 = _a12;
				_v128 = _a16;
				_v156 = _a20;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t139 = 0;
				_v116 = 0;
				_v112 = 0;
				_v120 = 0;
				_v108 = 0;
				E011BF600( &_v104,  &_v248, 0, 0x44);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t90 =  &_v104;
				__imp__UuidCreate(_t90);
				if((_t90 | 0x00000001) >= 0) {
					_t92 =  &_v104;
					__imp__StringFromGUID2(_t92,  &_v88, 0x27);
					__eflags = _t92;
					if(_t92 != 0) {
						_t95 = E01192022( &_v112, L"NetFxSection.%ls",  &_v88);
						__eflags = _t95;
						if(_t95 >= 0) {
							__eflags = E01192022( &_v116, L"NetFxEvent.%ls",  &_v88);
							if(__eflags >= 0) {
								_t156 = E011BCB5D(0, _t140, __eflags, _v112, _v116,  &_v108);
								__eflags = _t156;
								if(_t156 >= 0) {
									_push(_v112);
									_t156 = E01192064( &_v120, L"%ls /pipe %ls", _v152);
									__eflags = _t156;
									if(_t156 >= 0) {
										_t150 = _v124;
										_v248.cb = 0x44;
										_t106 = CreateProcessW(_v124, _v120, 0, 0, 0, 0x8000000, 0, 0,  &_v248,  &_v148);
										__eflags = _t106;
										if(_t106 != 0) {
											_t139 = _v108;
											_t150 = WaitForMultipleObjects;
											_v164 = _v148.hProcess;
											_v160 =  *((intOrPtr*)(_t139 + 4));
											while(1) {
												_t110 = WaitForMultipleObjects(2,  &_v164, 0, 0x64);
												__eflags = _t110;
												if(_t110 == 0) {
													break;
												}
												__eflags = _t110 - 1;
												if(_t110 != 1) {
													__eflags = _t110 - 0xffffffff;
													if(_t110 == 0xffffffff) {
														_t156 = GetLastError();
														__eflags = _t156;
														if(__eflags > 0) {
															_t156 = _t156 & 0x0000ffff | 0x80070000;
															__eflags = _t156;
														}
														if(__eflags >= 0) {
															_t156 = 0x80004005;
														}
														E011938BA(_t111, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x19e, _t156);
														_push("Failed to wait for netfx chainer process to complete");
														L2:
														_push(_t156);
														E011CFB09();
														L45:
														if(_v112 != 0) {
															E01192762(_v112);
														}
														if(_v116 != 0) {
															E01192762(_v116);
														}
														E0119287D(_v120);
														E011BCE2C(_t139, _t150, _t139);
														_t151 = CloseHandle;
														if(_v148.hThread != 0) {
															CloseHandle(_v148.hThread);
															_v148.hThread = _v148.hThread & 0x00000000;
														}
														if(_v148.hProcess != 0) {
															CloseHandle(_v148.hProcess);
														}
														return E011BDD1F(_t139, _v8 ^ _t160, _t147, _t151, _t156);
													}
													continue;
												}
												_t156 = E011BD016(_t139, _v132, _v128);
												__eflags = _t156;
												if(_t156 >= 0) {
													continue;
												}
												_push("Failed to process netfx chainer message.");
												goto L2;
											}
											WaitForSingleObject( *(_t139 + 0xc), 0xffffffff);
											_t124 =  *((intOrPtr*)(_t139 + 0x10));
											__eflags =  *(_t124 + 4);
											_t49 = _t124 + 8; // 0x31006e
											_t150 =  *_t49;
											if( *(_t124 + 4) >= 0) {
												L31:
												_t51 = _t124 + 0xc; // 0x64002e
												_v124 =  *_t51;
												ReleaseMutex( *(_t139 + 0xc));
												_t127 = _v156;
												 *_t127 = _t150;
												__eflags = _t150 - 0x8000000a;
												if(_t150 != 0x8000000a) {
													_t128 = _v124;
													__eflags = _t128;
													if(_t128 < 0) {
														_v176 = _v176 & 0x00000000;
														_t60 =  &_v168;
														 *_t60 = _v168 & 0x00000000;
														__eflags =  *_t60;
														_v172 = _t128;
														_v180 = 1;
														_v132( &_v180, _v128);
													}
													goto L45;
												}
												_t131 = GetExitCodeProcess(_v148, _t127);
												__eflags = _t131;
												if(_t131 != 0) {
													goto L45;
												}
												_t156 = GetLastError();
												__eflags = _t156;
												if(__eflags > 0) {
													_t156 = _t156 & 0x0000ffff | 0x80070000;
													__eflags = _t156;
												}
												if(__eflags >= 0) {
													_t156 = 0x80004005;
												}
												E011938BA(_t132, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x18a, _t156);
												_push("Failed to get netfx return code.");
												goto L2;
											}
											__eflags = _t150;
											if(_t150 == 0) {
												L30:
												_t50 = _t124 + 4; // 0x730061
												_t150 =  *_t50;
												goto L31;
											}
											__eflags = _t150 - 0x80004004;
											if(_t150 != 0x80004004) {
												goto L31;
											}
											goto L30;
										}
										_t156 = GetLastError();
										__eflags = _t156;
										if(__eflags > 0) {
											__eflags = _t156;
										}
										if(__eflags >= 0) {
											_t156 = 0x80004005;
										}
										E011938BA(_t134, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x17a, _t156);
										E011CFB09(_t156, "Failed to CreateProcess on path: %ls", _t150);
										L12:
										_t139 = _v108;
										goto L45;
									}
									_push("Failed to allocate netfx chainer arguments.");
									L11:
									_push(_t156);
									E011CFB09();
									goto L12;
								}
								_push("Failed to create netfx chainer.");
								goto L11;
							}
							_push("Failed to allocate event name.");
							goto L2;
						}
						_push("Failed to allocate section name.");
						goto L2;
					}
					_t156 = 0x8007000e;
					E011938BA(_t92, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x168, 0x8007000e);
					_push("Failed to convert netfx chainer guid into string.");
					goto L2;
				}
				_push("Failed to create netfx chainer guid.");
				goto L2;
			}









































                                                            0x011bd10e
                                                            0x011bd117
                                                            0x011bd11e
                                                            0x011bd124
                                                            0x011bd12a
                                                            0x011bd133
                                                            0x011bd13a
                                                            0x011bd140
                                                            0x011bd14d
                                                            0x011bd150
                                                            0x011bd151
                                                            0x011bd152
                                                            0x011bd155
                                                            0x011bd157
                                                            0x011bd15b
                                                            0x011bd15e
                                                            0x011bd168
                                                            0x011bd16b
                                                            0x011bd178
                                                            0x011bd17c
                                                            0x011bd17d
                                                            0x011bd17e
                                                            0x011bd17f
                                                            0x011bd183
                                                            0x011bd18e
                                                            0x011bd1a8
                                                            0x011bd1ac
                                                            0x011bd1b2
                                                            0x011bd1b4
                                                            0x011bd1df
                                                            0x011bd1e9
                                                            0x011bd1eb
                                                            0x011bd20b
                                                            0x011bd20d
                                                            0x011bd228
                                                            0x011bd22a
                                                            0x011bd22c
                                                            0x011bd243
                                                            0x011bd25a
                                                            0x011bd25f
                                                            0x011bd261
                                                            0x011bd26a
                                                            0x011bd27a
                                                            0x011bd295
                                                            0x011bd29b
                                                            0x011bd29d
                                                            0x011bd2e1
                                                            0x011bd2ea
                                                            0x011bd2f0
                                                            0x011bd2f9
                                                            0x011bd32b
                                                            0x011bd338
                                                            0x011bd33a
                                                            0x011bd33c
                                                            0x00000000
                                                            0x00000000
                                                            0x011bd301
                                                            0x011bd304
                                                            0x011bd322
                                                            0x011bd325
                                                            0x011bd3da
                                                            0x011bd3dc
                                                            0x011bd3de
                                                            0x011bd3e3
                                                            0x011bd3e9
                                                            0x011bd3e9
                                                            0x011bd3eb
                                                            0x011bd3ed
                                                            0x011bd3ed
                                                            0x011bd3fd
                                                            0x011bd402
                                                            0x011bd195
                                                            0x011bd195
                                                            0x011bd196
                                                            0x011bd43e
                                                            0x011bd442
                                                            0x011bd447
                                                            0x011bd447
                                                            0x011bd450
                                                            0x011bd455
                                                            0x011bd455
                                                            0x011bd45d
                                                            0x011bd463
                                                            0x011bd46f
                                                            0x011bd475
                                                            0x011bd47d
                                                            0x011bd47f
                                                            0x011bd47f
                                                            0x011bd48d
                                                            0x011bd495
                                                            0x011bd495
                                                            0x011bd4a7
                                                            0x011bd4a7
                                                            0x00000000
                                                            0x011bd325
                                                            0x011bd312
                                                            0x011bd314
                                                            0x011bd316
                                                            0x00000000
                                                            0x00000000
                                                            0x011bd318
                                                            0x00000000
                                                            0x011bd318
                                                            0x011bd343
                                                            0x011bd349
                                                            0x011bd34c
                                                            0x011bd350
                                                            0x011bd350
                                                            0x011bd353
                                                            0x011bd364
                                                            0x011bd364
                                                            0x011bd36a
                                                            0x011bd36d
                                                            0x011bd373
                                                            0x011bd379
                                                            0x011bd37b
                                                            0x011bd381
                                                            0x011bd40c
                                                            0x011bd40f
                                                            0x011bd411
                                                            0x011bd416
                                                            0x011bd41d
                                                            0x011bd41d
                                                            0x011bd41d
                                                            0x011bd424
                                                            0x011bd431
                                                            0x011bd43b
                                                            0x011bd43b
                                                            0x00000000
                                                            0x011bd411
                                                            0x011bd38e
                                                            0x011bd394
                                                            0x011bd396
                                                            0x00000000
                                                            0x00000000
                                                            0x011bd3a2
                                                            0x011bd3a4
                                                            0x011bd3a6
                                                            0x011bd3ab
                                                            0x011bd3b1
                                                            0x011bd3b1
                                                            0x011bd3b3
                                                            0x011bd3b5
                                                            0x011bd3b5
                                                            0x011bd3c5
                                                            0x011bd3ca
                                                            0x00000000
                                                            0x011bd3ca
                                                            0x011bd355
                                                            0x011bd357
                                                            0x011bd361
                                                            0x011bd361
                                                            0x011bd361
                                                            0x00000000
                                                            0x011bd361
                                                            0x011bd359
                                                            0x011bd35f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011bd35f
                                                            0x011bd2a5
                                                            0x011bd2a7
                                                            0x011bd2a9
                                                            0x011bd2b4
                                                            0x011bd2b4
                                                            0x011bd2b6
                                                            0x011bd2b8
                                                            0x011bd2b8
                                                            0x011bd2c8
                                                            0x011bd2d4
                                                            0x011bd23b
                                                            0x011bd23b
                                                            0x00000000
                                                            0x011bd23b
                                                            0x011bd263
                                                            0x011bd233
                                                            0x011bd233
                                                            0x011bd234
                                                            0x00000000
                                                            0x011bd23a
                                                            0x011bd22e
                                                            0x00000000
                                                            0x011bd22e
                                                            0x011bd20f
                                                            0x00000000
                                                            0x011bd20f
                                                            0x011bd1ed
                                                            0x00000000
                                                            0x011bd1ed
                                                            0x011bd1b6
                                                            0x011bd1c6
                                                            0x011bd1cb
                                                            0x00000000
                                                            0x011bd1cb
                                                            0x011bd190
                                                            0x00000000

                                                            APIs
                                                            • UuidCreate.RPCRT4(?), ref: 011BD183
                                                            • StringFromGUID2.OLE32(?,?,00000027), ref: 011BD1AC
                                                            • CreateProcessW.KERNEL32 ref: 011BD295
                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 011BD29F
                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 011BD338
                                                            • WaitForSingleObject.KERNEL32(011DA500,000000FF,?,?,?,?), ref: 011BD343
                                                            • ReleaseMutex.KERNEL32(011DA500,?,?,?,?), ref: 011BD36D
                                                            • GetExitCodeProcess.KERNEL32 ref: 011BD38E
                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 011BD39C
                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 011BD3D4
                                                              • Part of subcall function 011BD016: WaitForSingleObject.KERNEL32(?,000000FF,7476F730,00000000,?,?,?,011BD312,?), ref: 011BD035
                                                              • Part of subcall function 011BD016: ReleaseMutex.KERNEL32(?,?,?,011BD312,?), ref: 011BD049
                                                              • Part of subcall function 011BD016: WaitForSingleObject.KERNEL32(?,000000FF), ref: 011BD08E
                                                              • Part of subcall function 011BD016: ReleaseMutex.KERNEL32(?), ref: 011BD0A1
                                                              • Part of subcall function 011BD016: SetEvent.KERNEL32(?), ref: 011BD0AA
                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 011BD47D
                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 011BD495
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Wait$ErrorLastMutexObjectReleaseSingle$CloseCreateHandleProcess$CodeEventExitFromMultipleObjectsStringUuid
                                                            • String ID: %ls /pipe %ls$@Mqt$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$Jv_)$NetFxEvent.%ls$NetFxSection.%ls$c:\agent\_work\66\s\src\burn\engine\netfxchainer.cpp
                                                            • API String ID: 1533322865-2239958122
                                                            • Opcode ID: 58547c9ce77860a8f3d759c63031ec5c36c9ca3f1313fee48035aa803223433c
                                                            • Instruction ID: a7981238bd082ad90f846d197ec224536b25bb1267abdeb050a83dd9efcfabc2
                                                            • Opcode Fuzzy Hash: 58547c9ce77860a8f3d759c63031ec5c36c9ca3f1313fee48035aa803223433c
                                                            • Instruction Fuzzy Hash: 96A1BF72D0162AABDF2D9AE8DC84BDEBBB8BF04314F114169ED18BB201D73599418F91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D6C19 Relevance: 45.8, APIs: 13, Strings: 13, Instructions: 339COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 83%
                                                            			E011D6C19(void* __ebx, void* __eflags, int _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				int _v20;
				int _v24;
				int _v28;
				void* __edi;
				int _t110;
				int _t111;
				int _t112;
				int _t114;
				int _t116;
				int _t117;
				int _t118;
				int _t119;
				int _t120;
				int _t121;
				int _t122;
				int _t123;
				int _t124;
				int _t125;
				int _t128;
				void* _t147;
				intOrPtr* _t150;
				void* _t151;
				signed int _t153;
				intOrPtr* _t154;
				intOrPtr _t160;
				int _t161;

				_t149 = __ebx;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t160 = E011939DF(0x48, 1);
				if(_t160 != 0) {
					_t150 = _a4;
					 *((intOrPtr*)(_t160 + 0x40)) = _t150;
					 *((intOrPtr*)( *_t150 + 4))(_t150, __ebx);
					_t7 = _t160 + 0x20; // 0x20
					_t8 = _t160 + 0x24; // 0x24
					_t161 = E011D5E35(_t8, _t150, L"author", _t8, _t7);
					__eflags = _t161;
					if(_t161 >= 0) {
						_t9 = _t160 + 0x28; // 0x28
						_t10 = _t160 + 0x2c; // 0x2c
						_t161 = E011D5ECB(_t10, _t150, L"category", _t10, _t9);
						__eflags = _t161;
						if(_t161 >= 0) {
							_t11 = _t160 + 0x30; // 0x30
							_t12 = _t160 + 0x34; // 0x34
							_t161 = E011D5F61(_t12, _t150, L"entry", _t12, _t11);
							__eflags = _t161;
							if(_t161 >= 0) {
								_t13 = _t160 + 0x38; // 0x38
								_t14 = _t160 + 0x3c; // 0x3c
								_t161 = E011D5FF7(_t14, _t150, L"link", _t14, _t13);
								__eflags = _t161;
								if(_t161 >= 0) {
									_t158 =  &_v16;
									_t161 =  *((intOrPtr*)( *_t150 + 0x30))(_t150,  &_v16);
									__eflags = _t161;
									if(_t161 >= 0) {
										_t110 = E011D30E2( &_v16, _v16,  &_v12,  &_v8);
										_t161 = _t110;
										__eflags = _t161;
										if(_t161 != 0) {
											L45:
											_t111 =  *(_t160 + 8);
											__eflags = _t111;
											if(_t111 == 0) {
												L54:
												_t112 = 0x8007000d;
												_push(0x8007000d);
												_push(0x197);
												goto L55;
											} else {
												__eflags =  *_t111;
												if( *_t111 == 0) {
													goto L54;
												} else {
													_t114 =  *(_t160 + 0x14);
													__eflags = _t114;
													if(_t114 == 0) {
														L53:
														_t112 = 0x8007000d;
														_push(0x8007000d);
														_push(0x19c);
														goto L55;
													} else {
														__eflags =  *_t114;
														if( *_t114 == 0) {
															goto L53;
														} else {
															__eflags =  *(_t160 + 0x1c);
															if( *(_t160 + 0x1c) != 0) {
																L52:
																 *_a8 = _t160;
																_t160 = 0;
															} else {
																__eflags =  *(_t160 + 0x18);
																if( *(_t160 + 0x18) != 0) {
																	goto L52;
																} else {
																	_t112 = 0x8007000d;
																	_push(0x8007000d);
																	_push(0x1a1);
																	L55:
																	_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp");
																	_t161 = _t112;
																	E011938BA(_t112);
																}
															}
														}
													}
												}
											}
										} else {
											_t151 = CompareStringW;
											_v28 = _t161;
											_v24 = _t110;
											_v20 = _t110;
											_a4 = _t110;
											while(1) {
												_t116 = CompareStringW(0x7f, _t110, _v8, 0xffffffff, L"generator", 0xffffffff);
												__eflags = _t116 - 2;
												if(_t116 != 2) {
													goto L13;
												}
												_push(_v12);
												_push(_t160);
												L12:
												_t128 = E011D60FB(_t158);
												L39:
												_t161 = _t128;
												__eflags = _t161;
												if(_t161 >= 0) {
													L40:
													__eflags = _v8;
													if(_v8 != 0) {
														__imp__#6(_v8);
														_t68 =  &_v8;
														 *_t68 = _v8 & 0x00000000;
														__eflags =  *_t68;
													}
													_t158 = _v12;
													__eflags = _t158;
													if(_t158 != 0) {
														 *((intOrPtr*)( *_t158 + 8))(_t158);
														_t72 =  &_v12;
														 *_t72 = _v12 & 0x00000000;
														__eflags =  *_t72;
													}
													_t161 = E011D30E2(_t158, _v16,  &_v12,  &_v8);
													__eflags = _t161;
													if(_t161 == 0) {
														_t161 = _v28;
														_t110 = 0;
														__eflags = 0;
														continue;
													} else {
														goto L45;
													}
												}
												goto L56;
												L13:
												_t117 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"icon", 0xffffffff);
												__eflags = _t117 - 2;
												if(_t117 != 2) {
													_t118 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"id", 0xffffffff);
													__eflags = _t118 - 2;
													if(_t118 != 2) {
														_t119 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"logo", 0xffffffff);
														__eflags = _t119 - 2;
														if(_t119 != 2) {
															_t120 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"subtitle", 0xffffffff);
															__eflags = _t120 - 2;
															if(_t120 != 2) {
																_t121 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
																__eflags = _t121 - 2;
																if(_t121 != 2) {
																	_t122 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"updated", 0xffffffff);
																	__eflags = _t122 - 2;
																	if(_t122 != 2) {
																		_t123 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"author", 0xffffffff);
																		__eflags = _t123 - 2;
																		if(_t123 != 2) {
																			_t124 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"category", 0xffffffff);
																			__eflags = _t124 - 2;
																			if(_t124 != 2) {
																				_t125 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"entry", 0xffffffff);
																				__eflags = _t125 - 2;
																				if(_t125 != 2) {
																					__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"link", 0xffffffff) - 2;
																					if(__eflags != 0) {
																						_t64 = _t160 + 0x44; // 0x44
																						_t128 = E011D72DE(_t151, __eflags, _v12, _t64);
																						goto L39;
																					} else {
																						_t161 = E011D6FC4(_v12,  *((intOrPtr*)(_t160 + 0x3c)) + _t161);
																						__eflags = _t161;
																						if(_t161 >= 0) {
																							_v28 = _v28 + 0x28;
																							goto L40;
																						}
																					}
																				} else {
																					_t161 = E011D68DE(_v12,  *((intOrPtr*)(_t160 + 0x34)) + _v24);
																					__eflags = _t161;
																					if(_t161 >= 0) {
																						_v24 = _v24 + 0x40;
																						goto L40;
																					}
																				}
																			} else {
																				_t161 = E011D6527(_v12,  *((intOrPtr*)(_t160 + 0x2c)) + _v20);
																				__eflags = _t161;
																				if(_t161 >= 0) {
																					_v20 = _v20 + 0x10;
																					goto L40;
																				}
																			}
																		} else {
																			_t161 = E011D6402(_v12,  *((intOrPtr*)(_t160 + 0x24)) + _a4);
																			__eflags = _t161;
																			if(_t161 >= 0) {
																				_a4 = _a4 + 0xc;
																				goto L40;
																			}
																		}
																	} else {
																		_t40 = _t160 + 0x18; // 0x18
																		_t128 = E011D608D(_t158, _t40, _v12);
																		goto L39;
																	}
																} else {
																	_t37 = _t160 + 0x14; // 0x14
																	_t147 = _t37;
																	goto L15;
																}
															} else {
																_t35 = _t160 + 0x10; // 0x10
																_t147 = _t35;
																goto L15;
															}
														} else {
															_t33 = _t160 + 0xc; // 0xc
															_t147 = _t33;
															goto L15;
														}
													} else {
														_t31 = _t160 + 8; // 0x8
														_t147 = _t31;
														goto L15;
													}
												} else {
													_t28 = _t160 + 4; // 0x4
													_t147 = _t28;
													L15:
													_push(_v12);
													_push(_t147);
													goto L12;
												}
												goto L56;
											}
										}
									}
								}
							}
						}
					}
					L56:
					_pop(_t149);
				} else {
					_t161 = 0x8007000e;
					E011938BA(_t89, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp", 0x134, 0x8007000e);
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t153 = _v12;
				if(_t153 != 0) {
					 *((intOrPtr*)( *_t153 + 8))(_t153);
				}
				_t154 = _v16;
				if(_t154 != 0) {
					 *((intOrPtr*)( *_t154 + 8))(_t154);
				}
				if(_t160 != 0) {
					E011D7475(_t149, _t160, _t160);
				}
				return _t161;
			}
































                                                            0x011d6c19
                                                            0x011d6c27
                                                            0x011d6c2a
                                                            0x011d6c2d
                                                            0x011d6c35
                                                            0x011d6c39
                                                            0x011d6c56
                                                            0x011d6c59
                                                            0x011d6c5f
                                                            0x011d6c62
                                                            0x011d6c66
                                                            0x011d6c75
                                                            0x011d6c77
                                                            0x011d6c79
                                                            0x011d6c7f
                                                            0x011d6c83
                                                            0x011d6c92
                                                            0x011d6c94
                                                            0x011d6c96
                                                            0x011d6c9c
                                                            0x011d6ca0
                                                            0x011d6caf
                                                            0x011d6cb1
                                                            0x011d6cb3
                                                            0x011d6cb9
                                                            0x011d6cbd
                                                            0x011d6ccc
                                                            0x011d6cce
                                                            0x011d6cd0
                                                            0x011d6cd8
                                                            0x011d6ce0
                                                            0x011d6ce2
                                                            0x011d6ce4
                                                            0x011d6cf5
                                                            0x011d6cfa
                                                            0x011d6cfc
                                                            0x011d6cfe
                                                            0x011d6f2a
                                                            0x011d6f2a
                                                            0x011d6f2d
                                                            0x011d6f2f
                                                            0x011d6f71
                                                            0x011d6f71
                                                            0x011d6f76
                                                            0x011d6f77
                                                            0x00000000
                                                            0x011d6f31
                                                            0x011d6f33
                                                            0x011d6f36
                                                            0x00000000
                                                            0x011d6f38
                                                            0x011d6f38
                                                            0x011d6f3b
                                                            0x011d6f3d
                                                            0x011d6f64
                                                            0x011d6f64
                                                            0x011d6f69
                                                            0x011d6f6a
                                                            0x00000000
                                                            0x011d6f3f
                                                            0x011d6f3f
                                                            0x011d6f42
                                                            0x00000000
                                                            0x011d6f44
                                                            0x011d6f44
                                                            0x011d6f47
                                                            0x011d6f5b
                                                            0x011d6f5e
                                                            0x011d6f60
                                                            0x011d6f49
                                                            0x011d6f49
                                                            0x011d6f4c
                                                            0x00000000
                                                            0x011d6f4e
                                                            0x011d6f4e
                                                            0x011d6f53
                                                            0x011d6f54
                                                            0x011d6f7c
                                                            0x011d6f7c
                                                            0x011d6f81
                                                            0x011d6f83
                                                            0x011d6f83
                                                            0x011d6f4c
                                                            0x011d6f47
                                                            0x011d6f42
                                                            0x011d6f3d
                                                            0x011d6f36
                                                            0x011d6d04
                                                            0x011d6d04
                                                            0x011d6d0a
                                                            0x011d6d0d
                                                            0x011d6d10
                                                            0x011d6d13
                                                            0x011d6d1d
                                                            0x011d6d2c
                                                            0x011d6d2e
                                                            0x011d6d31
                                                            0x00000000
                                                            0x00000000
                                                            0x011d6d33
                                                            0x011d6d36
                                                            0x011d6d37
                                                            0x011d6d37
                                                            0x011d6ee2
                                                            0x011d6ee2
                                                            0x011d6ee4
                                                            0x011d6ee6
                                                            0x011d6eec
                                                            0x011d6eec
                                                            0x011d6ef0
                                                            0x011d6ef5
                                                            0x011d6efb
                                                            0x011d6efb
                                                            0x011d6efb
                                                            0x011d6efb
                                                            0x011d6eff
                                                            0x011d6f02
                                                            0x011d6f04
                                                            0x011d6f09
                                                            0x011d6f0c
                                                            0x011d6f0c
                                                            0x011d6f0c
                                                            0x011d6f0c
                                                            0x011d6f20
                                                            0x011d6f22
                                                            0x011d6f24
                                                            0x011d6d18
                                                            0x011d6d1b
                                                            0x011d6d1b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d6f24
                                                            0x00000000
                                                            0x011d6d41
                                                            0x011d6d51
                                                            0x011d6d53
                                                            0x011d6d56
                                                            0x011d6d71
                                                            0x011d6d73
                                                            0x011d6d76
                                                            0x011d6d8d
                                                            0x011d6d8f
                                                            0x011d6d92
                                                            0x011d6da9
                                                            0x011d6dab
                                                            0x011d6dae
                                                            0x011d6dc5
                                                            0x011d6dc7
                                                            0x011d6dca
                                                            0x011d6de1
                                                            0x011d6de3
                                                            0x011d6de6
                                                            0x011d6e09
                                                            0x011d6e0b
                                                            0x011d6e0e
                                                            0x011d6e42
                                                            0x011d6e44
                                                            0x011d6e47
                                                            0x011d6e7b
                                                            0x011d6e7d
                                                            0x011d6e80
                                                            0x011d6eb3
                                                            0x011d6eb6
                                                            0x011d6ed6
                                                            0x011d6edd
                                                            0x00000000
                                                            0x011d6eb8
                                                            0x011d6ec6
                                                            0x011d6ec8
                                                            0x011d6eca
                                                            0x011d6ed0
                                                            0x00000000
                                                            0x011d6ed0
                                                            0x011d6eca
                                                            0x011d6e82
                                                            0x011d6e91
                                                            0x011d6e93
                                                            0x011d6e95
                                                            0x011d6e9b
                                                            0x00000000
                                                            0x011d6e9b
                                                            0x011d6e95
                                                            0x011d6e49
                                                            0x011d6e58
                                                            0x011d6e5a
                                                            0x011d6e5c
                                                            0x011d6e62
                                                            0x00000000
                                                            0x011d6e62
                                                            0x011d6e5c
                                                            0x011d6e10
                                                            0x011d6e1f
                                                            0x011d6e21
                                                            0x011d6e23
                                                            0x011d6e29
                                                            0x00000000
                                                            0x011d6e29
                                                            0x011d6e23
                                                            0x011d6de8
                                                            0x011d6deb
                                                            0x011d6def
                                                            0x00000000
                                                            0x011d6def
                                                            0x011d6dcc
                                                            0x011d6dcc
                                                            0x011d6dcc
                                                            0x00000000
                                                            0x011d6dcc
                                                            0x011d6db0
                                                            0x011d6db0
                                                            0x011d6db0
                                                            0x00000000
                                                            0x011d6db0
                                                            0x011d6d94
                                                            0x011d6d94
                                                            0x011d6d94
                                                            0x00000000
                                                            0x011d6d94
                                                            0x011d6d78
                                                            0x011d6d78
                                                            0x011d6d78
                                                            0x00000000
                                                            0x011d6d78
                                                            0x011d6d58
                                                            0x011d6d58
                                                            0x011d6d58
                                                            0x011d6d5b
                                                            0x011d6d5b
                                                            0x011d6d5e
                                                            0x00000000
                                                            0x011d6d5e
                                                            0x00000000
                                                            0x011d6d56
                                                            0x011d6d1d
                                                            0x011d6cfe
                                                            0x011d6ce4
                                                            0x011d6cd0
                                                            0x011d6cb3
                                                            0x011d6c96
                                                            0x011d6f88
                                                            0x011d6f88
                                                            0x011d6c3b
                                                            0x011d6c3b
                                                            0x011d6c4b
                                                            0x011d6c4b
                                                            0x011d6f8d
                                                            0x011d6f92
                                                            0x011d6f92
                                                            0x011d6f98
                                                            0x011d6f9d
                                                            0x011d6fa2
                                                            0x011d6fa2
                                                            0x011d6fa5
                                                            0x011d6faa
                                                            0x011d6faf
                                                            0x011d6faf
                                                            0x011d6fb4
                                                            0x011d6fb7
                                                            0x011d6fb7
                                                            0x011d6fc1

                                                            APIs
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 011D6D2C
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D6EF5
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D6F92
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$FreeHeap$AllocateCompareProcess
                                                            • String ID: ($@$author$c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp$category$entry$generator$icon$link$logo$subtitle$title$updated
                                                            • API String ID: 1555028553-2916413190
                                                            • Opcode ID: 1c1c77b13c81470e46b9d89323f6f6215061ea7b5acd5aaaebb80070be72ea3a
                                                            • Instruction ID: c76f5247e90eb8b95e5ec83a4ac33c1b6d7916f7655761b254f4a51914fbaecc
                                                            • Opcode Fuzzy Hash: 1c1c77b13c81470e46b9d89323f6f6215061ea7b5acd5aaaebb80070be72ea3a
                                                            • Instruction Fuzzy Hash: 30B1B371944626BBDF19DBA8CC51FAEBB75AF04724F204398F621AA1D1CB70E940CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119A3D4 Relevance: 45.8, APIs: 8, Strings: 18, Instructions: 311registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E0119A3D4(long _a4, intOrPtr _a8) {
				int _v8;
				char _v12;
				int _v16;
				int _v20;
				int _v24;
				intOrPtr _v32;
				void _v48;
				signed short _t89;
				signed short _t91;
				char* _t103;
				signed short _t106;
				long _t109;
				long _t112;
				signed short _t116;
				WCHAR* _t131;
				signed int _t132;
				signed short _t136;
				long _t144;
				signed short _t145;
				signed short _t146;
				signed short _t147;
				signed short _t148;
				signed short _t149;
				signed short _t150;
				void* _t154;
				void* _t155;

				_t132 = 6;
				memset( &_v48, 0, _t132 << 2);
				_t155 = _t154 + 0xc;
				_t144 = _a4;
				_v12 = 0;
				_t131 = 0;
				_v20 = 0;
				_v16 = 0;
				_v24 = 0;
				asm("sbb eax, eax");
				_v8 = 0;
				_a4 = ( ~( *(_t144 + 0x24)) & 0x00000100) + 1;
				_t145 = E01197303(_a8,  *((intOrPtr*)(_t144 + 0x1c)),  &_v12, 0);
				if(_t145 >= 0) {
					__eflags =  *(_t144 + 0x20);
					if( *(_t144 + 0x20) == 0) {
						L5:
						_t146 = E011D0823( *((intOrPtr*)(_t144 + 0x18)), _v12, _a4,  &_v16);
						__eflags = _t146 - 0x80070002;
						if(_t146 != 0x80070002) {
							__eflags = _t146;
							if(_t146 >= 0) {
								_t147 = RegQueryValueExW(_v16, _v20, 0,  &_v24, 0,  &_v8);
								__eflags = _t147 - 2;
								if(_t147 != 2) {
									__eflags = _t147;
									if(__eflags == 0) {
										_t131 = E011939DF(_v8 + 2, 1);
										__eflags = _t131;
										if(_t131 != 0) {
											_t148 = RegQueryValueExW(_v16, _v20, 0,  &_v24, _t131,  &_v8);
											__eflags = _t148;
											if(__eflags == 0) {
												_t89 = _v24 - 1;
												__eflags = _t89;
												if(_t89 == 0) {
													L50:
													_t91 = E011B033F( &_v48, _t131, 0);
													goto L51;
												} else {
													_t106 = _t89 - 1;
													__eflags = _t106;
													if(_t106 == 0) {
														__eflags =  *(_t144 + 0x28);
														if( *(_t144 + 0x28) == 0) {
															goto L50;
														} else {
															_t149 = E01191FE0( &_v48, _v8);
															_t136 = _t149;
															__eflags = _t149;
															if(_t149 >= 0) {
																_v32 = 2;
																_t109 = ExpandEnvironmentStringsW(_t131, _v48, _v8);
																_a4 = _t109;
																__eflags = _t109 - _v8;
																if(_t109 <= _v8) {
																	goto L52;
																} else {
																	_t150 = E01191FE0( &_v48, _t109);
																	_t136 = _t150;
																	__eflags = _t150;
																	if(_t150 < 0) {
																		goto L41;
																	} else {
																		_t112 = ExpandEnvironmentStringsW(_t131, _v48, _a4);
																		__eflags = _a4 - _t112;
																		if(_a4 == _t112) {
																			goto L52;
																		} else {
																			_t150 = GetLastError();
																			__eflags = _t150;
																			if(__eflags > 0) {
																				_t150 = _t150 & 0x0000ffff | 0x80070000;
																				__eflags = _t150;
																			}
																			if(__eflags >= 0) {
																				_t150 = 0x80004005;
																			}
																			E011938BA(_t113, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x396, _t150);
																			_t136 = _t150;
																			_t103 = "Failed to get expand environment string.";
																			goto L58;
																		}
																	}
																}
															} else {
																L41:
																_t103 = "Failed to allocate string buffer.";
																goto L58;
															}
														}
													} else {
														_t116 = _t106;
														__eflags = _t116;
														if(_t116 == 0) {
															__eflags = _v8 - 4;
															if(_v8 != 4) {
																goto L34;
															} else {
																asm("cdq");
																_push(0);
																_push( *_t131);
																goto L36;
															}
														} else {
															__eflags = _t116 == 7;
															if(_t116 == 7) {
																__eflags = _v8 - 8;
																if(_v8 == 8) {
																	_push(_t131[2]);
																	_push( *_t131);
																	L36:
																	_push( &_v48);
																	_t91 = E011B02FB();
																	L51:
																	_t149 = _t91;
																	L52:
																	__eflags = _t149;
																	if(_t149 >= 0) {
																		_t150 = E011AFF10( &_v48,  *((intOrPtr*)(_t144 + 0x14)));
																		_t136 = _t150;
																		__eflags = _t150;
																		if(_t150 >= 0) {
																			_t150 = E01198259(_a8,  *((intOrPtr*)(_t144 + 4)),  &_v48);
																			_t136 = _t150;
																			__eflags = _t150;
																			if(_t150 < 0) {
																				_t103 = "Failed to set variable.";
																				goto L58;
																			}
																		} else {
																			_t103 = "Failed to change value type.";
																			goto L58;
																		}
																	} else {
																		_t103 = "Failed to read registry value.";
																		goto L58;
																	}
																} else {
																	L34:
																	_t150 = 0x8000ffff;
																	goto L59;
																}
															} else {
																_t150 = 0x80004001;
																E011CFB09(0x80004001, "Unsupported registry key value type. Type = \'%u\'", _v24);
																_t155 = _t155 + 0xc;
																goto L59;
															}
														}
													}
												}
											} else {
												if(__eflags > 0) {
													_t148 = _t148 & 0x0000ffff | 0x80070000;
													__eflags = _t148;
												}
												if(__eflags >= 0) {
													_t148 = 0x80004005;
												}
												E011938BA(_t87, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x375, _t148);
												_t136 = _t148;
												_t103 = "Failed to query registry key value.";
												goto L58;
											}
										} else {
											_t150 = 0x8007000e;
											E011938BA(_t84, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x372, 0x8007000e);
											_push("Failed to allocate memory registry value.");
											_push(0x8007000e);
											E011CFB09();
											goto L59;
										}
									} else {
										if(__eflags > 0) {
											_t147 = _t147 & 0x0000ffff | 0x80070000;
											__eflags = _t147;
										}
										if(__eflags >= 0) {
											_t147 = 0x80004005;
										}
										E011938BA(_t81, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x36f, _t147);
										_t136 = _t147;
										_t103 = "Failed to query registry key value size.";
										goto L58;
									}
								} else {
									_push(_v20);
									E011CFFF0(_t81, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v12);
									_t155 = _t155 + 0x10;
									goto L7;
								}
							} else {
								_t103 = "Failed to open registry key.";
								goto L58;
							}
						} else {
							E011CFFF0(2, "Registry key not found. Key = \'%ls\'", _v12);
							_t155 = _t155 + 0xc;
							L7:
							_t150 = E01198259(_a8,  *((intOrPtr*)(_t144 + 4)),  &_v48);
							_t136 = _t150;
							__eflags = _t150;
							if(_t150 >= 0) {
								_t150 = 0;
							} else {
								_t103 = "Failed to clear variable.";
								goto L58;
							}
						}
					} else {
						_t150 = E01197303(_a8,  *(_t144 + 0x20),  &_v20, 0);
						_t136 = _t150;
						__eflags = _t150;
						if(_t150 >= 0) {
							goto L5;
						} else {
							_t103 = "Failed to format value string.";
							goto L58;
						}
					}
				} else {
					_t136 = _t145;
					_t103 = "Failed to format key string.";
					L58:
					_push(_t103);
					_push(_t136);
					E011CFB09();
					if(_t150 < 0) {
						L59:
						_push(_t150);
						E011CFFF0(2, "RegistrySearchValue failed: ID \'%ls\', HRESULT 0x%x", _v12);
					}
				}
				E0119287D(_v12);
				E0119287D(_v20);
				if(_v16 != 0) {
					RegCloseKey(_v16);
					_v16 = _v16 & 0x00000000;
				}
				if(_t131 != 0) {
					E01193AA4(_t131);
				}
				E011B04E3( &_v48);
				return _t150;
			}





























                                                            0x0119a3e4
                                                            0x0119a3e5
                                                            0x0119a3e5
                                                            0x0119a3e7
                                                            0x0119a3ed
                                                            0x0119a3f0
                                                            0x0119a3f2
                                                            0x0119a3fa
                                                            0x0119a3fd
                                                            0x0119a400
                                                            0x0119a402
                                                            0x0119a40b
                                                            0x0119a41d
                                                            0x0119a421
                                                            0x0119a42f
                                                            0x0119a432
                                                            0x0119a457
                                                            0x0119a469
                                                            0x0119a46d
                                                            0x0119a473
                                                            0x0119a4af
                                                            0x0119a4b1
                                                            0x0119a4d5
                                                            0x0119a4d7
                                                            0x0119a4da
                                                            0x0119a4f2
                                                            0x0119a4f4
                                                            0x0119a534
                                                            0x0119a536
                                                            0x0119a538
                                                            0x0119a578
                                                            0x0119a57a
                                                            0x0119a57c
                                                            0x0119a5b1
                                                            0x0119a5b1
                                                            0x0119a5b4
                                                            0x0119a6b4
                                                            0x0119a6bb
                                                            0x00000000
                                                            0x0119a5ba
                                                            0x0119a5ba
                                                            0x0119a5ba
                                                            0x0119a5bd
                                                            0x0119a615
                                                            0x0119a619
                                                            0x00000000
                                                            0x0119a61f
                                                            0x0119a62b
                                                            0x0119a62d
                                                            0x0119a62f
                                                            0x0119a631
                                                            0x0119a640
                                                            0x0119a64b
                                                            0x0119a651
                                                            0x0119a654
                                                            0x0119a657
                                                            0x00000000
                                                            0x0119a659
                                                            0x0119a663
                                                            0x0119a665
                                                            0x0119a667
                                                            0x0119a669
                                                            0x00000000
                                                            0x0119a66b
                                                            0x0119a672
                                                            0x0119a678
                                                            0x0119a67b
                                                            0x00000000
                                                            0x0119a67d
                                                            0x0119a683
                                                            0x0119a685
                                                            0x0119a687
                                                            0x0119a68c
                                                            0x0119a692
                                                            0x0119a692
                                                            0x0119a694
                                                            0x0119a696
                                                            0x0119a696
                                                            0x0119a6a6
                                                            0x0119a6ab
                                                            0x0119a6ad
                                                            0x00000000
                                                            0x0119a6ad
                                                            0x0119a67b
                                                            0x0119a669
                                                            0x0119a633
                                                            0x0119a633
                                                            0x0119a633
                                                            0x00000000
                                                            0x0119a633
                                                            0x0119a631
                                                            0x0119a5bf
                                                            0x0119a5c0
                                                            0x0119a5c0
                                                            0x0119a5c3
                                                            0x0119a608
                                                            0x0119a60c
                                                            0x00000000
                                                            0x0119a60e
                                                            0x0119a610
                                                            0x0119a611
                                                            0x0119a612
                                                            0x00000000
                                                            0x0119a612
                                                            0x0119a5c5
                                                            0x0119a5c5
                                                            0x0119a5c8
                                                            0x0119a5e5
                                                            0x0119a5e9
                                                            0x0119a5f5
                                                            0x0119a5f8
                                                            0x0119a5fa
                                                            0x0119a5fd
                                                            0x0119a5fe
                                                            0x0119a6c0
                                                            0x0119a6c0
                                                            0x0119a6c2
                                                            0x0119a6c4
                                                            0x0119a6c6
                                                            0x0119a6db
                                                            0x0119a6dd
                                                            0x0119a6df
                                                            0x0119a6e1
                                                            0x0119a6f9
                                                            0x0119a6fb
                                                            0x0119a6fd
                                                            0x0119a6ff
                                                            0x0119a701
                                                            0x00000000
                                                            0x0119a701
                                                            0x0119a6e3
                                                            0x0119a6e3
                                                            0x00000000
                                                            0x0119a6e3
                                                            0x0119a6c8
                                                            0x0119a6c8
                                                            0x00000000
                                                            0x0119a6c8
                                                            0x0119a5eb
                                                            0x0119a5eb
                                                            0x0119a5eb
                                                            0x00000000
                                                            0x0119a5eb
                                                            0x0119a5ca
                                                            0x0119a5cd
                                                            0x0119a5d8
                                                            0x0119a5dd
                                                            0x00000000
                                                            0x0119a5dd
                                                            0x0119a5c8
                                                            0x0119a5c3
                                                            0x0119a5bd
                                                            0x0119a57e
                                                            0x0119a57e
                                                            0x0119a583
                                                            0x0119a589
                                                            0x0119a589
                                                            0x0119a58b
                                                            0x0119a58d
                                                            0x0119a58d
                                                            0x0119a59d
                                                            0x0119a5a2
                                                            0x0119a5a4
                                                            0x00000000
                                                            0x0119a5a4
                                                            0x0119a53a
                                                            0x0119a53a
                                                            0x0119a54a
                                                            0x0119a54f
                                                            0x0119a554
                                                            0x0119a555
                                                            0x00000000
                                                            0x0119a55b
                                                            0x0119a4f6
                                                            0x0119a4f6
                                                            0x0119a4fb
                                                            0x0119a501
                                                            0x0119a501
                                                            0x0119a503
                                                            0x0119a505
                                                            0x0119a505
                                                            0x0119a515
                                                            0x0119a51a
                                                            0x0119a51c
                                                            0x00000000
                                                            0x0119a51c
                                                            0x0119a4dc
                                                            0x0119a4dc
                                                            0x0119a4e8
                                                            0x0119a4ed
                                                            0x00000000
                                                            0x0119a4ed
                                                            0x0119a4b3
                                                            0x0119a4b3
                                                            0x00000000
                                                            0x0119a4b3
                                                            0x0119a475
                                                            0x0119a47f
                                                            0x0119a484
                                                            0x0119a487
                                                            0x0119a496
                                                            0x0119a498
                                                            0x0119a49a
                                                            0x0119a49c
                                                            0x0119a4a8
                                                            0x0119a49e
                                                            0x0119a49e
                                                            0x00000000
                                                            0x0119a49e
                                                            0x0119a49c
                                                            0x0119a434
                                                            0x0119a445
                                                            0x0119a447
                                                            0x0119a449
                                                            0x0119a44b
                                                            0x00000000
                                                            0x0119a44d
                                                            0x0119a44d
                                                            0x00000000
                                                            0x0119a44d
                                                            0x0119a44b
                                                            0x0119a423
                                                            0x0119a423
                                                            0x0119a425
                                                            0x0119a706
                                                            0x0119a706
                                                            0x0119a707
                                                            0x0119a708
                                                            0x0119a711
                                                            0x0119a713
                                                            0x0119a713
                                                            0x0119a71e
                                                            0x0119a723
                                                            0x0119a711
                                                            0x0119a729
                                                            0x0119a731
                                                            0x0119a73a
                                                            0x0119a73f
                                                            0x0119a745
                                                            0x0119a745
                                                            0x0119a74b
                                                            0x0119a74e
                                                            0x0119a74e
                                                            0x0119a757
                                                            0x0119a762

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 0119A418
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 0119A440
                                                            • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,?,?), ref: 0119A73F
                                                            Strings
                                                            • Failed to query registry key value size., xrefs: 0119A51C
                                                            • Failed to allocate string buffer., xrefs: 0119A633
                                                            • Registry key not found. Key = '%ls', xrefs: 0119A478
                                                            • Failed to read registry value., xrefs: 0119A6C8
                                                            • Failed to change value type., xrefs: 0119A6E3, 0119A706
                                                            • Failed to clear variable., xrefs: 0119A49E
                                                            • Failed to get expand environment string., xrefs: 0119A6AD
                                                            • Unsupported registry key value type. Type = '%u', xrefs: 0119A5D2
                                                            • Failed to format value string., xrefs: 0119A44D
                                                            • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0119A4E2
                                                            • Failed to format key string., xrefs: 0119A425
                                                            • @Mqt, xrefs: 0119A67D
                                                            • c:\agent\_work\66\s\src\burn\engine\search.cpp, xrefs: 0119A510, 0119A545, 0119A598, 0119A6A1
                                                            • Failed to set variable., xrefs: 0119A701
                                                            • Failed to allocate memory registry value., xrefs: 0119A54F
                                                            • Failed to open registry key., xrefs: 0119A4B3
                                                            • Failed to query registry key value., xrefs: 0119A5A4
                                                            • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 0119A717
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Open@16$Close
                                                            • String ID: @Mqt$Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$c:\agent\_work\66\s\src\burn\engine\search.cpp
                                                            • API String ID: 2348241696-865356559
                                                            • Opcode ID: fc996b29692a005d4f04ae7ceea559f389a93e53bedadf3167ed3e2d0a4e95ce
                                                            • Instruction ID: 5cf2fcf14007988579d5e20db99b3741dd962ca25a4b1a1b5f393e5fba039b25
                                                            • Opcode Fuzzy Hash: fc996b29692a005d4f04ae7ceea559f389a93e53bedadf3167ed3e2d0a4e95ce
                                                            • Instruction Fuzzy Hash: F2A1E672E40526BBDF1E9AE8EC45BAE7AB9FF04714F018115F921BB280D7719D0487E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D68DE Relevance: 45.8, APIs: 11, Strings: 15, Instructions: 297COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 79%
                                                            			E011D68DE(signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				signed int _t99;
				signed int _t100;
				signed int _t102;
				int _t104;
				int _t105;
				int _t106;
				int _t107;
				int _t108;
				int _t109;
				int _t110;
				signed int _t113;
				signed int* _t128;
				signed int* _t129;
				signed int _t130;
				void* _t131;
				signed int _t133;
				signed int _t134;
				signed int* _t139;
				signed int _t140;

				_t130 = _a4;
				_t139 = _a8;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t139[0xe] = _t130;
				 *((intOrPtr*)( *_t130 + 4))(_t130);
				_t140 = E011D5E35( &(_t139[9]), _t130, L"author",  &(_t139[9]),  &(_t139[8]));
				if(_t140 >= 0) {
					_t140 = E011D5ECB( &(_t139[0xb]), _t130, L"category",  &(_t139[0xb]),  &(_t139[0xa]));
					if(_t140 >= 0) {
						_t140 = E011D5FF7( &(_t139[0xd]), _t130, L"link",  &(_t139[0xd]),  &(_t139[0xc]));
						if(_t140 >= 0) {
							_t137 =  &_v16;
							_t140 =  *((intOrPtr*)( *_t130 + 0x30))(_t130,  &_v16);
							if(_t140 >= 0) {
								_t140 = E011D30E2( &_v16, _v16,  &_v12,  &_v8);
								if(_t140 != 0) {
									L42:
									if(__eflags >= 0) {
										_t99 =  *_t139;
										__eflags = _t99;
										if(_t99 == 0) {
											L52:
											_t100 = 0x8007000d;
											_push(0x8007000d);
											_push(0x311);
											goto L53;
										} else {
											__eflags =  *_t99;
											if( *_t99 == 0) {
												goto L52;
											} else {
												_t102 = _t139[2];
												__eflags = _t102;
												if(_t102 == 0) {
													L51:
													_t100 = 0x8007000d;
													_push(0x8007000d);
													_push(0x316);
													goto L53;
												} else {
													__eflags =  *_t102;
													if( *_t102 == 0) {
														goto L51;
													} else {
														__eflags = _t139[6];
														if(_t139[6] != 0) {
															L50:
															_t140 = 0;
														} else {
															__eflags = _t139[5];
															if(_t139[5] != 0) {
																goto L50;
															} else {
																_t100 = 0x8007000d;
																_push(0x8007000d);
																_push(0x31b);
																L53:
																_t140 = _t100;
																goto L54;
															}
														}
													}
												}
											}
										}
									}
								} else {
									_a8 = _a8 & _t140;
									_a4 = _a4 & _t140;
									_t131 = CompareStringW;
									_v20 = _t140;
									L6:
									while(1) {
										if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"id", 0xffffffff) != 2) {
											_t104 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"summary", 0xffffffff);
											__eflags = _t104 - 2;
											if(_t104 != 2) {
												_t105 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
												__eflags = _t105 - 2;
												if(_t105 != 2) {
													_t106 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"published", 0xffffffff);
													__eflags = _t106 - 2;
													if(_t106 != 2) {
														_t107 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"updated", 0xffffffff);
														__eflags = _t107 - 2;
														if(_t107 != 2) {
															_t108 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"author", 0xffffffff);
															__eflags = _t108 - 2;
															if(_t108 != 2) {
																_t109 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"category", 0xffffffff);
																__eflags = _t109 - 2;
																if(_t109 != 2) {
																	_t110 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"content", 0xffffffff);
																	__eflags = _t110 - 2;
																	if(_t110 != 2) {
																		__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"link", 0xffffffff) - 2;
																		if(__eflags != 0) {
																			_t113 = E011D72DE(_t131, __eflags, _v12,  &(_t139[0xf]));
																			goto L33;
																		} else {
																			_t140 = E011D6FC4(_v12, _t139[0xd] + _t140);
																			__eflags = _t140;
																			if(_t140 >= 0) {
																				_v20 = _v20 + 0x28;
																				goto L34;
																			}
																		}
																	} else {
																		__eflags = _t139[7];
																		if(_t139[7] != 0) {
																			_t140 = 0x8000ffff;
																		} else {
																			_t100 = E011939DF(0x10, 1);
																			_t139[7] = _t100;
																			__eflags = _t100;
																			if(_t100 == 0) {
																				_t140 = 0x8007000e;
																				_push(0x8007000e);
																				_push(0x2f7);
																				L54:
																				_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp");
																				E011938BA(_t100);
																			} else {
																				_t113 = E011D66D4(_v12, _t100);
																				goto L33;
																			}
																		}
																	}
																} else {
																	_t140 = E011D6527(_v12, _t139[0xb] + _a8);
																	__eflags = _t140;
																	if(_t140 >= 0) {
																		_a8 = _a8 + 0x10;
																		goto L34;
																	}
																}
															} else {
																_t140 = E011D6402(_v12, _t139[9] + _a4);
																__eflags = _t140;
																if(_t140 >= 0) {
																	_a4 = _a4 + 0xc;
																	goto L34;
																}
															}
														} else {
															_t128 =  &(_t139[5]);
															goto L16;
														}
													} else {
														_t128 =  &(_t139[3]);
														L16:
														_t113 = E011D608D(_t137, _t128, _v12);
														goto L33;
													}
												} else {
													_t129 =  &(_t139[2]);
													goto L11;
												}
											} else {
												_t129 =  &(_t139[1]);
												L11:
												_push(_v12);
												_push(_t129);
												goto L8;
											}
										} else {
											_push(_v12);
											_push(_t139);
											L8:
											_t113 = E011D60FB(_t137);
											L33:
											_t140 = _t113;
											if(_t140 >= 0) {
												L34:
												if(_v8 != 0) {
													__imp__#6(_v8);
													_v8 = _v8 & 0x00000000;
												}
												_t137 = _v12;
												if(_t137 != 0) {
													 *((intOrPtr*)( *_t137 + 8))(_t137);
													_v12 = _v12 & 0x00000000;
												}
												_t140 = E011D30E2(_t137, _v16,  &_v12,  &_v8);
												if(_t140 != 0) {
													goto L42;
												} else {
													_t140 = _v20;
													continue;
												}
											}
										}
										goto L55;
									}
								}
							}
						}
					}
				}
				L55:
				__eflags = _v8;
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t133 = _v12;
				__eflags = _t133;
				if(_t133 != 0) {
					 *((intOrPtr*)( *_t133 + 8))(_t133);
				}
				_t134 = _v16;
				__eflags = _t134;
				if(_t134 != 0) {
					 *((intOrPtr*)( *_t134 + 8))(_t134);
				}
				return _t140;
			}



























                                                            0x011d68e5
                                                            0x011d68ec
                                                            0x011d68ef
                                                            0x011d68f2
                                                            0x011d68f5
                                                            0x011d68f8
                                                            0x011d68fe
                                                            0x011d6914
                                                            0x011d6918
                                                            0x011d6931
                                                            0x011d6935
                                                            0x011d694e
                                                            0x011d6952
                                                            0x011d695a
                                                            0x011d6962
                                                            0x011d6966
                                                            0x011d697c
                                                            0x011d6980
                                                            0x011d6b8d
                                                            0x011d6b8d
                                                            0x011d6b8f
                                                            0x011d6b91
                                                            0x011d6b93
                                                            0x011d6bd0
                                                            0x011d6bd0
                                                            0x011d6bd5
                                                            0x011d6bd6
                                                            0x00000000
                                                            0x011d6b95
                                                            0x011d6b97
                                                            0x011d6b9a
                                                            0x00000000
                                                            0x011d6b9c
                                                            0x011d6b9c
                                                            0x011d6b9f
                                                            0x011d6ba1
                                                            0x011d6bc3
                                                            0x011d6bc3
                                                            0x011d6bc8
                                                            0x011d6bc9
                                                            0x00000000
                                                            0x011d6ba3
                                                            0x011d6ba3
                                                            0x011d6ba6
                                                            0x00000000
                                                            0x011d6ba8
                                                            0x011d6ba8
                                                            0x011d6bab
                                                            0x011d6bbf
                                                            0x011d6bbf
                                                            0x011d6bad
                                                            0x011d6bad
                                                            0x011d6bb0
                                                            0x00000000
                                                            0x011d6bb2
                                                            0x011d6bb2
                                                            0x011d6bb7
                                                            0x011d6bb8
                                                            0x011d6bdb
                                                            0x011d6bdb
                                                            0x00000000
                                                            0x011d6bdb
                                                            0x011d6bb0
                                                            0x011d6bab
                                                            0x011d6ba6
                                                            0x011d6ba1
                                                            0x011d6b9a
                                                            0x011d6b93
                                                            0x011d6986
                                                            0x011d6986
                                                            0x011d6989
                                                            0x011d698c
                                                            0x011d6992
                                                            0x00000000
                                                            0x011d6995
                                                            0x011d69aa
                                                            0x011d69ca
                                                            0x011d69cc
                                                            0x011d69cf
                                                            0x011d69ea
                                                            0x011d69ec
                                                            0x011d69ef
                                                            0x011d6a06
                                                            0x011d6a08
                                                            0x011d6a0b
                                                            0x011d6a2e
                                                            0x011d6a30
                                                            0x011d6a33
                                                            0x011d6a4a
                                                            0x011d6a4c
                                                            0x011d6a4f
                                                            0x011d6a83
                                                            0x011d6a85
                                                            0x011d6a88
                                                            0x011d6abc
                                                            0x011d6abe
                                                            0x011d6ac1
                                                            0x011d6afe
                                                            0x011d6b01
                                                            0x011d6b28
                                                            0x00000000
                                                            0x011d6b03
                                                            0x011d6b11
                                                            0x011d6b13
                                                            0x011d6b15
                                                            0x011d6b1b
                                                            0x00000000
                                                            0x011d6b1b
                                                            0x011d6b15
                                                            0x011d6ac3
                                                            0x011d6ac3
                                                            0x011d6ac7
                                                            0x011d6b86
                                                            0x011d6acd
                                                            0x011d6ad1
                                                            0x011d6ad6
                                                            0x011d6ad9
                                                            0x011d6adb
                                                            0x011d6b79
                                                            0x011d6b7e
                                                            0x011d6b7f
                                                            0x011d6bdd
                                                            0x011d6bdd
                                                            0x011d6be2
                                                            0x011d6ae1
                                                            0x011d6ae5
                                                            0x00000000
                                                            0x011d6ae5
                                                            0x011d6adb
                                                            0x011d6ac7
                                                            0x011d6a8a
                                                            0x011d6a99
                                                            0x011d6a9b
                                                            0x011d6a9d
                                                            0x011d6aa3
                                                            0x00000000
                                                            0x011d6aa3
                                                            0x011d6a9d
                                                            0x011d6a51
                                                            0x011d6a60
                                                            0x011d6a62
                                                            0x011d6a64
                                                            0x011d6a6a
                                                            0x00000000
                                                            0x011d6a6a
                                                            0x011d6a64
                                                            0x011d6a35
                                                            0x011d6a35
                                                            0x00000000
                                                            0x011d6a35
                                                            0x011d6a0d
                                                            0x011d6a0d
                                                            0x011d6a10
                                                            0x011d6a14
                                                            0x00000000
                                                            0x011d6a14
                                                            0x011d69f1
                                                            0x011d69f1
                                                            0x00000000
                                                            0x011d69f1
                                                            0x011d69d1
                                                            0x011d69d1
                                                            0x011d69d4
                                                            0x011d69d4
                                                            0x011d69d7
                                                            0x00000000
                                                            0x011d69d7
                                                            0x011d69ac
                                                            0x011d69ac
                                                            0x011d69af
                                                            0x011d69b0
                                                            0x011d69b0
                                                            0x011d6b2d
                                                            0x011d6b2d
                                                            0x011d6b31
                                                            0x011d6b37
                                                            0x011d6b3b
                                                            0x011d6b40
                                                            0x011d6b46
                                                            0x011d6b46
                                                            0x011d6b4a
                                                            0x011d6b4f
                                                            0x011d6b54
                                                            0x011d6b57
                                                            0x011d6b57
                                                            0x011d6b6b
                                                            0x011d6b6f
                                                            0x00000000
                                                            0x011d6b71
                                                            0x011d6b71
                                                            0x00000000
                                                            0x011d6b71
                                                            0x011d6b6f
                                                            0x011d6b31
                                                            0x00000000
                                                            0x011d69aa
                                                            0x011d6995
                                                            0x011d6980
                                                            0x011d6966
                                                            0x011d6952
                                                            0x011d6935
                                                            0x011d6be7
                                                            0x011d6be7
                                                            0x011d6beb
                                                            0x011d6bf0
                                                            0x011d6bf0
                                                            0x011d6bf6
                                                            0x011d6bf9
                                                            0x011d6bfb
                                                            0x011d6c00
                                                            0x011d6c00
                                                            0x011d6c03
                                                            0x011d6c06
                                                            0x011d6c08
                                                            0x011d6c0d
                                                            0x011d6c0d
                                                            0x011d6c16

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,011F6470,000000FF,?,?,?), ref: 011D69A5
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 011D69CA
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 011D69EA
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 011D6A06
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 011D6A2E
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 011D6A4A
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 011D6A83
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 011D6ABC
                                                              • Part of subcall function 011D6527: SysFreeString.OLEAUT32(00000000), ref: 011D6660
                                                              • Part of subcall function 011D6527: SysFreeString.OLEAUT32(00000000), ref: 011D669F
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D6B40
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D6BF0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$Compare$Free
                                                            • String ID: ($author$c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp$cabinet.dll$category$clbcatq.dll$content$feclient.dll$link$msi.dll$published$summary$title$updated$version.dll
                                                            • API String ID: 318886736-3425300192
                                                            • Opcode ID: b85157ddd157e19dccb4b42af56f575b8d58829fbaa0b72d53529ad95fa5bede
                                                            • Instruction ID: 55197191ea236f722e50a57f52111a06d0b549503e1ccac72bc594de300796dd
                                                            • Opcode Fuzzy Hash: b85157ddd157e19dccb4b42af56f575b8d58829fbaa0b72d53529ad95fa5bede
                                                            • Instruction Fuzzy Hash: 19A1A271A04216BBDB299B98CC41FADBB74EF04734F214369F621AB1D1D770EA50CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A545D Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 228filepipesleepCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 83%
                                                            			E011A545D(long _a4) {
				long _v8;
				signed int _v12;
				void _v16;
				signed int _v20;
				void* _v24;
				void _v28;
				void _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				WCHAR* _t40;
				long _t43;
				signed int _t44;
				void* _t77;
				long _t78;
				signed short _t82;
				void* _t90;
				signed short _t101;

				_t78 = _a4;
				_t82 = 0;
				_v40 =  *((intOrPtr*)(_t78 + 0x10));
				_v36 =  *((intOrPtr*)(_t78 + 0x14));
				_t40 =  *(_t78 + 4);
				_v24 = _t40;
				_v16 = lstrlenW(_t40) + _t41;
				_t43 = GetCurrentProcessId();
				_v32 = _v32 & 0;
				_a4 = _a4 & 0;
				_v28 = _t43;
				_t44 = 0;
				_v20 = 0;
				while(1) {
					L1:
					_t77 =  *(_t90 + _t44 * 4 - 0x24);
					if(_t77 == 0xffffffff) {
						break;
					}
					_v8 = 1;
					if(SetNamedPipeHandleState(_t77,  &_v8, 0, 0) == 0) {
						_t82 = GetLastError();
						__eflags = _t82;
						if(__eflags > 0) {
							_t82 = _t82 & 0x0000ffff | 0x80070000;
							__eflags = _t82;
						}
						if(__eflags >= 0) {
							_t82 = 0x80004005;
						}
						E011938BA(_t48, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x1ce, _t82);
						_push("Failed to set pipe to non-blocking.");
						goto L54;
					} else {
						_v12 = _v12 & 0x00000000;
						do {
							if(ConnectNamedPipe(_t77, 0) != 0) {
								goto L9;
							} else {
								_t82 = GetLastError();
								if(_t82 == 0x217) {
									_t82 = 0;
									goto L12;
								} else {
									if(_t82 != 0x218) {
										__eflags = _t82;
										if(_t82 <= 0) {
											L11:
											if(_t101 < 0) {
												goto L23;
											} else {
												L12:
												_v8 = _v8 & 0x00000000;
												if(SetNamedPipeHandleState(_t77,  &_v8, 0, 0) == 0) {
													_t82 = GetLastError();
													__eflags = _t82;
													if(__eflags > 0) {
														_t82 = _t82 & 0x0000ffff | 0x80070000;
														__eflags = _t82;
													}
													if(__eflags >= 0) {
														_t82 = 0x80004005;
													}
													E011938BA(_t55, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x1f9, _t82);
													_push("Failed to reset pipe to blocking.");
													goto L54;
												} else {
													if(WriteFile(_t77,  &_v16, 4,  &_a4, 0) == 0) {
														_t82 = GetLastError();
														__eflags = _t82;
														if(__eflags > 0) {
															_t82 = _t82 & 0x0000ffff | 0x80070000;
															__eflags = _t82;
														}
														if(__eflags >= 0) {
															_t82 = 0x80004005;
														}
														E011938BA(_t60, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x1ff, _t82);
														_push("Failed to write secret length to pipe.");
														goto L54;
													} else {
														if(WriteFile(_t77, _v24, _v16,  &_a4, 0) == 0) {
															_t82 = GetLastError();
															__eflags = _t82;
															if(__eflags > 0) {
																_t82 = _t82 & 0x0000ffff | 0x80070000;
																__eflags = _t82;
															}
															if(__eflags >= 0) {
																_t82 = 0x80004005;
															}
															E011938BA(_t64, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x204, _t82);
															_push("Failed to write secret to pipe.");
															goto L54;
														} else {
															if(WriteFile(_t77,  &_v28, 4,  &_a4, 0) == 0) {
																_t82 = GetLastError();
																__eflags = _t82;
																if(__eflags > 0) {
																	_t82 = _t82 & 0x0000ffff | 0x80070000;
																	__eflags = _t82;
																}
																if(__eflags >= 0) {
																	_t82 = 0x80004005;
																}
																E011938BA(_t69, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x209, _t82);
																_push("Failed to write our process id to pipe.");
																goto L54;
															} else {
																if(ReadFile(_t77,  &_v32, 4,  &_a4, 0) == 0) {
																	_t82 = GetLastError();
																	__eflags = _t82;
																	if(__eflags > 0) {
																		_t82 = _t82 & 0x0000ffff | 0x80070000;
																		__eflags = _t82;
																	}
																	if(__eflags >= 0) {
																		_t82 = 0x80004005;
																	}
																	E011938BA(_t74, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x20f, _t82);
																	_push("Failed to read ACK from pipe.");
																	goto L54;
																} else {
																	_t44 = _v20 + 1;
																	_v20 = _t44;
																	if(_t44 < 2) {
																		goto L1;
																	} else {
																	}
																}
															}
														}
													}
												}
											}
											goto L55;
										} else {
											_t82 = _t82 & 0x0000ffff | 0x80070000;
											break;
										}
										L56:
									} else {
										_t51 = _v12;
										if(_t51 >= 0x708) {
											_t82 = 0x800705b4;
											L23:
											E011938BA(_t51, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x1f3, _t82);
											_push("Failed to wait for child to connect to pipe.");
											L54:
											_push(_t82);
											E011CFB09();
										} else {
											_t51 = _t51 + 1;
											_t82 = 0x80070218;
											_v12 = _t51;
											Sleep(0x64);
											goto L9;
										}
									}
								}
							}
							goto L55;
							L9:
						} while (_t82 == 0x80070218);
						_t101 = _t82;
						goto L11;
					}
					break;
				}
				L55:
				return _t82;
				goto L56;
			}




















                                                            0x011a5463
                                                            0x011a546c
                                                            0x011a546e
                                                            0x011a5474
                                                            0x011a5477
                                                            0x011a547b
                                                            0x011a5486
                                                            0x011a5489
                                                            0x011a548f
                                                            0x011a5492
                                                            0x011a549b
                                                            0x011a549e
                                                            0x011a54a0
                                                            0x011a54a3
                                                            0x011a54a3
                                                            0x011a54a3
                                                            0x011a54aa
                                                            0x00000000
                                                            0x00000000
                                                            0x011a54b7
                                                            0x011a54c8
                                                            0x011a56fe
                                                            0x011a5700
                                                            0x011a5702
                                                            0x011a5707
                                                            0x011a570d
                                                            0x011a570d
                                                            0x011a570f
                                                            0x011a5711
                                                            0x011a5711
                                                            0x011a5721
                                                            0x011a5726
                                                            0x00000000
                                                            0x011a54ce
                                                            0x011a54ce
                                                            0x011a54d2
                                                            0x011a54dd
                                                            0x00000000
                                                            0x011a54df
                                                            0x011a54e1
                                                            0x011a54e9
                                                            0x011a55d8
                                                            0x00000000
                                                            0x011a54ef
                                                            0x011a54f5
                                                            0x011a55c2
                                                            0x011a55c4
                                                            0x011a5524
                                                            0x011a5524
                                                            0x00000000
                                                            0x011a552a
                                                            0x011a552a
                                                            0x011a552a
                                                            0x011a553f
                                                            0x011a56cd
                                                            0x011a56cf
                                                            0x011a56d1
                                                            0x011a56d6
                                                            0x011a56dc
                                                            0x011a56dc
                                                            0x011a56de
                                                            0x011a56e0
                                                            0x011a56e0
                                                            0x011a56f0
                                                            0x011a56f5
                                                            0x00000000
                                                            0x011a5545
                                                            0x011a555a
                                                            0x011a569c
                                                            0x011a569e
                                                            0x011a56a0
                                                            0x011a56a5
                                                            0x011a56ab
                                                            0x011a56ab
                                                            0x011a56ad
                                                            0x011a56af
                                                            0x011a56af
                                                            0x011a56bf
                                                            0x011a56c4
                                                            0x00000000
                                                            0x011a5560
                                                            0x011a5575
                                                            0x011a5668
                                                            0x011a566a
                                                            0x011a566c
                                                            0x011a5671
                                                            0x011a5677
                                                            0x011a5677
                                                            0x011a5679
                                                            0x011a567b
                                                            0x011a567b
                                                            0x011a568b
                                                            0x011a5690
                                                            0x00000000
                                                            0x011a557b
                                                            0x011a5590
                                                            0x011a5634
                                                            0x011a5636
                                                            0x011a5638
                                                            0x011a563d
                                                            0x011a5643
                                                            0x011a5643
                                                            0x011a5645
                                                            0x011a5647
                                                            0x011a5647
                                                            0x011a5657
                                                            0x011a565c
                                                            0x00000000
                                                            0x011a5596
                                                            0x011a55ab
                                                            0x011a5600
                                                            0x011a5602
                                                            0x011a5604
                                                            0x011a5609
                                                            0x011a560f
                                                            0x011a560f
                                                            0x011a5611
                                                            0x011a5613
                                                            0x011a5613
                                                            0x011a5623
                                                            0x011a5628
                                                            0x00000000
                                                            0x011a55ad
                                                            0x011a55b0
                                                            0x011a55b1
                                                            0x011a55b7
                                                            0x00000000
                                                            0x00000000
                                                            0x011a55bd
                                                            0x011a55b7
                                                            0x011a55ab
                                                            0x011a5590
                                                            0x011a5575
                                                            0x011a555a
                                                            0x011a553f
                                                            0x00000000
                                                            0x011a55ca
                                                            0x011a55cd
                                                            0x00000000
                                                            0x011a55cd
                                                            0x00000000
                                                            0x011a54fb
                                                            0x011a54fb
                                                            0x011a5503
                                                            0x011a55df
                                                            0x011a55e4
                                                            0x011a55ef
                                                            0x011a55f4
                                                            0x011a572b
                                                            0x011a572b
                                                            0x011a572c
                                                            0x011a5509
                                                            0x011a5509
                                                            0x011a550a
                                                            0x011a5511
                                                            0x011a5514
                                                            0x00000000
                                                            0x011a5514
                                                            0x011a5503
                                                            0x011a54f5
                                                            0x011a54e9
                                                            0x00000000
                                                            0x011a551a
                                                            0x011a551a
                                                            0x011a5522
                                                            0x00000000
                                                            0x011a5522
                                                            0x00000000
                                                            0x011a54c8
                                                            0x011a5734
                                                            0x011a5739
                                                            0x00000000

                                                            APIs
                                                            • lstrlenW.KERNEL32(?,?,00000000,?,011DA500,?,00000000,?,0119457C,?,011DA500), ref: 011A547E
                                                            • GetCurrentProcessId.KERNEL32(?,0119457C,?,011DA500), ref: 011A5489
                                                            • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0119457C,?,011DA500), ref: 011A54C0
                                                            • ConnectNamedPipe.KERNEL32(?,00000000,?,0119457C,?,011DA500), ref: 011A54D5
                                                            • GetLastError.KERNEL32(?,0119457C,?,011DA500), ref: 011A54DF
                                                            • Sleep.KERNEL32(00000064,?,0119457C,?,011DA500), ref: 011A5514
                                                            • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0119457C,?,011DA500), ref: 011A5537
                                                            • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0119457C,?,011DA500), ref: 011A5552
                                                            • WriteFile.KERNEL32(?,0119457C,011DA500,00000000,00000000,?,0119457C,?,011DA500), ref: 011A556D
                                                            • WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,0119457C,?,011DA500), ref: 011A5588
                                                            • ReadFile.KERNEL32(?,00000000,00000004,00000000,00000000,?,0119457C,?,011DA500), ref: 011A55A3
                                                            • GetLastError.KERNEL32(?,0119457C,?,011DA500), ref: 011A55FE
                                                            • GetLastError.KERNEL32(?,0119457C,?,011DA500), ref: 011A5632
                                                            • GetLastError.KERNEL32(?,0119457C,?,011DA500), ref: 011A5666
                                                            • GetLastError.KERNEL32(?,0119457C,?,011DA500), ref: 011A569A
                                                            • GetLastError.KERNEL32(?,0119457C,?,011DA500), ref: 011A56CB
                                                            • GetLastError.KERNEL32(?,0119457C,?,011DA500), ref: 011A56FC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                            • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$c:\agent\_work\66\s\src\burn\engine\pipe.cpp$crypt32.dll
                                                            • API String ID: 2944378912-152052350
                                                            • Opcode ID: 3c901b4b3515c9cc3abb11b018ccdf3a4173d6e9434bd09e782e95f76c23b131
                                                            • Instruction ID: 657fd4811df855e65071c8f5350c8b326a1892197eb766378a852325c5c314f9
                                                            • Opcode Fuzzy Hash: 3c901b4b3515c9cc3abb11b018ccdf3a4173d6e9434bd09e782e95f76c23b131
                                                            • Instruction Fuzzy Hash: 8861197BD55625ABD768DAE99C08FAEBDA97F00750F520125AE14FB240D774CC0087E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011957A7 Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 477stringCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 64%
                                                            			E011957A7(struct _CRITICAL_SECTION* _a4, signed int _a8, signed short _a12, signed short _a16, signed short _a20) {
				signed short _v8;
				char _v12;
				char _v16;
				signed short _v20;
				signed short _v24;
				signed int _v28;
				signed short _v32;
				signed short _v36;
				signed short _v40;
				signed short _t138;
				signed short _t143;
				signed short _t144;
				signed short _t155;
				signed int _t157;
				signed int _t163;
				intOrPtr* _t168;
				signed short _t169;
				signed int _t176;
				signed short _t177;
				signed int _t188;
				signed short _t196;
				signed int _t212;
				signed short _t213;
				void* _t218;
				signed short _t223;
				signed short _t224;
				WCHAR* _t232;
				signed int _t233;
				signed short _t234;
				signed int _t235;
				signed short _t236;
				signed int _t238;
				signed short _t239;
				void* _t240;
				signed int _t243;
				signed int _t244;
				signed short _t245;
				void* _t250;

				_t212 = 0;
				_v16 = 0;
				_v12 = 0;
				_v24 = 0;
				_v8 = 0;
				_v20 = 0;
				_v36 = 0;
				_v32 = 0;
				EnterCriticalSection(_a4);
				_t232 = _a8;
				_t243 = E01191FE0( &_v16, lstrlenW(_t232) + 1);
				_a8 = _t243;
				if(_t243 >= 0) {
					while(1) {
						_push(0x5b);
						_t213 = E011BF75A(_t216);
						_t218 = _t232;
						__eflags = _t213;
						if(_t213 == 0) {
							break;
						}
						_t12 = _t213 + 2; // 0x2
						_push(0x5d);
						_t138 = E011BF75A(_t218);
						_v40 = _t138;
						__eflags = _t138;
						if(_t138 == 0) {
							break;
						}
						_t216 = (_t138 - _t213 >> 1) - 1;
						__eflags = _t216;
						_v20 = _t216;
						if(_t216 != 0) {
							__eflags = _t213 - _t232;
							if(_t213 <= _t232) {
								L12:
								_t26 = _t213 + 2; // 0x2
								__eflags = _a20;
								_v28 = 0 | _a20 == 0x00000000;
								_t244 = E01198399(_a20 == 0,  &_v12, _t26, _t216);
								_a8 = _t244;
								__eflags = _t244;
								if(_t244 < 0) {
									_push("Failed to get variable name.");
									L7:
									_push(_t244);
									L8:
									E011CFB09();
									L83:
									_t212 = _v8;
									goto L84;
								}
								_t176 = _v8;
								_push(1);
								_t216 = 4 + _t176 * 4;
								_t177 = _v24;
								_push(4 + _t176 * 4);
								__eflags = _t177;
								if(_t177 == 0) {
									_t239 = E011939DF();
									_v24 = _t239;
									__eflags = _t239;
									if(_t239 == 0) {
										_t238 = 0x8007000e;
										_t244 = 0x8007000e;
										_a8 = 0x8007000e;
										E011938BA(_t178, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4bc, 0x8007000e);
										_push("Failed to allocate variable array.");
										L37:
										_push(_t238);
										goto L8;
									}
									L17:
									__eflags = _v20 - 2;
									if(_v20 < 2) {
										L20:
										__eflags = _a20;
										if(_a20 == 0) {
											L22:
											__eflags = _v36;
											_t212 = _v8;
											_t240 = _t239 + _t212 * 4;
											if(_v36 == 0) {
												_t244 = E01197337(_t216, _a4, _v12, _t240);
												_a8 = _t244;
												__eflags = _t244 - 0x80070490;
												if(_t244 != 0x80070490) {
													L27:
													_t241 = _v28;
													L28:
													__eflags = _t244;
													if(_t244 < 0) {
														_push("Failed to set variable value.");
														goto L2;
													}
													_t212 = _t212 + 1;
													_v8 = _t212;
													_t244 = E01198378(_t241,  &_v12, L"[%d]", _t212);
													_t250 = _t250 + 0x10;
													_a8 = _t244;
													__eflags = _t244;
													if(_t244 < 0) {
														_push("Failed to format placeholder string.");
														goto L2;
													}
													_t244 = E01198356(_t241,  &_v16, _v12, 0);
													_a8 = _t244;
													__eflags = _t244;
													if(_t244 < 0) {
														_push("Failed to append placeholder.");
														goto L2;
													}
													L31:
													_t232 = _v40 + 2;
													__eflags = _t232;
													continue;
												}
												__eflags = 0;
												_t188 = E011923F3(_t240, 0x11da534, 0);
												L26:
												_t244 = _t188;
												_a8 = _t244;
												goto L27;
											}
											_t188 = E0119229E(_t240, L"*****", 0);
											goto L26;
										}
										_t244 = E01197F3B(_t216, _a4, _v12,  &_v36);
										_a8 = _t244;
										__eflags = _t244;
										if(_t244 < 0) {
											E011CFB09(_t244, "Failed to determine variable visibility: \'%ls\'.", _v12);
											goto L83;
										}
										goto L22;
									}
									_t216 = 0x5c;
									__eflags = _t216 -  *((intOrPtr*)(_t213 + 2));
									if(_t216 !=  *((intOrPtr*)(_t213 + 2))) {
										goto L20;
									}
									_t41 = _t213 + 4; // 0x4
									_t212 = _v8;
									_t241 = _v28;
									_t244 = E01198399(_v28, _t239 + _t212 * 4, _t41, 1);
									_a8 = _t244;
									goto L28;
								}
								_push(_t177);
								_t196 = E01193B7C();
								__eflags = _t196;
								if(_t196 == 0) {
									_t238 = 0x8007000e;
									_t244 = 0x8007000e;
									_a8 = 0x8007000e;
									E011938BA(_t196, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4b6, 0x8007000e);
									_push("Failed to reallocate variable array.");
									goto L37;
								}
								_t239 = _t196;
								_v24 = _t239;
								goto L17;
							}
							__eflags = _a20;
							_t244 = E01198356(0 | _a20 == 0x00000000,  &_v16, _t232, _t213 - _t232 >> 1);
							_a8 = _t244;
							__eflags = _t244;
							if(_t244 < 0) {
								L6:
								_push("Failed to append string.");
								goto L7;
							} else {
								_t216 = _v20;
								goto L12;
							}
						}
						__eflags = _a20;
						_t244 = E01198356(0 | _a20 == 0x00000000,  &_v16, _t232, (_t138 - _t232 >> 1) + 1);
						_a8 = _t244;
						__eflags = _t244;
						if(_t244 >= 0) {
							goto L31;
						}
						goto L6;
					}
					__eflags = _a20;
					_t215 = 0 | _a20 == 0x00000000;
					_t244 = E01198356(_a20 == 0,  &_v16, _t232, 0);
					_a8 = _t244;
					__eflags = _t244;
					if(_t244 < 0) {
						goto L6;
					}
					_t155 = _v8;
					_push(_t155);
					L011CEDC0();
					_t234 = _t155;
					_v32 = _t234;
					__eflags = _t234;
					if(_t234 != 0) {
						_push(_v16);
						_push(0);
						_push(_t234);
						L011CEDD0();
						__eflags = 0;
						if(0 == 0) {
							_t223 = 0;
							_t235 = 0;
							__eflags = _v8;
							if(_v8 <= 0) {
								L56:
								_t236 = _v32;
								_t157 =  &_v20;
								_push(_t157);
								_push(0x11da534);
								_push(_t236);
								_push(_t223);
								_v20 = _t223;
								L011CEDE0();
								__eflags = _t157 - 0xea;
								if(_t157 == 0xea) {
									L70:
									__eflags = _a12;
									if(_a12 == 0) {
										L81:
										_t224 = _a16;
										__eflags = _t224;
										if(_t224 != 0) {
											 *_t224 = _v20;
										}
										goto L83;
									}
									_v20 = _v20 + 1;
									_t244 = E01198337(_t215,  &_v12, _v20 + 1);
									_a8 = _t244;
									__eflags = _t244;
									if(_t244 >= 0) {
										_t163 =  &_v20;
										_push(_t163);
										_push(_v12);
										_push(_t236);
										_push(0);
										L011CEDE0();
										_t244 = _t163;
										_a8 = _t244;
										__eflags = _t244;
										if(__eflags == 0) {
											_t244 = E01198399(_t215, _a12, _v12, 0);
											_a8 = _t244;
											__eflags = _t244;
											if(_t244 >= 0) {
												goto L81;
											}
											_push("Failed to copy string.");
											goto L7;
										}
										if(__eflags > 0) {
											_t244 = _t244 & 0x0000ffff | 0x80070000;
											_a8 = _t244;
											__eflags = _t244;
										}
										if(__eflags >= 0) {
											_t244 = 0x80004005;
											_a8 = 0x80004005;
										}
										E011938BA(_t163, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x50e, _t244);
										_push("Failed to format record.");
										goto L7;
									}
									_push("Failed to allocate string.");
									goto L7;
								}
								__eflags = _t157;
								if(__eflags == 0) {
									goto L70;
								}
								if(__eflags > 0) {
									_t244 = _t157 & 0x0000ffff | 0x80070000;
									__eflags = _t244;
								} else {
									_t244 = _t157;
								}
								_a8 = _t244;
								__eflags = _t244;
								if(_t244 >= 0) {
									_t244 = 0x80004005;
									_a8 = 0x80004005;
								}
								E011938BA(_t157, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x504, _t244);
								_push("Failed to get formatted length.");
								goto L7;
							} else {
								goto L52;
							}
							do {
								L52:
								_t168 =  *((intOrPtr*)(_v24 + _t235 * 4));
								__eflags =  *_t168 - _t223;
								if( *_t168 == _t223) {
									goto L55;
								}
								_push(_t168);
								_t86 = _t235 + 1; // 0x1
								_t169 = _t86;
								_push(_t169);
								_push(_v32);
								L011CEDD0();
								__eflags = _t169;
								if(__eflags != 0) {
									if(__eflags > 0) {
										_t244 = _t169 & 0x0000ffff | 0x80070000;
										__eflags = _t244;
									} else {
										_t244 = _t169;
									}
									_a8 = _t244;
									__eflags = _t244;
									if(_t244 >= 0) {
										_t244 = 0x80004005;
										_a8 = 0x80004005;
									}
									E011938BA(_t169, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4f8, _t244);
									_push("Failed to set record string.");
									goto L7;
								}
								_t223 = 0;
								__eflags = 0;
								L55:
								_t235 = _t235 + 1;
								__eflags = _t235 - _v8;
							} while (_t235 < _v8);
							goto L56;
						}
						if(0 > 0) {
							_t244 = 0xffffffff80070000;
							__eflags = 0x80070000;
						} else {
							_t244 = 0;
						}
						_a8 = _t244;
						__eflags = _t244;
						if(_t244 >= 0) {
							_t244 = 0x80004005;
							_a8 = 0x80004005;
						}
						E011938BA(0, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4f0, _t244);
						_push("Failed to set record format string.");
						goto L7;
					}
					_t238 = 0x8007000e;
					_t244 = 0x8007000e;
					_a8 = 0x8007000e;
					E011938BA(_t155, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4ec, 0x8007000e);
					_push("Failed to allocate record.");
					goto L37;
				} else {
					_push("Failed to allocate buffer for format string.");
					L2:
					_push(_t244);
					E011CFB09();
					L84:
					LeaveCriticalSection(_a4);
					_t143 = _v24;
					if(_t143 == 0) {
						L94:
						_t144 = _v32;
						if(_t144 != 0) {
							_push(_t144);
							L011CED9F();
						}
						if(_a20 == 0) {
							__eflags = 0;
							E0119287D(0);
							E0119287D(_v16);
							E0119287D(_v12);
						} else {
							if(_v16 != 0) {
								E01192762(_v16);
							}
							if(_v12 != 0) {
								E01192762(_v12);
							}
						}
						return _t244;
					}
					_t233 = 0;
					if(_t212 == 0) {
						L93:
						E01193AA4(_t143);
						goto L94;
					}
					_t245 = _t143;
					do {
						if(_a20 == 0) {
							E0119287D( *((intOrPtr*)(_t245 + _t233 * 4)));
						} else {
							if( *((intOrPtr*)(_t245 + _t233 * 4)) != 0) {
								E01192762( *((intOrPtr*)(_t245 + _t233 * 4)));
							}
						}
						_t233 = _t233 + 1;
					} while (_t233 < _t212);
					_t244 = _a8;
					_t143 = _v24;
					goto L93;
				}
			}









































                                                            0x011957b5
                                                            0x011957b7
                                                            0x011957ba
                                                            0x011957bd
                                                            0x011957c0
                                                            0x011957c3
                                                            0x011957c6
                                                            0x011957c9
                                                            0x011957cc
                                                            0x011957d2
                                                            0x011957e7
                                                            0x011957e9
                                                            0x011957ee
                                                            0x011959d8
                                                            0x011959d8
                                                            0x011959e0
                                                            0x011959e3
                                                            0x011959e4
                                                            0x011959e6
                                                            0x00000000
                                                            0x00000000
                                                            0x01195806
                                                            0x01195809
                                                            0x0119580c
                                                            0x01195811
                                                            0x01195816
                                                            0x01195818
                                                            0x00000000
                                                            0x00000000
                                                            0x01195824
                                                            0x01195824
                                                            0x01195827
                                                            0x0119582a
                                                            0x01195864
                                                            0x01195866
                                                            0x0119588e
                                                            0x01195891
                                                            0x01195894
                                                            0x011958a0
                                                            0x011958a8
                                                            0x011958aa
                                                            0x011958ad
                                                            0x011958af
                                                            0x01195ac0
                                                            0x01195857
                                                            0x01195857
                                                            0x01195858
                                                            0x01195858
                                                            0x01195c78
                                                            0x01195c78
                                                            0x00000000
                                                            0x01195c78
                                                            0x011958b5
                                                            0x011958b8
                                                            0x011958ba
                                                            0x011958c1
                                                            0x011958c4
                                                            0x011958c5
                                                            0x011958c7
                                                            0x011958e3
                                                            0x011958e5
                                                            0x011958e8
                                                            0x011958ea
                                                            0x01195a9f
                                                            0x01195aaa
                                                            0x01195ab1
                                                            0x01195ab4
                                                            0x01195ab9
                                                            0x01195a65
                                                            0x01195a65
                                                            0x00000000
                                                            0x01195a65
                                                            0x011958f0
                                                            0x011958f0
                                                            0x011958f4
                                                            0x0119591c
                                                            0x0119591c
                                                            0x01195920
                                                            0x0119593e
                                                            0x0119593e
                                                            0x01195942
                                                            0x01195945
                                                            0x01195948
                                                            0x01195966
                                                            0x01195968
                                                            0x0119596b
                                                            0x01195971
                                                            0x01195986
                                                            0x01195986
                                                            0x01195989
                                                            0x01195989
                                                            0x0119598b
                                                            0x01195a95
                                                            0x00000000
                                                            0x01195a95
                                                            0x01195991
                                                            0x0119599d
                                                            0x011959a5
                                                            0x011959a7
                                                            0x011959aa
                                                            0x011959ad
                                                            0x011959af
                                                            0x01195a8b
                                                            0x00000000
                                                            0x01195a8b
                                                            0x011959c5
                                                            0x011959c7
                                                            0x011959ca
                                                            0x011959cc
                                                            0x01195a81
                                                            0x00000000
                                                            0x01195a81
                                                            0x011959d2
                                                            0x011959d5
                                                            0x011959d5
                                                            0x00000000
                                                            0x011959d5
                                                            0x01195973
                                                            0x0119597c
                                                            0x01195981
                                                            0x01195981
                                                            0x01195983
                                                            0x00000000
                                                            0x01195983
                                                            0x01195953
                                                            0x00000000
                                                            0x01195953
                                                            0x01195931
                                                            0x01195933
                                                            0x01195936
                                                            0x01195938
                                                            0x01195a74
                                                            0x00000000
                                                            0x01195a79
                                                            0x00000000
                                                            0x01195938
                                                            0x011958f8
                                                            0x011958f9
                                                            0x011958fd
                                                            0x00000000
                                                            0x00000000
                                                            0x011958ff
                                                            0x01195902
                                                            0x0119590b
                                                            0x01195915
                                                            0x01195917
                                                            0x00000000
                                                            0x01195917
                                                            0x011958c9
                                                            0x011958ca
                                                            0x011958cf
                                                            0x011958d1
                                                            0x01195a46
                                                            0x01195a51
                                                            0x01195a58
                                                            0x01195a5b
                                                            0x01195a60
                                                            0x00000000
                                                            0x01195a60
                                                            0x011958d7
                                                            0x011958d9
                                                            0x00000000
                                                            0x011958d9
                                                            0x01195876
                                                            0x01195882
                                                            0x01195884
                                                            0x01195887
                                                            0x01195889
                                                            0x01195852
                                                            0x01195852
                                                            0x00000000
                                                            0x0119588b
                                                            0x0119588b
                                                            0x00000000
                                                            0x0119588b
                                                            0x01195889
                                                            0x01195839
                                                            0x01195845
                                                            0x01195847
                                                            0x0119584a
                                                            0x0119584c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119584c
                                                            0x011959ee
                                                            0x011959f1
                                                            0x01195a02
                                                            0x01195a04
                                                            0x01195a07
                                                            0x01195a09
                                                            0x00000000
                                                            0x00000000
                                                            0x01195a0f
                                                            0x01195a12
                                                            0x01195a13
                                                            0x01195a18
                                                            0x01195a1a
                                                            0x01195a1d
                                                            0x01195a1f
                                                            0x01195aca
                                                            0x01195acf
                                                            0x01195ad0
                                                            0x01195ad1
                                                            0x01195ad6
                                                            0x01195ad8
                                                            0x01195b12
                                                            0x01195b14
                                                            0x01195b16
                                                            0x01195b19
                                                            0x01195b3f
                                                            0x01195b3f
                                                            0x01195b42
                                                            0x01195b45
                                                            0x01195b46
                                                            0x01195b4b
                                                            0x01195b4c
                                                            0x01195b4d
                                                            0x01195b50
                                                            0x01195b55
                                                            0x01195b5a
                                                            0x01195bd0
                                                            0x01195bd0
                                                            0x01195bd4
                                                            0x01195c6c
                                                            0x01195c6c
                                                            0x01195c6f
                                                            0x01195c71
                                                            0x01195c76
                                                            0x01195c76
                                                            0x00000000
                                                            0x01195c71
                                                            0x01195bdf
                                                            0x01195bec
                                                            0x01195bee
                                                            0x01195bf1
                                                            0x01195bf3
                                                            0x01195bff
                                                            0x01195c02
                                                            0x01195c03
                                                            0x01195c06
                                                            0x01195c09
                                                            0x01195c0a
                                                            0x01195c0f
                                                            0x01195c11
                                                            0x01195c14
                                                            0x01195c16
                                                            0x01195c59
                                                            0x01195c5b
                                                            0x01195c5e
                                                            0x01195c60
                                                            0x00000000
                                                            0x00000000
                                                            0x01195c62
                                                            0x00000000
                                                            0x01195c62
                                                            0x01195c18
                                                            0x01195c1d
                                                            0x01195c23
                                                            0x01195c26
                                                            0x01195c26
                                                            0x01195c28
                                                            0x01195c2a
                                                            0x01195c2f
                                                            0x01195c2f
                                                            0x01195c3d
                                                            0x01195c42
                                                            0x00000000
                                                            0x01195c42
                                                            0x01195bf5
                                                            0x00000000
                                                            0x01195bf5
                                                            0x01195b5c
                                                            0x01195b5e
                                                            0x00000000
                                                            0x00000000
                                                            0x01195b60
                                                            0x01195ba1
                                                            0x01195ba1
                                                            0x01195b62
                                                            0x01195b62
                                                            0x01195b62
                                                            0x01195ba7
                                                            0x01195baa
                                                            0x01195bac
                                                            0x01195bae
                                                            0x01195bb3
                                                            0x01195bb3
                                                            0x01195bc1
                                                            0x01195bc6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01195b1b
                                                            0x01195b1b
                                                            0x01195b1e
                                                            0x01195b21
                                                            0x01195b24
                                                            0x00000000
                                                            0x00000000
                                                            0x01195b26
                                                            0x01195b27
                                                            0x01195b27
                                                            0x01195b2a
                                                            0x01195b2b
                                                            0x01195b2e
                                                            0x01195b33
                                                            0x01195b35
                                                            0x01195b66
                                                            0x01195b6f
                                                            0x01195b6f
                                                            0x01195b68
                                                            0x01195b68
                                                            0x01195b68
                                                            0x01195b75
                                                            0x01195b78
                                                            0x01195b7a
                                                            0x01195b7c
                                                            0x01195b81
                                                            0x01195b81
                                                            0x01195b8f
                                                            0x01195b94
                                                            0x00000000
                                                            0x01195b94
                                                            0x01195b37
                                                            0x01195b37
                                                            0x01195b39
                                                            0x01195b39
                                                            0x01195b3a
                                                            0x01195b3a
                                                            0x00000000
                                                            0x01195b1b
                                                            0x01195ada
                                                            0x01195ae3
                                                            0x01195ae3
                                                            0x01195adc
                                                            0x01195adc
                                                            0x01195adc
                                                            0x01195ae9
                                                            0x01195aec
                                                            0x01195aee
                                                            0x01195af0
                                                            0x01195af5
                                                            0x01195af5
                                                            0x01195b03
                                                            0x01195b08
                                                            0x00000000
                                                            0x01195b08
                                                            0x01195a25
                                                            0x01195a30
                                                            0x01195a37
                                                            0x01195a3a
                                                            0x01195a3f
                                                            0x00000000
                                                            0x011957f4
                                                            0x011957f4
                                                            0x011957f9
                                                            0x011957f9
                                                            0x011957fa
                                                            0x01195c7b
                                                            0x01195c7e
                                                            0x01195c84
                                                            0x01195c89
                                                            0x01195cc2
                                                            0x01195cc2
                                                            0x01195cc7
                                                            0x01195cc9
                                                            0x01195cca
                                                            0x01195cca
                                                            0x01195cd3
                                                            0x01195cf3
                                                            0x01195cf6
                                                            0x01195cfe
                                                            0x01195d06
                                                            0x01195cd5
                                                            0x01195cd9
                                                            0x01195cde
                                                            0x01195cde
                                                            0x01195ce7
                                                            0x01195cec
                                                            0x01195cec
                                                            0x01195ce7
                                                            0x01195d11
                                                            0x01195d11
                                                            0x01195c8b
                                                            0x01195c8f
                                                            0x01195cbc
                                                            0x01195cbd
                                                            0x00000000
                                                            0x01195cbd
                                                            0x01195c91
                                                            0x01195c93
                                                            0x01195c97
                                                            0x01195cac
                                                            0x01195c99
                                                            0x01195c9d
                                                            0x01195ca2
                                                            0x01195ca2
                                                            0x01195c9d
                                                            0x01195cb1
                                                            0x01195cb2
                                                            0x01195cb6
                                                            0x01195cb9
                                                            0x00000000
                                                            0x01195cb9

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(00000100,00000100,00000100,00000000,00000100,00000000,?,0119A889,00000100,000002C0,000002C0,00000100), ref: 011957CC
                                                            • lstrlenW.KERNEL32(000002C0,?,0119A889,00000100,000002C0,000002C0,00000100), ref: 011957D6
                                                            • _wcschr.LIBVCRUNTIME ref: 011959DB
                                                            • LeaveCriticalSection.KERNEL32(00000100,00000000,000002C0,000002C0,00000000,000002C0,00000001,?,0119A889,00000100,000002C0,000002C0,00000100), ref: 01195C7E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                            • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$c:\agent\_work\66\s\src\burn\engine\variable.cpp
                                                            • API String ID: 1026845265-1173883696
                                                            • Opcode ID: 215aa7da3ff993b96280634ada817da3eeaa57311a6d257493cb627c69c630ef
                                                            • Instruction ID: 410e2e1b154b9302485c4cdf38bc921658fec48dc3d7b4bd1db9c42ab17856e6
                                                            • Opcode Fuzzy Hash: 215aa7da3ff993b96280634ada817da3eeaa57311a6d257493cb627c69c630ef
                                                            • Instruction Fuzzy Hash: C1F1C671D01216BBDF5E9F658840EAF7BBAAB10A54F05812EFD25BB240D7349A01CFE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BCB5D Relevance: 42.2, APIs: 12, Strings: 12, Instructions: 239synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 62%
                                                            			E011BCB5D(void* __ebx, void* __ecx, void* __eflags, WCHAR* _a4, WCHAR* _a8, void*** _a12) {
				long _v8;
				void* __edi;
				signed short _t48;
				signed short _t50;
				signed short _t52;
				signed short _t55;
				void* _t56;
				signed short _t57;
				WCHAR* _t94;
				void** _t103;
				signed short _t108;
				void* _t116;
				void* _t117;

				_t93 = __ebx;
				_v8 = 0;
				_t103 = E011939DF(0x18, 1);
				if(_t103 != 0) {
					_push(__ebx);
					_t94 = _a8;
					_t48 = CreateEventW(0, 0, 0, _t94);
					_t103[1] = _t48;
					__eflags = _t48;
					if(_t48 != 0) {
						_t50 = E01192022( &_v8, L"%ls_send", _t94);
						_t117 = _t116 + 0xc;
						__eflags = _t50;
						if(_t50 >= 0) {
							_t52 = CreateEventW(0, 0, 0, _v8);
							_t103[2] = _t52;
							__eflags = _t52;
							if(_t52 != 0) {
								_t108 = E01192022( &_v8, L"%ls_mutex", _t94);
								_t117 = _t117 + 0xc;
								__eflags = _t108;
								if(_t108 >= 0) {
									_t55 = CreateMutexW(0, 1, _v8);
									_t103[3] = _t55;
									__eflags = _t55;
									if(_t55 != 0) {
										_t56 = CreateFileMappingW(0xffffffff, 0, 4, 0, 0x10000, _a4);
										 *_t103 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											_t57 = MapViewOfFile(_t56, 2, 0, 0, 0);
											_t103[4] = _t57;
											__eflags = _t57;
											if(_t57 != 0) {
												_t108 = E01191C3A(_t57 + 0x21a, 0x104, _t94);
												__eflags = _t108;
												if(_t108 >= 0) {
													__eflags = 0;
													 *(_t103[4]) = 0;
													 *((char*)(_t103[4] + 0x218)) = 0;
													 *((intOrPtr*)(_t103[4] + 4)) = 0x8000000a;
													 *((char*)(_t103[4] + 2)) = 0;
													 *((char*)(_t103[4] + 1)) = 0;
													 *((char*)(_t103[4] + 0x219)) = 0;
													 *((intOrPtr*)(_t103[4] + 8)) = 0x8000000a;
													 *((char*)(_t103[4] + 3)) = 0;
													 *((intOrPtr*)(_t103[4] + 0xc)) = 0;
													 *((char*)(_t103[4] + 0x422)) = 1;
													 *((intOrPtr*)(_t103[4] + 0x424)) = 0;
													 *((intOrPtr*)(_t103[4] + 0x428)) = 0;
													 *((intOrPtr*)(_t103[4] + 0x42c)) = 0;
													ReleaseMutex(_t103[3]);
													 *_a12 = _t103;
													_t103 = 0;
												} else {
													_push("failed to copy event name to shared memory structure.");
													goto L40;
												}
											} else {
												_t108 = GetLastError();
												__eflags = _t108;
												if(__eflags > 0) {
													_t108 = _t108 & 0x0000ffff | 0x80070000;
													__eflags = _t108;
												}
												if(__eflags >= 0) {
													_t108 = 0x80004005;
												}
												E011938BA(_t80, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x43, _t108);
												_push(_a4);
												_push("Failed to MapViewOfFile for %ls.");
												goto L37;
											}
										} else {
											_t108 = GetLastError();
											__eflags = _t108;
											if(__eflags > 0) {
												_t108 = _t108 & 0x0000ffff | 0x80070000;
												__eflags = _t108;
											}
											if(__eflags >= 0) {
												_t108 = 0x80004005;
											}
											E011938BA(_t83, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x3c, _t108);
											_push(_a4);
											_push("Failed to memory map cabinet file: %ls");
											goto L37;
										}
									} else {
										_t108 = GetLastError();
										__eflags = _t108;
										if(__eflags > 0) {
											_t108 = _t108 & 0x0000ffff | 0x80070000;
											__eflags = _t108;
										}
										if(__eflags >= 0) {
											_t108 = 0x80004005;
										}
										E011938BA(_t85, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x34, _t108);
										_push(_v8);
										_push("Failed to create mutex: %ls");
										goto L37;
									}
								} else {
									_push("failed to allocate memory for mutex name");
									goto L40;
								}
							} else {
								_t108 = GetLastError();
								__eflags = _t108;
								if(__eflags > 0) {
									_t108 = _t108 & 0x0000ffff | 0x80070000;
									__eflags = _t108;
								}
								if(__eflags >= 0) {
									_t108 = 0x80004005;
								}
								E011938BA(_t87, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x2d, _t108);
								_push(_v8);
								goto L16;
							}
						} else {
							_push("failed to allocate memory for event name");
							L40:
							_push(_t108);
							E011CFB09();
						}
					} else {
						_t108 = GetLastError();
						__eflags = _t108;
						if(__eflags > 0) {
							_t108 = _t108 & 0x0000ffff | 0x80070000;
							__eflags = _t108;
						}
						if(__eflags >= 0) {
							_t108 = 0x80004005;
						}
						E011938BA(_t89, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x27, _t108);
						_push(_t94);
						L16:
						_push("Failed to create event: %ls");
						L37:
						_push(_t108);
						E011CFB09();
					}
					_pop(_t93);
				} else {
					_t108 = 0x8007000e;
					E011938BA(_t47, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x24, 0x8007000e);
					_push("Failed to allocate memory for NetFxChainer struct.");
					_push(0x8007000e);
					E011CFB09();
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				if(_t103 != 0) {
					if(_t103[3] != 0) {
						ReleaseMutex(_t103[3]);
					}
					E011BCE2C(_t93, _t103, _t103);
				}
				return _t108;
			}
















                                                            0x011bcb5d
                                                            0x011bcb69
                                                            0x011bcb71
                                                            0x011bcb75
                                                            0x011bcb9b
                                                            0x011bcb9c
                                                            0x011bcba3
                                                            0x011bcba9
                                                            0x011bcbac
                                                            0x011bcbae
                                                            0x011bcbe8
                                                            0x011bcbef
                                                            0x011bcbf2
                                                            0x011bcbf4
                                                            0x011bcc08
                                                            0x011bcc0e
                                                            0x011bcc11
                                                            0x011bcc13
                                                            0x011bcc5c
                                                            0x011bcc5e
                                                            0x011bcc61
                                                            0x011bcc63
                                                            0x011bcc77
                                                            0x011bcc7d
                                                            0x011bcc80
                                                            0x011bcc82
                                                            0x011bccca
                                                            0x011bccd0
                                                            0x011bccd2
                                                            0x011bccd4
                                                            0x011bcd11
                                                            0x011bcd17
                                                            0x011bcd1a
                                                            0x011bcd1c
                                                            0x011bcd70
                                                            0x011bcd72
                                                            0x011bcd74
                                                            0x011bcd88
                                                            0x011bcd8f
                                                            0x011bcd94
                                                            0x011bcd9d
                                                            0x011bcda3
                                                            0x011bcda9
                                                            0x011bcdaf
                                                            0x011bcdb8
                                                            0x011bcdbe
                                                            0x011bcdc4
                                                            0x011bcdca
                                                            0x011bcdd4
                                                            0x011bcddd
                                                            0x011bcde6
                                                            0x011bcdef
                                                            0x011bcdf8
                                                            0x011bcdfa
                                                            0x011bcd76
                                                            0x011bcd76
                                                            0x00000000
                                                            0x011bcd76
                                                            0x011bcd1e
                                                            0x011bcd24
                                                            0x011bcd26
                                                            0x011bcd28
                                                            0x011bcd2d
                                                            0x011bcd33
                                                            0x011bcd33
                                                            0x011bcd35
                                                            0x011bcd37
                                                            0x011bcd37
                                                            0x011bcd44
                                                            0x011bcd49
                                                            0x011bcd4c
                                                            0x00000000
                                                            0x011bcd4c
                                                            0x011bccd6
                                                            0x011bccdc
                                                            0x011bccde
                                                            0x011bcce0
                                                            0x011bcce5
                                                            0x011bcceb
                                                            0x011bcceb
                                                            0x011bcced
                                                            0x011bccef
                                                            0x011bccef
                                                            0x011bccfc
                                                            0x011bcd01
                                                            0x011bcd04
                                                            0x00000000
                                                            0x011bcd04
                                                            0x011bcc84
                                                            0x011bcc8a
                                                            0x011bcc8c
                                                            0x011bcc8e
                                                            0x011bcc93
                                                            0x011bcc99
                                                            0x011bcc99
                                                            0x011bcc9b
                                                            0x011bcc9d
                                                            0x011bcc9d
                                                            0x011bccaa
                                                            0x011bccaf
                                                            0x011bccb2
                                                            0x00000000
                                                            0x011bccb2
                                                            0x011bcc65
                                                            0x011bcc65
                                                            0x00000000
                                                            0x011bcc65
                                                            0x011bcc15
                                                            0x011bcc1b
                                                            0x011bcc1d
                                                            0x011bcc1f
                                                            0x011bcc24
                                                            0x011bcc2a
                                                            0x011bcc2a
                                                            0x011bcc2c
                                                            0x011bcc2e
                                                            0x011bcc2e
                                                            0x011bcc3b
                                                            0x011bcc40
                                                            0x00000000
                                                            0x011bcc40
                                                            0x011bcbf6
                                                            0x011bcbf6
                                                            0x011bcd7b
                                                            0x011bcd7b
                                                            0x011bcd7c
                                                            0x011bcd82
                                                            0x011bcbb0
                                                            0x011bcbb6
                                                            0x011bcbb8
                                                            0x011bcbba
                                                            0x011bcbbf
                                                            0x011bcbc5
                                                            0x011bcbc5
                                                            0x011bcbc7
                                                            0x011bcbc9
                                                            0x011bcbc9
                                                            0x011bcbd6
                                                            0x011bcbdb
                                                            0x011bcc43
                                                            0x011bcc43
                                                            0x011bcd51
                                                            0x011bcd51
                                                            0x011bcd52
                                                            0x011bcd57
                                                            0x011bcdfc
                                                            0x011bcb77
                                                            0x011bcb77
                                                            0x011bcb84
                                                            0x011bcb89
                                                            0x011bcb8e
                                                            0x011bcb8f
                                                            0x011bcb95
                                                            0x011bce01
                                                            0x011bce06
                                                            0x011bce06
                                                            0x011bce0d
                                                            0x011bce13
                                                            0x011bce18
                                                            0x011bce18
                                                            0x011bce1f
                                                            0x011bce1f
                                                            0x011bce29

                                                            APIs
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,011BD228,?,?,?), ref: 011BCBA3
                                                            • GetLastError.KERNEL32(?,?,011BD228,?,?,?), ref: 011BCBB0
                                                            • ReleaseMutex.KERNEL32(?), ref: 011BCE18
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
                                                            • String ID: %ls_mutex$%ls_send$@Mqt$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$c:\agent\_work\66\s\src\burn\engine\netfxchainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                            • API String ID: 3944734951-3887124222
                                                            • Opcode ID: 951b30df03c4fd7c85d1c72482c3affa2ea272f1107de363d09008f3ea524137
                                                            • Instruction ID: 1d80ce8efcdc2815d45bfdd9dd194137791ac8d0e7a9f9d206acb3ee5a5cc120
                                                            • Opcode Fuzzy Hash: 951b30df03c4fd7c85d1c72482c3affa2ea272f1107de363d09008f3ea524137
                                                            • Instruction Fuzzy Hash: 1281F776A41723BBD72E8BA98888FCA7EA4BF14650F024265FD14AB240E774DD40C6E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119E9FC Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E0119E9FC(void* __edi, intOrPtr _a4, int _a8) {
				signed int _v8;
				int _v12;
				void* _v16;
				void* _v20;
				char _v24;
				intOrPtr* _t82;
				intOrPtr _t108;
				intOrPtr* _t125;
				intOrPtr* _t126;
				intOrPtr _t141;
				intOrPtr _t143;

				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v8 = 0;
				_v24 = 0;
				_t143 = E011D3183(_a8, L"RelatedBundle",  &_v16);
				if(_t143 >= 0) {
					_t82 = _v16;
					_t124 =  *_t82;
					_t143 =  *((intOrPtr*)( *_t82 + 0x20))(_t82,  &_v24);
					__eflags = _t143;
					if(_t143 >= 0) {
						_a8 = 0;
						__eflags = _v24;
						if(_v24 > 0) {
							_t141 = _a4;
							while(1) {
								_t143 = E011D30E2(_t124, _v16,  &_v20, 0);
								__eflags = _t143;
								if(_t143 < 0) {
									break;
								}
								_t143 = E011D2B5D(_v20, L"Action",  &_v12);
								__eflags = _t143;
								if(_t143 < 0) {
									_push("Failed to get @Action.");
									goto L32;
								} else {
									_t143 = E011D2B5D(_v20, L"Id",  &_v8);
									__eflags = _t143;
									if(_t143 < 0) {
										_push("Failed to get @Id.");
										goto L32;
									} else {
										__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Detect", 0xffffffff) - 2;
										if(__eflags != 0) {
											__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Upgrade", 0xffffffff) - 2;
											if(__eflags != 0) {
												__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Addon", 0xffffffff) - 2;
												if(__eflags != 0) {
													__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Patch", 0xffffffff) - 2;
													if(__eflags != 0) {
														_t143 = 0x80070057;
														E011CFB09(0x80070057, "Invalid value for @Action: %ls", _v12);
													} else {
														_t143 = E01193A01(_t141 + 0x30, __eflags, _t141 + 0x30,  *(_t141 + 0x34) + 1, 4, 5);
														__eflags = _t143;
														if(_t143 < 0) {
															_push("Failed to resize Patch code array in registration");
															goto L32;
														} else {
															_t124 =  *((intOrPtr*)(_t141 + 0x30));
															 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x30)) +  *(_t141 + 0x34) * 4)) = _v8;
															_v8 = _v8 & 0x00000000;
															_t66 = _t141 + 0x34;
															 *_t66 =  *(_t141 + 0x34) + 1;
															__eflags =  *_t66;
															goto L22;
														}
													}
												} else {
													_t143 = E01193A01(_t141 + 0x28, __eflags, _t141 + 0x28,  *(_t141 + 0x2c) + 1, 4, 5);
													__eflags = _t143;
													if(_t143 < 0) {
														_push("Failed to resize Addon code array in registration");
														goto L32;
													} else {
														_t124 =  *((intOrPtr*)(_t141 + 0x28));
														 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x28)) +  *(_t141 + 0x2c) * 4)) = _v8;
														_v8 = _v8 & 0x00000000;
														 *(_t141 + 0x2c) =  *(_t141 + 0x2c) + 1;
														goto L22;
													}
												}
											} else {
												_t143 = E01193A01(_t141 + 0x20, __eflags, _t141 + 0x20,  *(_t141 + 0x24) + 1, 4, 5);
												__eflags = _t143;
												if(_t143 < 0) {
													_push("Failed to resize Upgrade code array in registration");
													goto L32;
												} else {
													_t124 =  *((intOrPtr*)(_t141 + 0x20));
													 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x20)) +  *(_t141 + 0x24) * 4)) = _v8;
													_v8 = _v8 & 0x00000000;
													 *(_t141 + 0x24) =  *(_t141 + 0x24) + 1;
													goto L22;
												}
											}
										} else {
											_t143 = E01193A01(_t141 + 0x18, __eflags, _t141 + 0x18,  *(_t141 + 0x1c) + 1, 4, 5);
											__eflags = _t143;
											if(_t143 < 0) {
												_push("Failed to resize Detect code array in registration");
												L32:
												_push(_t143);
												E011CFB09();
											} else {
												_t124 =  *((intOrPtr*)(_t141 + 0x18));
												 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x18)) +  *(_t141 + 0x1c) * 4)) = _v8;
												_v8 = _v8 & 0x00000000;
												 *(_t141 + 0x1c) =  *(_t141 + 0x1c) + 1;
												L22:
												_t108 = _a8 + 1;
												_a8 = _t108;
												__eflags = _t108 - _v24;
												if(_t108 < _v24) {
													continue;
												} else {
												}
											}
										}
									}
								}
								goto L34;
							}
							_push("Failed to get next RelatedBundle element.");
							goto L32;
						}
					} else {
						_push("Failed to get RelatedBundle element count.");
						goto L2;
					}
				} else {
					_push("Failed to get RelatedBundle nodes");
					L2:
					_push(_t143);
					E011CFB09();
				}
				L34:
				_t125 = _v16;
				if(_t125 != 0) {
					 *((intOrPtr*)( *_t125 + 8))(_t125);
				}
				_t126 = _v20;
				if(_t126 != 0) {
					 *((intOrPtr*)( *_t126 + 8))(_t126);
				}
				if(_v12 != 0) {
					E01192762(_v12);
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t143;
			}














                                                            0x0119ea12
                                                            0x0119ea15
                                                            0x0119ea18
                                                            0x0119ea1b
                                                            0x0119ea1e
                                                            0x0119ea26
                                                            0x0119ea2a
                                                            0x0119ea3e
                                                            0x0119ea46
                                                            0x0119ea4b
                                                            0x0119ea4d
                                                            0x0119ea4f
                                                            0x0119ea58
                                                            0x0119ea5b
                                                            0x0119ea5e
                                                            0x0119ea6b
                                                            0x0119ea6e
                                                            0x0119ea7c
                                                            0x0119ea7e
                                                            0x0119ea80
                                                            0x00000000
                                                            0x00000000
                                                            0x0119ea97
                                                            0x0119ea99
                                                            0x0119ea9b
                                                            0x0119ec23
                                                            0x00000000
                                                            0x0119eaa1
                                                            0x0119eab2
                                                            0x0119eab4
                                                            0x0119eab6
                                                            0x0119ec1c
                                                            0x00000000
                                                            0x0119eabc
                                                            0x0119eacf
                                                            0x0119ead2
                                                            0x0119eb19
                                                            0x0119eb1c
                                                            0x0119eb63
                                                            0x0119eb66
                                                            0x0119eba6
                                                            0x0119eba9
                                                            0x0119ec07
                                                            0x0119ec12
                                                            0x0119ebab
                                                            0x0119ebbd
                                                            0x0119ebbf
                                                            0x0119ebc1
                                                            0x0119ebfd
                                                            0x00000000
                                                            0x0119ebc3
                                                            0x0119ebc6
                                                            0x0119ebcc
                                                            0x0119ebcf
                                                            0x0119ebd3
                                                            0x0119ebd3
                                                            0x0119ebd3
                                                            0x00000000
                                                            0x0119ebd3
                                                            0x0119ebc1
                                                            0x0119eb68
                                                            0x0119eb7a
                                                            0x0119eb7c
                                                            0x0119eb7e
                                                            0x0119ebf6
                                                            0x00000000
                                                            0x0119eb80
                                                            0x0119eb83
                                                            0x0119eb89
                                                            0x0119eb8c
                                                            0x0119eb90
                                                            0x00000000
                                                            0x0119eb90
                                                            0x0119eb7e
                                                            0x0119eb1e
                                                            0x0119eb30
                                                            0x0119eb32
                                                            0x0119eb34
                                                            0x0119ebef
                                                            0x00000000
                                                            0x0119eb3a
                                                            0x0119eb3d
                                                            0x0119eb43
                                                            0x0119eb46
                                                            0x0119eb4a
                                                            0x00000000
                                                            0x0119eb4a
                                                            0x0119eb34
                                                            0x0119ead4
                                                            0x0119eae6
                                                            0x0119eae8
                                                            0x0119eaea
                                                            0x0119ebe8
                                                            0x0119ec2f
                                                            0x0119ec2f
                                                            0x0119ec30
                                                            0x0119eaf0
                                                            0x0119eaf3
                                                            0x0119eaf9
                                                            0x0119eafc
                                                            0x0119eb00
                                                            0x0119ebd6
                                                            0x0119ebd9
                                                            0x0119ebda
                                                            0x0119ebdd
                                                            0x0119ebe0
                                                            0x00000000
                                                            0x00000000
                                                            0x0119ebe6
                                                            0x0119ebe0
                                                            0x0119eaea
                                                            0x0119ead2
                                                            0x0119eab6
                                                            0x00000000
                                                            0x0119ec37
                                                            0x0119ec2a
                                                            0x00000000
                                                            0x0119ec2a
                                                            0x0119ea51
                                                            0x0119ea51
                                                            0x00000000
                                                            0x0119ea51
                                                            0x0119ea2c
                                                            0x0119ea2c
                                                            0x0119ea31
                                                            0x0119ea31
                                                            0x0119ea32
                                                            0x0119ea38
                                                            0x0119ec38
                                                            0x0119ec38
                                                            0x0119ec3d
                                                            0x0119ec42
                                                            0x0119ec42
                                                            0x0119ec45
                                                            0x0119ec4a
                                                            0x0119ec4f
                                                            0x0119ec4f
                                                            0x0119ec56
                                                            0x0119ec5b
                                                            0x0119ec5b
                                                            0x0119ec64
                                                            0x0119ec69
                                                            0x0119ec69
                                                            0x0119ec73

                                                            APIs
                                                              • Part of subcall function 011D2B5D: VariantInit.OLEAUT32(?), ref: 011D2B73
                                                              • Part of subcall function 011D2B5D: SysAllocString.OLEAUT32(?), ref: 011D2B8F
                                                              • Part of subcall function 011D2B5D: VariantClear.OLEAUT32(?), ref: 011D2C16
                                                              • Part of subcall function 011D2B5D: SysFreeString.OLEAUT32(00000000), ref: 011D2C21
                                                            • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,Detect,000000FF,?,011DBB64,?,?,Action,?,?,?,00000000,01195482), ref: 0119EACD
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF), ref: 0119EB17
                                                            Strings
                                                            • Addon, xrefs: 0119EB54
                                                            • Failed to resize Addon code array in registration, xrefs: 0119EBF6
                                                            • Failed to resize Upgrade code array in registration, xrefs: 0119EBEF
                                                            • Failed to resize Patch code array in registration, xrefs: 0119EBFD
                                                            • cabinet.dll, xrefs: 0119EB74
                                                            • Failed to get RelatedBundle nodes, xrefs: 0119EA2C
                                                            • Detect, xrefs: 0119EABE
                                                            • Failed to get @Action., xrefs: 0119EC23
                                                            • comres.dll, xrefs: 0119EAE0
                                                            • version.dll, xrefs: 0119EB2A
                                                            • RelatedBundle, xrefs: 0119EA0A
                                                            • Action, xrefs: 0119EA8A
                                                            • Failed to get @Id., xrefs: 0119EC1C
                                                            • Failed to resize Detect code array in registration, xrefs: 0119EBE8
                                                            • Failed to get next RelatedBundle element., xrefs: 0119EC2A
                                                            • Patch, xrefs: 0119EB97
                                                            • Invalid value for @Action: %ls, xrefs: 0119EC0C
                                                            • Failed to get RelatedBundle element count., xrefs: 0119EA51
                                                            • Upgrade, xrefs: 0119EB0A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$CompareVariant$AllocClearFreeInit
                                                            • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$cabinet.dll$comres.dll$version.dll
                                                            • API String ID: 702752599-259800149
                                                            • Opcode ID: fff9c737ff3f408e261098c2e34eec429d5b16b47894f647a52681123cd7afbc
                                                            • Instruction ID: 8de9a7cf61c08dbc5e60b8f88c7af10f3adcf3defa619c93ed489b5d8b9f4d0a
                                                            • Opcode Fuzzy Hash: fff9c737ff3f408e261098c2e34eec429d5b16b47894f647a52681123cd7afbc
                                                            • Instruction Fuzzy Hash: 0971BF71A4661ABBCB1CDBA4C840EAEBBB4FB15724F104218E931B7680D770EE01CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B2596 Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 144COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E011B2596(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __ebx;
				int _t39;
				signed int _t48;
				intOrPtr _t50;
				void* _t57;
				void* _t58;
				void* _t59;

				_t45 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t43 = _a4;
				_t50 = _a8;
				if(E011D2B5D(_a4, L"DetectCondition", _t50 + 0x90) >= 0) {
					if(E011D2B5D(_t43, L"InstallArguments", _t50 + 0x94) >= 0) {
						if(E011D2B5D(_t43, L"UninstallArguments", _t50 + 0x9c) >= 0) {
							if(E011D2B5D(_t43, L"RepairArguments", _t50 + 0x98) >= 0) {
								_t57 = E011D2D69(_t45, _t43, L"Repairable", _t50 + 0xac);
								if(_t57 == 0x80070490 || _t57 >= 0) {
									_t58 = E011D2B5D(_t43, L"Protocol",  &_v8);
									if(_t58 < 0) {
										if(_t58 == 0x80070490) {
											goto L14;
										} else {
											_push("Failed to get @Protocol.");
											goto L25;
										}
									} else {
										if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"burn", 0xffffffff) != 2) {
											_t39 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"netfx4", 0xffffffff);
											_t48 = 2;
											if(_t39 != _t48) {
												if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"none", 0xffffffff) != 2) {
													_t59 = 0x8000ffff;
													E011CFB09(0x8000ffff, "Invalid protocol type: %ls", _v8);
												} else {
													 *(_t50 + 0xb0) =  *(_t50 + 0xb0) & 0x00000000;
													goto L14;
												}
											} else {
												 *(_t50 + 0xb0) = _t48;
												goto L14;
											}
										} else {
											 *(_t50 + 0xb0) = 1;
											L14:
											_t59 = E011B1951(_t43, _t43, _t50);
											if(_t59 >= 0) {
												_t59 = E011B17A7(_t43, _t50);
												if(_t59 < 0) {
													_push("Failed to parse command lines.");
													goto L25;
												}
											} else {
												_push("Failed to parse exit codes.");
												goto L25;
											}
										}
									}
								} else {
									_push("Failed to get @Repairable.");
									goto L25;
								}
							} else {
								_push("Failed to get @RepairArguments.");
								goto L25;
							}
						} else {
							_push("Failed to get @UninstallArguments.");
							goto L25;
						}
					} else {
						_push("Failed to get @InstallArguments.");
						goto L25;
					}
				} else {
					_push("Failed to get @DetectCondition.");
					L25:
					_push(_t59);
					E011CFB09();
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t59;
			}











                                                            0x011b2596
                                                            0x011b2599
                                                            0x011b259a
                                                            0x011b259f
                                                            0x011b25a4
                                                            0x011b25bd
                                                            0x011b25df
                                                            0x011b2601
                                                            0x011b2623
                                                            0x011b2641
                                                            0x011b2649
                                                            0x011b2668
                                                            0x011b266c
                                                            0x011b270c
                                                            0x00000000
                                                            0x011b270e
                                                            0x011b270e
                                                            0x00000000
                                                            0x011b270e
                                                            0x011b2672
                                                            0x011b268d
                                                            0x011b26bd
                                                            0x011b26c1
                                                            0x011b26c4
                                                            0x011b26e3
                                                            0x011b26f1
                                                            0x011b26fc
                                                            0x011b26e5
                                                            0x011b26e5
                                                            0x00000000
                                                            0x011b26e5
                                                            0x011b26c6
                                                            0x011b26c6
                                                            0x00000000
                                                            0x011b26c6
                                                            0x011b268f
                                                            0x011b268f
                                                            0x011b2699
                                                            0x011b26a0
                                                            0x011b26a4
                                                            0x011b271c
                                                            0x011b2720
                                                            0x011b2722
                                                            0x00000000
                                                            0x011b2722
                                                            0x011b26a6
                                                            0x011b26a6
                                                            0x00000000
                                                            0x011b26a6
                                                            0x011b26a4
                                                            0x011b268d
                                                            0x011b264f
                                                            0x011b264f
                                                            0x00000000
                                                            0x011b264f
                                                            0x011b2625
                                                            0x011b2625
                                                            0x00000000
                                                            0x011b2625
                                                            0x011b2603
                                                            0x011b2603
                                                            0x00000000
                                                            0x011b2603
                                                            0x011b25e1
                                                            0x011b25e1
                                                            0x00000000
                                                            0x011b25e1
                                                            0x011b25bf
                                                            0x011b25bf
                                                            0x011b2727
                                                            0x011b2727
                                                            0x011b2728
                                                            0x011b272e
                                                            0x011b2733
                                                            0x011b2738
                                                            0x011b2738
                                                            0x011b2743

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: StringVariant$AllocClearFreeInit
                                                            • String ID: DetectCondition$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$UninstallArguments$burn$netfx4$none
                                                            • API String ID: 760788290-1911311241
                                                            • Opcode ID: 287408343a8249c0a544544b515bd0774ebf3bab06989a0fa613654530aafc36
                                                            • Instruction ID: 02463c5ff9029ac4b29056b0efe03e6aa0dff6a9e825547dd57b5e29c0671e82
                                                            • Opcode Fuzzy Hash: 287408343a8249c0a544544b515bd0774ebf3bab06989a0fa613654530aafc36
                                                            • Instruction Fuzzy Hash: A6414972A88F27B6C72E55A59CC5FEA76989F12B30F110319F934772C1C7B4B80446D5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01198F3F Relevance: 35.4, APIs: 8, Strings: 12, Instructions: 430COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E01198F3F(signed int _a4) {
				short _v8;
				int _v12;
				int _v16;
				char _v20;
				short* _t150;
				signed int _t154;
				void* _t155;
				void* _t159;
				void* _t161;
				void* _t162;
				void* _t166;
				void* _t168;
				void* _t169;
				void* _t171;
				void* _t174;
				void* _t175;
				int _t182;
				intOrPtr _t189;
				void* _t194;
				short* _t203;
				int _t207;
				short* _t209;
				intOrPtr _t214;
				void* _t222;
				void* _t223;
				signed int _t225;
				void* _t226;
				signed int _t227;
				void* _t232;
				signed int _t236;
				void* _t237;
				int* _t238;
				signed int _t239;
				signed short* _t242;
				intOrPtr _t243;
				void* _t246;
				int _t248;
				intOrPtr _t250;
				signed int _t254;
				void* _t255;
				void* _t258;
				signed int _t261;
				int _t262;
				intOrPtr _t264;
				void* _t271;

				_t236 = _a4;
				_v12 = 0;
				_t262 = 0;
				_v8 = 0;
				_t4 = _t236 + 0x18; // 0x119990b
				E011B04E3(_t4);
				_t5 = _t236 + 0x10; // 0x1199903
				_t239 = 8;
				memset(_t5, 0, _t239 << 2);
				_t261 = _t236;
				_t7 = _t261 + 8; // 0x56011dcc
				_t150 =  *_t7;
				if(0 ==  *_t150) {
					_t254 = _v8;
				} else {
					while(1) {
						GetStringTypeW(1, _t150, 1,  &_v8);
						_t254 = _v8;
						if((_t254 & 0x00000040) == 0) {
							goto L5;
						}
						_t12 = _t261 + 8; // 0x56011dcc
						_t150 =  *_t12 + 2;
						 *(_t261 + 8) = _t150;
						if(0 !=  *_t150) {
							continue;
						} else {
						}
						goto L5;
					}
				}
				L5:
				_t15 = _t261 + 8; // 0x56011dcc
				_t242 =  *_t15;
				_t16 = _t261 + 4; // 0x90680f79
				_a4 = _t242 -  *_t16 >> 1;
				_t154 =  *_t242 & 0x0000ffff;
				_t271 = _t154 - 0x3c;
				if(_t271 > 0) {
					_t155 = _t154 - 0x3d;
					if(_t155 == 0) {
						 *(_t236 + 0x10) = 0x10009;
						goto L97;
					} else {
						_t159 = _t155 - 1;
						if(_t159 == 0) {
							_t161 = (_t242[1] & 0x0000ffff) - 0x3c;
							if(_t161 == 0) {
								 *(_t236 + 0x10) = 0x1000b;
								goto L95;
							} else {
								_t162 = _t161 - 1;
								if(_t162 == 0) {
									 *(_t236 + 0x10) = 0x10008;
									goto L95;
								} else {
									if(_t162 == 1) {
										 *(_t236 + 0x10) = 0x1000d;
										goto L95;
									} else {
										 *(_t236 + 0x10) = 0x10006;
										goto L97;
									}
								}
							}
							goto L98;
						} else {
							if(_t159 == 0x40) {
								_t166 = (_t242[1] & 0x0000ffff) - 0x3c;
								if(_t166 == 0) {
									_t168 = (_t242[2] & 0x0000ffff) - 0x3c;
									if(_t168 == 0) {
										 *(_t236 + 0x10) = 0x3000c;
										goto L86;
									} else {
										_t169 = _t168 - 1;
										if(_t169 == 0) {
											 *(_t236 + 0x10) = 0x30007;
											goto L86;
										} else {
											if(_t169 == 1) {
												 *(_t236 + 0x10) = 0x3000a;
												goto L86;
											} else {
												 *(_t236 + 0x10) = 0x30005;
												goto L95;
											}
										}
									}
									goto L87;
								} else {
									_t171 = _t166 - 1;
									if(_t171 == 0) {
										 *(_t236 + 0x10) = 0x30009;
										goto L95;
									} else {
										_t172 = _t171 == 1;
										if(_t171 == 1) {
											_t174 = (_t242[2] & 0x0000ffff) - 0x3c;
											if(_t174 == 0) {
												 *(_t236 + 0x10) = 0x3000b;
												goto L86;
											} else {
												_t175 = _t174 - 1;
												if(_t175 == 0) {
													 *(_t236 + 0x10) = 0x30008;
													goto L86;
												} else {
													if(_t175 == 1) {
														 *(_t236 + 0x10) = 0x3000d;
														L86:
														_push(3);
													} else {
														 *(_t236 + 0x10) = 0x30006;
														goto L95;
													}
												}
											}
											goto L87;
										} else {
											_t264 = 0x8007000d;
											 *(_t261 + 0x30) = 1;
											_v12 = 0x8007000d;
											E011938BA(_t172, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\condition.cpp", 0x23f, 0x8007000d);
											_push(_a4);
											_t121 = _t261 + 4; // 0x90680f79
											_push( *_t121);
											_push("Failed to parse condition \"%ls\". Unexpected \'~\' operator at position %d.");
											goto L70;
										}
									}
								}
							} else {
								goto L31;
							}
						}
					}
				} else {
					if(_t271 == 0) {
						_t222 = (_t242[1] & 0x0000ffff) - 0x3c;
						if(_t222 == 0) {
							 *(_t236 + 0x10) = 0x1000c;
							goto L95;
						} else {
							_t223 = _t222 - 1;
							if(_t223 == 0) {
								 *(_t236 + 0x10) = 0x10007;
								goto L95;
							} else {
								if(_t223 == 1) {
									 *(_t236 + 0x10) = 0x1000a;
									L95:
									_push(2);
									L87:
									_pop(_t262);
								} else {
									 *(_t236 + 0x10) = 0x10005;
									goto L97;
								}
							}
						}
						goto L98;
					} else {
						_t225 = _t154;
						if(_t225 == 0) {
							 *(_t236 + 0x10) = 1;
							goto L98;
						} else {
							_t226 = _t225 - 0x22;
							if(_t226 == 0) {
								while(1) {
									_t262 = _t262 + 1;
									_t227 = _t242[_t262] & 0x0000ffff;
									if(0 == _t227) {
										break;
									}
									_t258 = 0x22;
									if(_t258 != _t227) {
										continue;
									} else {
										_t262 = _t262 + 1;
										 *(_t236 + 0x10) = 0x12;
										_t23 = _t262 - 2; // 0x0
										_t24 =  &(_t242[1]); // 0x56011dce
										goto L16;
									}
									goto L99;
								}
								_t264 = 0x8007000d;
								 *(_t261 + 0x30) = 1;
								_v12 = 0x8007000d;
								E011938BA(_t227, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\condition.cpp", 0x27f, 0x8007000d);
								_push(_a4);
								_t30 = _t261 + 4; // 0x90680f79
								_push( *_t30);
								_push("Failed to parse condition \"%ls\". Unterminated literal at position %d.");
								goto L70;
							} else {
								_t232 = _t226 - 6;
								if(_t232 == 0) {
									 *(_t236 + 0x10) = 0xe;
									goto L97;
								} else {
									if(_t232 != 1) {
										L31:
										if((_t254 & 0x00000004) != 0) {
											goto L59;
										} else {
											_v16 = 0x2d;
											if(_v16 == ( *_t242 & 0x0000ffff)) {
												while(1) {
													L59:
													_t262 = _t262 + 1;
													_t182 = GetStringTypeW(1,  &(_t242[_t262]), 1,  &_v8);
													if((_v8 & 0x00000100) != 0) {
														break;
													}
													_t96 = _t261 + 8; // 0x56011dcc
													_t242 =  *_t96;
													_t182 = 0x5f;
													if(_t182 == _t242[_t262]) {
														break;
													} else {
														if((_v8 & 0x00000004) != 0) {
															continue;
														} else {
															 *(_t236 + 0x10) = 0x10;
															_v20 = 0;
															_v16 = 0;
															if(E011929B6(_t242, _t262,  &_v20) >= 0) {
																_t111 = _t261 + 0x18; // 0x119990b
																_t189 = E011B02FB(_t111, _v20, _v16);
																goto L17;
															} else {
																_t264 = 0x8007000d;
																 *(_t261 + 0x30) = 1;
																_v12 = 0x8007000d;
																E011938BA(_t187, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\condition.cpp", 0x2a1, 0x8007000d);
																_push(_a4);
																_t109 = _t261 + 4; // 0x90680f79
																_push( *_t109);
																_push("Failed to parse condition \"%ls\". Constant too big, at position %d.");
																goto L70;
															}
														}
													}
													goto L99;
												}
												_t264 = 0x8007000d;
												 *(_t261 + 0x30) = 1;
												_v12 = 0x8007000d;
												E011938BA(_t182, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\condition.cpp", 0x294, 0x8007000d);
												_push(_a4);
												_t116 = _t261 + 4; // 0x90680f79
												_push( *_t116);
												_push("Failed to parse condition \"%ls\". Identifier cannot start at a digit, at position %d.");
												goto L70;
											} else {
												_t194 = 0x5f;
												if((_t254 & 0x00000100) != 0 || _t194 == ( *_t242 & 0x0000ffff)) {
													_t48 =  &(_t242[1]); // 0x56011dce
													GetStringTypeW(1, _t48, 1,  &_v8);
													_t49 = _t261 + 8; // 0x56011dcc
													_t246 = 0x76;
													if(_t246 !=  *((intOrPtr*)( *_t49)) || (_v8 & 0x00000004) == 0) {
														_t237 = 0x5f;
														goto L48;
														do {
															do {
																L48:
																_t262 = _t262 + 1;
																_t79 = _t261 + 8; // 0x56011dcc
																GetStringTypeW(1,  *_t79 + _t262 + _t262, 1,  &_v8);
															} while ((_v8 & 0x00000104) != 0);
															_t84 = _t261 + 8; // 0x56011dcc
															_t203 =  *_t84;
														} while (_t237 == _t203[_t262]);
														_t87 = _t261 + 0x10; // 0x1199903
														_t238 = _t87;
														if(_t262 != 2) {
															if(_t262 != 3) {
																goto L58;
															} else {
																if(CompareStringW(0x7f, 1, _t203, _t262, L"AND", _t262) != 2) {
																	_t88 = _t261 + 8; // 0x56011dcc
																	if(CompareStringW(0x7f, 1,  *_t88, 3, L"NOT", 3) != 2) {
																		goto L58;
																	} else {
																		 *_t238 = 4;
																		goto L98;
																	}
																} else {
																	 *_t238 = _t262;
																	goto L98;
																}
															}
														} else {
															_t207 = CompareStringW(0x7f, 1, _t203, 2, L"OR", 2);
															_t248 = 2;
															if(_t207 != _t248) {
																L58:
																_push(_t262);
																_t89 = _t261 + 8; // 0x56011dcc
																_push( *_t89);
																 *_t238 = 0x11;
																L16:
																_t25 = _t261 + 0x18; // 0x119990b
																_t189 = E011B033F();
																L17:
																_t243 = _t189;
																_v12 = _t243;
																if(_t243 >= 0) {
																	goto L98;
																} else {
																	_push("Failed to set symbol value.");
																	_push(_t243);
																	E011CFB09();
																}
															} else {
																 *_t238 = _t248;
																goto L98;
															}
														}
													} else {
														_t250 = 1;
														_v12 = 1;
														while(1) {
															L39:
															_t54 = _t261 + 8; // 0x56011dcc
															_v16 = _t262;
															_t262 = _t262 + 1;
															_t255 = 0x2e;
															_t209 =  *_t54 + _t262 * 2;
															if(_t255 ==  *_t209) {
																break;
															}
															GetStringTypeW(1, _t209, 1,  &_v8);
															if((_v8 & 0x00000004) == 0) {
																_t68 = _t261 + 0x18; // 0x119990b
																_t69 = _t261 + 8; // 0x56011dcc
																_t214 = E011D44B2( *_t69 + 2, _v16, _t68);
																_v12 = _t214;
																if(_t214 >= 0) {
																	 *(_t261 + 0x28) = 3;
																	 *(_t236 + 0x10) = 0x13;
																	goto L98;
																} else {
																	_t264 = 0x8007000d;
																	 *(_t261 + 0x30) = 1;
																	_v12 = 0x8007000d;
																	E011938BA(_t214, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\condition.cpp", 0x2cc, 0x8007000d);
																	_push(_a4);
																	_t75 = _t261 + 4; // 0x90680f79
																	_push( *_t75);
																	_push("Failed to parse condition \"%ls\". Invalid version format, at position %d.");
																	goto L70;
																}
															} else {
																_t250 = _v12;
																continue;
															}
															goto L99;
														}
														_t250 = _t250 + 1;
														_v12 = _t250;
														if(_t250 <= 4) {
															goto L39;
														} else {
															_t264 = 0x8007000d;
															 *(_t261 + 0x30) = 1;
															_v12 = 0x8007000d;
															E011938BA(_t209, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\condition.cpp", 0x2b9, 0x8007000d);
															_push(_a4);
															_t62 = _t261 + 4; // 0x90680f79
															_push( *_t62);
															_push("Failed to parse condition \"%ls\". Version can have a maximum of 4 parts, at position %d.");
															goto L70;
														}
													}
												} else {
													_t264 = 0x8007000d;
													 *(_t261 + 0x30) = 1;
													_v12 = 0x8007000d;
													E011938BA(_t194, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\condition.cpp", 0x2f7, 0x8007000d);
													_push(_a4);
													_t46 = _t261 + 4; // 0x90680f79
													_push( *_t46);
													_push("Failed to parse condition \"%ls\". Unexpected character at position %d.");
													L70:
													_push(_t264);
													E011CFB09();
												}
											}
										}
									} else {
										 *(_t236 + 0x10) = 0xf;
										L97:
										_t262 = 1;
										L98:
										 *(_t261 + 0x14) = _a4;
										 *(_t261 + 8) =  *(_t261 + 8) + _t262 + _t262;
									}
								}
							}
						}
					}
				}
				L99:
				return _v12;
			}
















































                                                            0x01198f46
                                                            0x01198f4c
                                                            0x01198f4f
                                                            0x01198f51
                                                            0x01198f55
                                                            0x01198f59
                                                            0x01198f62
                                                            0x01198f65
                                                            0x01198f66
                                                            0x01198f68
                                                            0x01198f6c
                                                            0x01198f6c
                                                            0x01198f72
                                                            0x01198f9d
                                                            0x00000000
                                                            0x01198f74
                                                            0x01198f7d
                                                            0x01198f83
                                                            0x01198f89
                                                            0x00000000
                                                            0x00000000
                                                            0x01198f8b
                                                            0x01198f90
                                                            0x01198f93
                                                            0x01198f99
                                                            0x00000000
                                                            0x00000000
                                                            0x01198f9b
                                                            0x00000000
                                                            0x01198f99
                                                            0x01198f74
                                                            0x01198fa0
                                                            0x01198fa0
                                                            0x01198fa0
                                                            0x01198fa5
                                                            0x01198faa
                                                            0x01198fad
                                                            0x01198fb0
                                                            0x01198fb3
                                                            0x011990be
                                                            0x011990c1
                                                            0x0119949e
                                                            0x00000000
                                                            0x011990c7
                                                            0x011990c7
                                                            0x011990ca
                                                            0x01199469
                                                            0x0119946c
                                                            0x01199493
                                                            0x00000000
                                                            0x0119946e
                                                            0x0119946e
                                                            0x01199471
                                                            0x0119948a
                                                            0x00000000
                                                            0x01199473
                                                            0x01199476
                                                            0x01199481
                                                            0x00000000
                                                            0x01199478
                                                            0x01199478
                                                            0x00000000
                                                            0x01199478
                                                            0x01199476
                                                            0x01199471
                                                            0x00000000
                                                            0x011990d0
                                                            0x011990d3
                                                            0x0119939c
                                                            0x0119939f
                                                            0x0119942f
                                                            0x01199432
                                                            0x01199459
                                                            0x00000000
                                                            0x01199434
                                                            0x01199434
                                                            0x01199437
                                                            0x01199450
                                                            0x00000000
                                                            0x01199439
                                                            0x0119943c
                                                            0x01199447
                                                            0x00000000
                                                            0x0119943e
                                                            0x0119943e
                                                            0x00000000
                                                            0x0119943e
                                                            0x0119943c
                                                            0x01199437
                                                            0x00000000
                                                            0x011993a5
                                                            0x011993a5
                                                            0x011993a8
                                                            0x01199422
                                                            0x00000000
                                                            0x011993aa
                                                            0x011993aa
                                                            0x011993ad
                                                            0x011993ec
                                                            0x011993ef
                                                            0x01199419
                                                            0x00000000
                                                            0x011993f1
                                                            0x011993f1
                                                            0x011993f4
                                                            0x01199410
                                                            0x00000000
                                                            0x011993f6
                                                            0x011993f9
                                                            0x01199407
                                                            0x01199460
                                                            0x01199460
                                                            0x011993fb
                                                            0x011993fb
                                                            0x00000000
                                                            0x011993fb
                                                            0x011993f9
                                                            0x011993f4
                                                            0x00000000
                                                            0x011993af
                                                            0x011993af
                                                            0x011993b4
                                                            0x011993c6
                                                            0x011993c9
                                                            0x011993d1
                                                            0x011993d2
                                                            0x011993d2
                                                            0x011993d5
                                                            0x00000000
                                                            0x011993d5
                                                            0x011993ad
                                                            0x011993a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011990d3
                                                            0x011990ca
                                                            0x01198fb9
                                                            0x01198fb9
                                                            0x0119907f
                                                            0x01199082
                                                            0x011990b2
                                                            0x00000000
                                                            0x01199084
                                                            0x01199084
                                                            0x01199087
                                                            0x011990a6
                                                            0x00000000
                                                            0x01199089
                                                            0x0119908c
                                                            0x0119909a
                                                            0x0119949a
                                                            0x0119949a
                                                            0x01199462
                                                            0x01199462
                                                            0x0119908e
                                                            0x0119908e
                                                            0x00000000
                                                            0x0119908e
                                                            0x0119908c
                                                            0x01199087
                                                            0x00000000
                                                            0x01198fbf
                                                            0x01198fbf
                                                            0x01198fc2
                                                            0x0119906f
                                                            0x00000000
                                                            0x01198fc8
                                                            0x01198fc8
                                                            0x01198fcb
                                                            0x01198ff3
                                                            0x01198ff3
                                                            0x01198ff6
                                                            0x01198ffd
                                                            0x00000000
                                                            0x00000000
                                                            0x01199001
                                                            0x01199005
                                                            0x00000000
                                                            0x01199007
                                                            0x01199007
                                                            0x01199008
                                                            0x0119900f
                                                            0x01199013
                                                            0x00000000
                                                            0x01199016
                                                            0x00000000
                                                            0x01199005
                                                            0x0119903f
                                                            0x01199044
                                                            0x01199056
                                                            0x01199059
                                                            0x01199061
                                                            0x01199062
                                                            0x01199062
                                                            0x01199065
                                                            0x00000000
                                                            0x01198fcd
                                                            0x01198fcd
                                                            0x01198fd0
                                                            0x01198fe7
                                                            0x00000000
                                                            0x01198fd2
                                                            0x01198fd5
                                                            0x011990d9
                                                            0x011990dc
                                                            0x00000000
                                                            0x011990e2
                                                            0x011990e5
                                                            0x011990f0
                                                            0x011992db
                                                            0x011992db
                                                            0x011992db
                                                            0x011992e8
                                                            0x011992f5
                                                            0x00000000
                                                            0x00000000
                                                            0x011992f7
                                                            0x011992f7
                                                            0x011992fc
                                                            0x01199301
                                                            0x00000000
                                                            0x01199303
                                                            0x01199307
                                                            0x00000000
                                                            0x01199309
                                                            0x0119930b
                                                            0x01199312
                                                            0x01199315
                                                            0x01199325
                                                            0x0119935a
                                                            0x01199361
                                                            0x00000000
                                                            0x01199327
                                                            0x01199327
                                                            0x0119932c
                                                            0x0119933e
                                                            0x01199341
                                                            0x01199349
                                                            0x0119934a
                                                            0x0119934a
                                                            0x0119934d
                                                            0x00000000
                                                            0x0119934d
                                                            0x01199325
                                                            0x01199307
                                                            0x00000000
                                                            0x01199301
                                                            0x0119936b
                                                            0x01199370
                                                            0x01199382
                                                            0x01199385
                                                            0x0119938d
                                                            0x0119938e
                                                            0x0119938e
                                                            0x01199391
                                                            0x00000000
                                                            0x011990f6
                                                            0x011990f8
                                                            0x011990ff
                                                            0x0119913f
                                                            0x01199145
                                                            0x0119914b
                                                            0x01199150
                                                            0x01199154
                                                            0x0119922e
                                                            0x0119922e
                                                            0x0119922f
                                                            0x0119922f
                                                            0x0119922f
                                                            0x0119922f
                                                            0x01199234
                                                            0x01199241
                                                            0x01199247
                                                            0x01199250
                                                            0x01199250
                                                            0x01199253
                                                            0x01199259
                                                            0x01199259
                                                            0x0119925f
                                                            0x01199286
                                                            0x00000000
                                                            0x01199288
                                                            0x0119929d
                                                            0x011992af
                                                            0x011992bf
                                                            0x00000000
                                                            0x011992c1
                                                            0x011992c1
                                                            0x00000000
                                                            0x011992c1
                                                            0x0119929f
                                                            0x0119929f
                                                            0x00000000
                                                            0x0119929f
                                                            0x0119929d
                                                            0x01199261
                                                            0x0119926f
                                                            0x01199277
                                                            0x0119927a
                                                            0x011992cc
                                                            0x011992cc
                                                            0x011992cd
                                                            0x011992cd
                                                            0x011992d0
                                                            0x01199017
                                                            0x01199017
                                                            0x0119901b
                                                            0x01199020
                                                            0x01199020
                                                            0x01199022
                                                            0x01199027
                                                            0x00000000
                                                            0x0119902d
                                                            0x0119902d
                                                            0x01199032
                                                            0x01199033
                                                            0x01199039
                                                            0x0119927c
                                                            0x0119927c
                                                            0x00000000
                                                            0x0119927c
                                                            0x0119927a
                                                            0x01199164
                                                            0x01199166
                                                            0x01199167
                                                            0x0119916a
                                                            0x0119916a
                                                            0x0119916a
                                                            0x0119916d
                                                            0x01199170
                                                            0x01199173
                                                            0x01199174
                                                            0x0119917a
                                                            0x00000000
                                                            0x00000000
                                                            0x011991be
                                                            0x011991c8
                                                            0x011991cf
                                                            0x011991d3
                                                            0x011991dd
                                                            0x011991e2
                                                            0x011991e7
                                                            0x01199219
                                                            0x01199220
                                                            0x00000000
                                                            0x011991e9
                                                            0x011991e9
                                                            0x011991ee
                                                            0x01199200
                                                            0x01199203
                                                            0x0119920b
                                                            0x0119920c
                                                            0x0119920c
                                                            0x0119920f
                                                            0x00000000
                                                            0x0119920f
                                                            0x011991ca
                                                            0x011991ca
                                                            0x00000000
                                                            0x011991ca
                                                            0x00000000
                                                            0x011991c8
                                                            0x0119917c
                                                            0x0119917d
                                                            0x01199183
                                                            0x00000000
                                                            0x01199185
                                                            0x01199185
                                                            0x0119918a
                                                            0x0119919c
                                                            0x0119919f
                                                            0x011991a7
                                                            0x011991a8
                                                            0x011991a8
                                                            0x011991ab
                                                            0x00000000
                                                            0x011991ab
                                                            0x01199183
                                                            0x01199109
                                                            0x01199109
                                                            0x0119910e
                                                            0x01199120
                                                            0x01199123
                                                            0x0119912b
                                                            0x0119912c
                                                            0x0119912c
                                                            0x0119912f
                                                            0x011993da
                                                            0x011993da
                                                            0x011993db
                                                            0x011993e0
                                                            0x011990ff
                                                            0x011990f0
                                                            0x01198fdb
                                                            0x01198fdb
                                                            0x011994a5
                                                            0x011994a7
                                                            0x011994a8
                                                            0x011994ab
                                                            0x011994b1
                                                            0x011994b1
                                                            0x01198fd5
                                                            0x01198fd0
                                                            0x01198fcb
                                                            0x01198fc2
                                                            0x01198fb9
                                                            0x011994b4
                                                            0x011994bb

                                                            APIs
                                                            • GetStringTypeW.KERNEL32(00000001,56011DCC,00000001,?,0119990B,?,00000000,00000000,?,?,011998F3,?,?,00000000,?), ref: 01198F7D
                                                            Strings
                                                            • Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 0119912F
                                                            • Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 011991AB
                                                            • Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 0119920F
                                                            • Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 011993D5
                                                            • Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 01199391
                                                            • c:\agent\_work\66\s\src\burn\engine\condition.cpp, xrefs: 01199051, 0119911B, 01199197, 011991FB, 01199339, 0119937D, 011993C1
                                                            • Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 0119934D
                                                            • Failed to set symbol value., xrefs: 0119902D
                                                            • Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 01199065
                                                            • NOT, xrefs: 011992A8
                                                            • AND, xrefs: 01199289
                                                            • -, xrefs: 011990E5
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: StringType
                                                            • String ID: -$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$c:\agent\_work\66\s\src\burn\engine\condition.cpp
                                                            • API String ID: 4177115715-1494984065
                                                            • Opcode ID: 0be7a34e5309c8536ef43e98a2e4b47eb346dc01f785cc00e87200632366903b
                                                            • Instruction ID: acad914f0c49e0b7e4443b178b440ae6d6452517fe669ac2cce39e209ea1fbb4
                                                            • Opcode Fuzzy Hash: 0be7a34e5309c8536ef43e98a2e4b47eb346dc01f785cc00e87200632366903b
                                                            • Instruction Fuzzy Hash: 12F1F5B1540209EBEF1DCF68C949BAA7B68FB05708F00854DFA219B285C3B5D691CBC1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B1951 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 211COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 64%
                                                            			E011B1951(void* __ebx, int _a4, intOrPtr _a8) {
				int _v8;
				void* _v12;
				int _v16;
				void* _v20;
				int _v24;
				intOrPtr* _t50;
				intOrPtr _t60;
				int _t61;
				int _t68;
				void* _t74;
				intOrPtr _t78;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr* _t94;
				int _t98;
				int _t100;
				intOrPtr* _t102;
				intOrPtr _t103;

				_t100 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_t103 = E011D3183(_a4, L"ExitCode",  &_v20);
				if(_t103 >= 0) {
					_t50 = _v20;
					_t103 =  *((intOrPtr*)( *_t50 + 0x20))(_t50,  &_v16);
					if(_t103 >= 0) {
						_t52 = _v16;
						if(_v16 == 0) {
							L35:
							_t103 = _t100;
						} else {
							_t60 = E011939DF(_t52 * 0xc, 1);
							_t89 = _a8;
							 *((intOrPtr*)(_t89 + 0xb8)) = _t60;
							if(_t60 != 0) {
								_t61 = _v16;
								 *((intOrPtr*)(_t89 + 0xbc)) = _t61;
								_a4 = 0;
								if(_t61 == 0) {
									goto L35;
								} else {
									_t98 = 0;
									_v24 = 0;
									while(1) {
										_t102 =  *((intOrPtr*)(_t89 + 0xb8)) + _t98;
										_t103 = E011D30E2(_t89, _v20,  &_v12, 0);
										if(_t103 < 0) {
											break;
										}
										_t103 = E011D2B5D(_v12, L"Type",  &_v8);
										if(_t103 < 0) {
											_push("Failed to get @Type.");
											goto L34;
										} else {
											if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"success", 0xffffffff) != 2) {
												_t68 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"error", 0xffffffff);
												_t92 = 2;
												if(_t68 != _t92) {
													if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"scheduleReboot", 0xffffffff) != 2) {
														if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"forceReboot", 0xffffffff) != 2) {
															_push(_v8);
															_t103 = 0x8000ffff;
															_push("Invalid exit code type: %ls");
															goto L31;
														} else {
															 *_t102 = 4;
															goto L20;
														}
													} else {
														 *_t102 = 3;
														goto L20;
													}
												} else {
													 *_t102 = _t92;
													goto L20;
												}
											} else {
												 *_t102 = 1;
												L20:
												_t103 = E011D2B5D(_v12, L"Code",  &_v8);
												if(_t103 < 0) {
													_push("Failed to get @Code.");
													goto L34;
												} else {
													_t93 = _v8;
													_t74 = 0x2a;
													if(_t74 !=  *_v8) {
														_t100 = 0;
														_t103 = E01192ABF(_t93, _t93, 0, _t102 + 4);
														if(_t103 < 0) {
															_push(_v8);
															_push("Failed to parse @Code value: %ls");
															L31:
															_push(_t103);
															E011CFB09();
														} else {
															goto L24;
														}
													} else {
														 *((intOrPtr*)(_t102 + 8)) = 1;
														_t100 = 0;
														L24:
														_t94 = _v12;
														if(_t94 != 0) {
															 *((intOrPtr*)( *_t94 + 8))(_t94);
															_v12 = _t100;
														}
														_t78 = _a4 + 1;
														_t98 = _v24 + 0xc;
														_a4 = _t78;
														_v24 = _t98;
														if(_t78 >= _v16) {
															goto L35;
														} else {
															_t89 = _a8;
															continue;
														}
													}
												}
											}
										}
										goto L36;
									}
									_push("Failed to get next node.");
									goto L34;
								}
							} else {
								_t103 = 0x8007000e;
								E011938BA(_t60, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\exeengine.cpp", 0x272, 0x8007000e);
								_push("Failed to allocate memory for exit code structs.");
								L34:
								_push(_t103);
								E011CFB09();
							}
						}
						L36:
					} else {
						_push("Failed to get exit code node count.");
						goto L2;
					}
				} else {
					_push("Failed to select exit code nodes.");
					L2:
					_push(_t103);
					E011CFB09();
				}
				_t87 = _v20;
				if(_t87 != 0) {
					 *((intOrPtr*)( *_t87 + 8))(_t87);
				}
				_t88 = _v12;
				if(_t88 != 0) {
					 *((intOrPtr*)( *_t88 + 8))(_t88);
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t103;
			}























                                                            0x011b195c
                                                            0x011b1967
                                                            0x011b196a
                                                            0x011b196d
                                                            0x011b1970
                                                            0x011b1978
                                                            0x011b197c
                                                            0x011b1990
                                                            0x011b199d
                                                            0x011b19a1
                                                            0x011b19aa
                                                            0x011b19b0
                                                            0x011b1b6d
                                                            0x011b1b6d
                                                            0x011b19b6
                                                            0x011b19bc
                                                            0x011b19c1
                                                            0x011b19c4
                                                            0x011b19cc
                                                            0x011b19ed
                                                            0x011b19f0
                                                            0x011b19f6
                                                            0x011b19fb
                                                            0x00000000
                                                            0x011b1a01
                                                            0x011b1a07
                                                            0x011b1a09
                                                            0x011b1a0c
                                                            0x011b1a1b
                                                            0x011b1a22
                                                            0x011b1a26
                                                            0x00000000
                                                            0x00000000
                                                            0x011b1a3d
                                                            0x011b1a41
                                                            0x011b1b57
                                                            0x00000000
                                                            0x011b1a47
                                                            0x011b1a5d
                                                            0x011b1a76
                                                            0x011b1a7a
                                                            0x011b1a7d
                                                            0x011b1a97
                                                            0x011b1ab5
                                                            0x011b1b3f
                                                            0x011b1b42
                                                            0x011b1b47
                                                            0x00000000
                                                            0x011b1abb
                                                            0x011b1abb
                                                            0x00000000
                                                            0x011b1abb
                                                            0x011b1a99
                                                            0x011b1a99
                                                            0x00000000
                                                            0x011b1a99
                                                            0x011b1a7f
                                                            0x011b1a7f
                                                            0x00000000
                                                            0x011b1a7f
                                                            0x011b1a5f
                                                            0x011b1a5f
                                                            0x011b1ac1
                                                            0x011b1ad2
                                                            0x011b1ad6
                                                            0x011b1b38
                                                            0x00000000
                                                            0x011b1ad8
                                                            0x011b1ad8
                                                            0x011b1add
                                                            0x011b1ae1
                                                            0x011b1af1
                                                            0x011b1afb
                                                            0x011b1aff
                                                            0x011b1b2e
                                                            0x011b1b31
                                                            0x011b1b4c
                                                            0x011b1b4c
                                                            0x011b1b4d
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011b1ae3
                                                            0x011b1ae3
                                                            0x011b1aea
                                                            0x011b1b01
                                                            0x011b1b01
                                                            0x011b1b06
                                                            0x011b1b0b
                                                            0x011b1b0e
                                                            0x011b1b0e
                                                            0x011b1b17
                                                            0x011b1b18
                                                            0x011b1b1b
                                                            0x011b1b1e
                                                            0x011b1b24
                                                            0x00000000
                                                            0x011b1b26
                                                            0x011b1b26
                                                            0x00000000
                                                            0x011b1b26
                                                            0x011b1b24
                                                            0x011b1ae1
                                                            0x011b1ad6
                                                            0x011b1a5d
                                                            0x00000000
                                                            0x011b1a41
                                                            0x011b1b5e
                                                            0x00000000
                                                            0x011b1b5e
                                                            0x011b19ce
                                                            0x011b19ce
                                                            0x011b19de
                                                            0x011b19e3
                                                            0x011b1b63
                                                            0x011b1b63
                                                            0x011b1b64
                                                            0x011b1b6a
                                                            0x011b19cc
                                                            0x011b1b6f
                                                            0x011b19a3
                                                            0x011b19a3
                                                            0x00000000
                                                            0x011b19a3
                                                            0x011b197e
                                                            0x011b197e
                                                            0x011b1983
                                                            0x011b1983
                                                            0x011b1984
                                                            0x011b198a
                                                            0x011b1b70
                                                            0x011b1b75
                                                            0x011b1b7a
                                                            0x011b1b7a
                                                            0x011b1b7d
                                                            0x011b1b82
                                                            0x011b1b87
                                                            0x011b1b87
                                                            0x011b1b8e
                                                            0x011b1b93
                                                            0x011b1b93
                                                            0x011b1b9d

                                                            APIs
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,success,000000FF,?,Type,00000000,?,?,00000000,?,00000001,?), ref: 011B1A58
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,error,000000FF), ref: 011B1A76
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareHeapString$AllocateProcess
                                                            • String ID: Code$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @Type.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$Invalid exit code type: %ls$Type$c:\agent\_work\66\s\src\burn\engine\exeengine.cpp$error$forceReboot$scheduleReboot$success
                                                            • API String ID: 2664528157-2974551199
                                                            • Opcode ID: 0c6286da0bf0cd746a93fd92ef0ca250c9c440a85e91e6372b17325870cf38a0
                                                            • Instruction ID: f4298457036f6ffd2c6466926ff7b3038ff04b489d32b8f67dbca7f1e93e1b2b
                                                            • Opcode Fuzzy Hash: 0c6286da0bf0cd746a93fd92ef0ca250c9c440a85e91e6372b17325870cf38a0
                                                            • Instruction Fuzzy Hash: 17611831A04216FBCB1C9BA5EC94FEEBBB5EF50720F224259F424BB290E7709A00C751
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D78F7 Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 308COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E011D78F7(intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t100;
				int _t101;
				signed int _t103;
				short** _t110;
				int _t111;
				signed int _t113;
				signed int _t122;
				int _t131;
				int _t132;
				int _t133;
				signed int _t142;
				int _t143;
				int _t145;
				int _t148;
				signed int _t156;
				int _t157;
				intOrPtr* _t162;
				signed int _t163;
				signed int _t170;
				short** _t173;
				intOrPtr _t174;
				signed int _t175;

				_t162 = _a12;
				_t170 = 0;
				_t100 = 0;
				_v8 = 0;
				_t173 =  *(_a4 + 0x3c);
				while(_t173 != 0) {
					_t101 = CompareStringW(0x7f, 0,  *_t173, 0xffffffff, L"http://appsyndication.org/2006/appsyn", 0xffffffff);
					__eflags = _t101 - 2;
					if(_t101 != 2) {
						L9:
						_t100 = _v8;
						L10:
						_t173 = _t173[4];
						continue;
					}
					_t131 = CompareStringW(0x7f, 0, _t173[1], 0xffffffff, L"application", 0xffffffff);
					__eflags = _t131 - 2;
					if(_t131 != 2) {
						_t132 = CompareStringW(0x7f, 0, _t173[1], 0xffffffff, L"upgrade", 0xffffffff);
						__eflags = _t132 - 2;
						if(_t132 != 2) {
							_t133 = CompareStringW(0x7f, 0, _t173[1], 0xffffffff, L"version", 0xffffffff);
							__eflags = _t133 - 2;
							if(_t133 != 2) {
								goto L9;
							}
							_a12 = _a12 & 0x00000000;
							_v16 = _v16 & 0x00000000;
							_t170 = E011D4391(_t173[2],  &_a12,  &_v16);
							__eflags = _t170;
							if(__eflags < 0) {
								L54:
								if(__eflags == 0) {
									L56:
									return _t170;
								}
								L55:
								E011D76AC(_t162, _t170, _t162);
								E011BF600(_t170, _t162, 0, 0x40);
								goto L56;
							}
							 *((intOrPtr*)(_t162 + 0x20)) = _v16;
							_t100 = 1;
							 *((intOrPtr*)(_t162 + 0x24)) = _a12;
							_v8 = 1;
							goto L10;
						}
						_t20 = _t162 + 0x18; // 0x2d8
						_t170 = E0119229E(_t20, _t173[2], 0);
						__eflags = _t170;
						if(__eflags < 0) {
							goto L54;
						}
						_t142 = _t173[3];
						while(1) {
							_a12 = _t142;
							__eflags = _t142;
							if(_t142 == 0) {
								break;
							}
							_t22 = _t142 + 4; // 0x700079
							_t143 = CompareStringW(0x7f, 0,  *_t22, 0xffffffff, L"version", 0xffffffff);
							__eflags = _t143 - 2;
							if(_t143 != 2) {
								_t145 = CompareStringW(0x7f, 0,  *(_a12 + 4), 0xffffffff, L"exclusive", 0xffffffff);
								__eflags = _t145 - 2;
								if(_t145 == 2) {
									_t148 = CompareStringW(0x7f, 0,  *(_a12 + 8), 0xffffffff, L"true", 0xffffffff);
									__eflags = _t148 - 2;
									if(_t148 == 2) {
										 *((intOrPtr*)(_t162 + 0x1c)) = 1;
									}
								}
								L25:
								_t142 =  *(_a12 + 0xc);
								continue;
							}
							_v12 = _v12 & 0x00000000;
							_v16 = _v16 & 0x00000000;
							_t170 = E011D4391( *(_a12 + 8),  &_v12,  &_v16);
							__eflags = _t170;
							if(__eflags < 0) {
								goto L54;
							}
							 *(_t162 + 0x28) = _v16;
							 *(_t162 + 0x2c) = _v12;
							goto L25;
						}
						goto L9;
					}
					_t170 = E0119229E(_t162, _t173[2], 0);
					__eflags = _t170;
					if(__eflags < 0) {
						goto L54;
					} else {
						_t156 = _t173[3];
						while(1) {
							_a12 = _t156;
							__eflags = _t156;
							if(_t156 == 0) {
								goto L9;
							}
							_t8 = _t156 + 4; // 0x700079
							_t157 = CompareStringW(0x7f, 0,  *_t8, 0xffffffff, L"type", 0xffffffff);
							__eflags = _t157 - 2;
							if(_t157 != 2) {
								L7:
								_t13 = _a12 + 0xc; // 0x74006e
								_t156 =  *_t13;
								continue;
							}
							_t11 = _t162 + 4; // 0x2c4
							_t170 = E0119229E(_t11,  *(_a12 + 8), 0);
							__eflags = _t170;
							if(__eflags < 0) {
								goto L54;
							}
							goto L7;
						}
						goto L9;
					}
				}
				if( *_t162 != _t173 || _a8 != _t173) {
					if(_t100 != 0) {
						_t102 =  *(_t162 + 0x2c);
						__eflags =  *(_t162 + 0x2c) -  *((intOrPtr*)(_t162 + 0x24));
						if(__eflags < 0) {
							L36:
							_t174 = _a4;
							__eflags =  *(_t174 + 8);
							if( *(_t174 + 8) == 0) {
								L38:
								__eflags =  *(_t174 + 4);
								if( *(_t174 + 4) == 0) {
									L40:
									_t103 =  *(_t174 + 0x1c);
									__eflags = _t103;
									if(_t103 == 0) {
										L45:
										_t102 = E011939DF( *(_t174 + 0x30) << 5, 1);
										 *(_t162 + 0x3c) = _t102;
										__eflags = _t102;
										if(_t102 != 0) {
											_a12 = _a12 & 0x00000000;
											__eflags =  *(_t174 + 0x30);
											if( *(_t174 + 0x30) <= 0) {
												L53:
												__eflags = _t170;
												goto L54;
											}
											_t163 = 0;
											__eflags = 0;
											_a8 = 0;
											do {
												_t110 =  *((intOrPtr*)(_t174 + 0x34)) + _t163;
												_v16 = _t110;
												_t111 = CompareStringW(0x7f, 0,  *_t110, 0xffffffff, L"enclosure", 0xffffffff);
												__eflags = _t111 - 2;
												if(_t111 != 2) {
													goto L52;
												}
												_t170 = E011D7741(_v16, ( *(_t162 + 0x38) << 5) +  *(_t162 + 0x3c));
												__eflags = _t170;
												if(__eflags < 0) {
													goto L54;
												}
												_t175 =  *(_t162 + 0x38);
												_t88 = _t162 + 0x30;
												 *_t88 =  *(_t162 + 0x30) +  *((intOrPtr*)((_t175 << 5) +  *(_t162 + 0x3c) + 8));
												__eflags =  *_t88;
												asm("adc [ebx+0x34], eax");
												_t174 = _a4;
												 *(_t162 + 0x38) = _t175 + 1;
												L52:
												_t113 = _a12 + 1;
												_t163 = _a8 + 0x28;
												_a12 = _t113;
												_a8 = _t163;
												__eflags = _t113 -  *(_t174 + 0x30);
											} while (_t113 <  *(_t174 + 0x30));
											goto L53;
										}
										_t170 = 0x8007000e;
										_push(0x8007000e);
										_push(0x12c);
										L35:
										_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\apuputil.cpp");
										E011938BA(_t102);
										goto L55;
									}
									__eflags =  *_t103;
									if( *_t103 == 0) {
										L43:
										_t122 =  *(_t174 + 0x1c);
										__eflags =  *(_t122 + 8);
										if( *(_t122 + 8) == 0) {
											goto L45;
										}
										_t72 = _t162 + 0x14; // 0x2d4
										_t170 = E0119229E(_t72,  *(_t122 + 8), 0);
										__eflags = _t170;
										if(__eflags < 0) {
											goto L54;
										}
										goto L45;
									}
									_t68 = _t162 + 0x10; // 0x2d0
									_t170 = E0119229E(_t68,  *_t103, 0);
									__eflags = _t170;
									if(__eflags < 0) {
										goto L54;
									}
									goto L43;
								}
								_t66 = _t162 + 0xc; // 0x2cc
								_t170 = E0119229E(_t66,  *(_t174 + 4), 0);
								__eflags = _t170;
								if(__eflags < 0) {
									goto L54;
								}
								goto L40;
							}
							_t63 = _t162 + 8; // 0x2c8
							_t170 = E0119229E(_t63,  *(_t174 + 8), 0);
							__eflags = _t170;
							if(__eflags < 0) {
								goto L54;
							}
							goto L38;
						}
						if(__eflags > 0) {
							L34:
							_t170 = 0x8007000d;
							_push(0x8007000d);
							_push(0x10d);
							goto L35;
						}
						_t102 =  *(_t162 + 0x28);
						__eflags =  *(_t162 + 0x28) -  *((intOrPtr*)(_t162 + 0x20));
						if( *(_t162 + 0x28) <  *((intOrPtr*)(_t162 + 0x20))) {
							goto L36;
						}
						goto L34;
					}
					goto L15;
				} else {
					L15:
					_t170 = 1;
					goto L55;
				}
			}






























                                                            0x011d78fe
                                                            0x011d7906
                                                            0x011d7908
                                                            0x011d790a
                                                            0x011d790d
                                                            0x011d79b1
                                                            0x011d7924
                                                            0x011d792a
                                                            0x011d792d
                                                            0x011d79ab
                                                            0x011d79ab
                                                            0x011d79ae
                                                            0x011d79ae
                                                            0x00000000
                                                            0x011d79ae
                                                            0x011d793f
                                                            0x011d7945
                                                            0x011d7948
                                                            0x011d79e2
                                                            0x011d79e8
                                                            0x011d79eb
                                                            0x011d7aca
                                                            0x011d7ad0
                                                            0x011d7ad3
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7ad9
                                                            0x011d7ae0
                                                            0x011d7af1
                                                            0x011d7af3
                                                            0x011d7af5
                                                            0x011d7c6a
                                                            0x011d7c6a
                                                            0x011d7c7f
                                                            0x011d7c85
                                                            0x011d7c85
                                                            0x011d7c6c
                                                            0x011d7c6d
                                                            0x011d7c77
                                                            0x00000000
                                                            0x011d7c7c
                                                            0x011d7b03
                                                            0x011d7b08
                                                            0x011d7b09
                                                            0x011d7b0c
                                                            0x00000000
                                                            0x011d7b0c
                                                            0x011d79f6
                                                            0x011d79ff
                                                            0x011d7a01
                                                            0x011d7a03
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7a09
                                                            0x011d7aaa
                                                            0x011d7aaa
                                                            0x011d7aad
                                                            0x011d7aaf
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7a1a
                                                            0x011d7a21
                                                            0x011d7a27
                                                            0x011d7a2a
                                                            0x011d7a74
                                                            0x011d7a7a
                                                            0x011d7a7d
                                                            0x011d7a92
                                                            0x011d7a98
                                                            0x011d7a9b
                                                            0x011d7a9d
                                                            0x011d7a9d
                                                            0x011d7a9b
                                                            0x011d7aa4
                                                            0x011d7aa7
                                                            0x00000000
                                                            0x011d7aa7
                                                            0x011d7a2c
                                                            0x011d7a33
                                                            0x011d7a47
                                                            0x011d7a49
                                                            0x011d7a4b
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7a59
                                                            0x011d7a5c
                                                            0x00000000
                                                            0x011d7a5c
                                                            0x00000000
                                                            0x011d7ab5
                                                            0x011d7959
                                                            0x011d795b
                                                            0x011d795d
                                                            0x00000000
                                                            0x011d7963
                                                            0x011d7963
                                                            0x011d79a4
                                                            0x011d79a4
                                                            0x011d79a7
                                                            0x011d79a9
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7971
                                                            0x011d7978
                                                            0x011d797e
                                                            0x011d7981
                                                            0x011d799e
                                                            0x011d79a1
                                                            0x011d79a1
                                                            0x00000000
                                                            0x011d79a1
                                                            0x011d798b
                                                            0x011d7994
                                                            0x011d7996
                                                            0x011d7998
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7998
                                                            0x00000000
                                                            0x011d79a4
                                                            0x011d795d
                                                            0x011d79bb
                                                            0x011d79c4
                                                            0x011d7b14
                                                            0x011d7b17
                                                            0x011d7b1a
                                                            0x011d7b40
                                                            0x011d7b40
                                                            0x011d7b43
                                                            0x011d7b47
                                                            0x011d7b61
                                                            0x011d7b61
                                                            0x011d7b65
                                                            0x011d7b7f
                                                            0x011d7b7f
                                                            0x011d7b82
                                                            0x011d7b84
                                                            0x011d7bc3
                                                            0x011d7bcc
                                                            0x011d7bd1
                                                            0x011d7bd4
                                                            0x011d7bd6
                                                            0x011d7be8
                                                            0x011d7bec
                                                            0x011d7bf0
                                                            0x011d7c68
                                                            0x011d7c68
                                                            0x00000000
                                                            0x011d7c68
                                                            0x011d7bf2
                                                            0x011d7bf2
                                                            0x011d7bf4
                                                            0x011d7bf7
                                                            0x011d7c01
                                                            0x011d7c05
                                                            0x011d7c0e
                                                            0x011d7c14
                                                            0x011d7c17
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7c2b
                                                            0x011d7c2d
                                                            0x011d7c2f
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7c31
                                                            0x011d7c40
                                                            0x011d7c40
                                                            0x011d7c40
                                                            0x011d7c47
                                                            0x011d7c4d
                                                            0x011d7c50
                                                            0x011d7c53
                                                            0x011d7c59
                                                            0x011d7c5a
                                                            0x011d7c5d
                                                            0x011d7c60
                                                            0x011d7c63
                                                            0x011d7c63
                                                            0x00000000
                                                            0x011d7bf7
                                                            0x011d7bd8
                                                            0x011d7bdd
                                                            0x011d7bde
                                                            0x011d7b31
                                                            0x011d7b31
                                                            0x011d7b36
                                                            0x00000000
                                                            0x011d7b36
                                                            0x011d7b86
                                                            0x011d7b89
                                                            0x011d7ba2
                                                            0x011d7ba2
                                                            0x011d7ba5
                                                            0x011d7ba9
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7bb0
                                                            0x011d7bb9
                                                            0x011d7bbb
                                                            0x011d7bbd
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7bbd
                                                            0x011d7b8f
                                                            0x011d7b98
                                                            0x011d7b9a
                                                            0x011d7b9c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7b9c
                                                            0x011d7b6c
                                                            0x011d7b75
                                                            0x011d7b77
                                                            0x011d7b79
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7b79
                                                            0x011d7b4e
                                                            0x011d7b57
                                                            0x011d7b59
                                                            0x011d7b5b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7b5b
                                                            0x011d7b1c
                                                            0x011d7b26
                                                            0x011d7b26
                                                            0x011d7b2b
                                                            0x011d7b2c
                                                            0x00000000
                                                            0x011d7b2c
                                                            0x011d7b1e
                                                            0x011d7b21
                                                            0x011d7b24
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7b24
                                                            0x00000000
                                                            0x011d79ca
                                                            0x011d79ca
                                                            0x011d79cc
                                                            0x00000000
                                                            0x011d79cc

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,00000410), ref: 011D7924
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 011D793F
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 011D79E2
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00700079,000000FF,version,000000FF,000002D8,011DA518,00000000), ref: 011D7A21
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 011D7A74
                                                            • CompareStringW.KERNEL32(0000007F,00000000,011DA518,000000FF,true,000000FF), ref: 011D7A92
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 011D7ACA
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 011D7C0E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: application$c:\agent\_work\66\s\src\libs\dutil\apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                            • API String ID: 1825529933-3624447555
                                                            • Opcode ID: 28bb29168046b5a99a67568b9ac162e768162f54fe8ebb3d77aebcf33e806018
                                                            • Instruction ID: 1d1245e5cb729f6c12f26b573891b28d1d42d378b90b27a6728d4d02abec7bc3
                                                            • Opcode Fuzzy Hash: 28bb29168046b5a99a67568b9ac162e768162f54fe8ebb3d77aebcf33e806018
                                                            • Instruction Fuzzy Hash: C7B19E71604202AFDF29DF68CC81F5A7BA5AF44738F258659FA35AB2D5D770E840CB00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B9B0F Relevance: 31.7, APIs: 4, Strings: 14, Instructions: 232threadCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 72%
                                                            			E011B9B0F(void* _a4, intOrPtr* _a8, void* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				long _v8;
				HANDLE* _v12;
				char _v16;
				char _v20;
				HANDLE* _v24;
				void* _v28;
				signed int _t67;
				intOrPtr* _t81;
				long _t82;

				_t82 = 0;
				_v28 = 0;
				_t81 = _a8;
				_v8 = 0;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				 *((intOrPtr*)(_a16 + 4)) = 0;
				while(1) {
					L1:
					_t67 =  *_t81 - 1;
					if(_t67 > 0xd) {
						break;
					}
					switch( *((intOrPtr*)(_t67 * 4 +  &M011B9D9F))) {
						case 0:
							_t77 = _a24;
							goto L28;
						case 1:
							__eax =  *(__edi + 8);
							__esi = _a12;
							_v28 =  *(__edi + 8);
							 &_v28 = 0;
							_v24 = __esi;
							__eflags = __esi;
							0 | __eflags != 0x00000000 = (__eflags != 0) + 1;
							__eax = WaitForMultipleObjects((__eflags != 0) + 1,  &_v28, 0, 0xffffffff);
							__eflags = __eax;
							if(__eax != 0) {
								__eflags = __eax - 1;
								if(__eax == 1) {
									__eax =  &_v8;
									__eax = GetExitCodeThread(__esi,  &_v8);
									__eflags = __eax;
									if(__eax != 0) {
										__eax = _v8;
										__eflags = _v8;
										if(_v8 >= 0) {
											__eax = 0x8000ffff;
											_v8 = 0x8000ffff;
										}
										_push("Cache thread exited unexpectedly.");
										L51:
										_push(0x8000ffff);
									} else {
										__eax = GetLastError();
										__eflags = __eax;
										if(__eax > 0) {
											__eax = __ax & 0x0000ffff;
											__eax = __ax & 0x0000ffff | 0x80070000;
											__eflags = __eax;
										}
										_v8 = __eax;
										__eflags = __eax;
										if(__eax >= 0) {
											__eax = 0x80004005;
											_v8 = 0x80004005;
										}
										__eax = E011938BA(__eax, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\apply.cpp", 0x654, __eax);
										_push("Failed to get cache thread exit code.");
										goto L40;
									}
								} else {
									__eax = GetLastError();
									__eflags = __eax;
									if(__eax > 0) {
										__eax = __ax & 0x0000ffff;
										__eax = __ax & 0x0000ffff | 0x80070000;
										__eflags = __eax;
									}
									_v8 = __eax;
									__eflags = __eax;
									if(__eax >= 0) {
										__eax = 0x80004005;
										_v8 = 0x80004005;
									}
									__eax = E011938BA(__eax, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\apply.cpp", 0x65f, __eax);
									_push("Failed to wait for cache check-point.");
									L40:
									_push(_v8);
								}
								goto L52;
							} else {
								__esi = _v8;
								goto L6;
							}
							goto L53;
						case 2:
							goto L50;
						case 3:
							 &_v20 =  &_v16;
							__esi = E011BA218(__ebx, __edi, __ecx, 0,  &_v16, _a32,  &_v20);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute EXE package.");
								goto L9;
							}
							goto L53;
						case 4:
							 &_v20 =  &_v16;
							__esi = E011BA40C(__ebx, __edi, __ecx, 0,  &_v16, _a32,  &_v20);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute MSI package.");
								goto L9;
							}
							goto L53;
						case 5:
							 &_v20 =  &_v16;
							__esi = E011BA569(__ecx, __ebx, __edi, __ecx, 0,  &_v16, _a32,  &_v20);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute MSP package.");
								goto L9;
							}
							goto L53;
						case 6:
							 &_v20 =  &_v16;
							__eax = E011BA726(__ebx, __edi, __ecx, 0, __edx,  &_v16, _a32,  &_v20);
							__edx = _v16;
							__esi = __eax;
							_v8 = __esi;
							_v12 = _v16;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L29;
							} else {
								_push("Failed to execute MSU package.");
								goto L9;
							}
							goto L53;
						case 7:
							_push(__ecx);
							__esi = E011BA9F6(__ebx, __edi);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute package provider registration action.");
								goto L9;
							}
							goto L53;
						case 8:
							_push(__ecx);
							__esi = E011BA16E(__ebx, __edi);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								L6:
								__edx = _v12;
								goto L29;
							} else {
								_push("Failed to execute dependency action.");
								goto L9;
							}
							goto L53;
						case 9:
							__ecx = _a20;
							goto L28;
						case 0xa:
							__ecx = _a28;
							L28:
							 *_t77 =  *((intOrPtr*)(_t81 + 8));
							goto L29;
						case 0xb:
							__eax =  *(__edi + 8);
							__esi = 0;
							__eflags =  *( *(__edi + 8) + 0x14);
							if(__eflags != 0) {
								__esi = E011ADCCE(__ecx, __eflags,  *((intOrPtr*)(__ebx + 0x4b0)), __edi);
								__eflags = __esi;
								if(__esi < 0) {
									_push("Failed to load compatible package on per-machine package.");
									_push(__esi);
									__eax = E011CFB09();
									_pop(__ecx);
									_pop(__ecx);
								}
								__edx = _v12;
							}
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								L29:
								_t78 = _a36;
								_t72 = _v20;
								if( *_t78 < _t72) {
									 *_t78 = _t72;
								}
								if(_v16 != 0 &&  *_t78 < 2) {
									goto L1;
								}
							} else {
								_push("Failed to execute compatible package action.");
								L9:
								_push(__esi);
								L52:
								E011CFB09();
								_t82 = _v8;
							}
							L53:
							return _t82;
					}
				}
				L50:
				_v8 = 0x8000ffff;
				_push("Invalid execute action.");
				goto L51;
			}












                                                            0x011b9b21
                                                            0x011b9b23
                                                            0x011b9b27
                                                            0x011b9b2a
                                                            0x011b9b2d
                                                            0x011b9b30
                                                            0x011b9b33
                                                            0x011b9b36
                                                            0x011b9b39
                                                            0x011b9b3c
                                                            0x011b9b3c
                                                            0x011b9b3e
                                                            0x011b9b42
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9b48
                                                            0x00000000
                                                            0x011b9b4f
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9b57
                                                            0x011b9b5a
                                                            0x011b9b5d
                                                            0x011b9b68
                                                            0x011b9b6a
                                                            0x011b9b6d
                                                            0x011b9b72
                                                            0x011b9b74
                                                            0x011b9b7a
                                                            0x011b9b7c
                                                            0x011b9cdf
                                                            0x011b9ce2
                                                            0x011b9d1f
                                                            0x011b9d24
                                                            0x011b9d2a
                                                            0x011b9d2c
                                                            0x011b9d66
                                                            0x011b9d69
                                                            0x011b9d6b
                                                            0x011b9d6d
                                                            0x011b9d72
                                                            0x011b9d72
                                                            0x011b9d75
                                                            0x011b9d89
                                                            0x011b9d89
                                                            0x011b9d2e
                                                            0x011b9d2e
                                                            0x011b9d34
                                                            0x011b9d36
                                                            0x011b9d38
                                                            0x011b9d3b
                                                            0x011b9d3b
                                                            0x011b9d3b
                                                            0x011b9d40
                                                            0x011b9d43
                                                            0x011b9d45
                                                            0x011b9d47
                                                            0x011b9d4c
                                                            0x011b9d4c
                                                            0x011b9d5a
                                                            0x011b9d5f
                                                            0x00000000
                                                            0x011b9d5f
                                                            0x011b9ce4
                                                            0x011b9ce4
                                                            0x011b9cea
                                                            0x011b9cec
                                                            0x011b9cee
                                                            0x011b9cf1
                                                            0x011b9cf1
                                                            0x011b9cf1
                                                            0x011b9cf6
                                                            0x011b9cf9
                                                            0x011b9cfb
                                                            0x011b9cfd
                                                            0x011b9d02
                                                            0x011b9d02
                                                            0x011b9d10
                                                            0x011b9d15
                                                            0x011b9d1a
                                                            0x011b9d1a
                                                            0x011b9d1a
                                                            0x00000000
                                                            0x011b9b82
                                                            0x011b9b82
                                                            0x00000000
                                                            0x011b9b82
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9b94
                                                            0x011b9ba2
                                                            0x011b9ba4
                                                            0x011b9ba7
                                                            0x011b9ba9
                                                            0x00000000
                                                            0x011b9bab
                                                            0x011b9bab
                                                            0x00000000
                                                            0x011b9bab
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9bbd
                                                            0x011b9bcb
                                                            0x011b9bcd
                                                            0x011b9bd0
                                                            0x011b9bd2
                                                            0x00000000
                                                            0x011b9bd4
                                                            0x011b9bd4
                                                            0x00000000
                                                            0x011b9bd4
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9be2
                                                            0x011b9bf0
                                                            0x011b9bf2
                                                            0x011b9bf5
                                                            0x011b9bf7
                                                            0x00000000
                                                            0x011b9bf9
                                                            0x011b9bf9
                                                            0x00000000
                                                            0x011b9bf9
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9c07
                                                            0x011b9c11
                                                            0x011b9c16
                                                            0x011b9c19
                                                            0x011b9c1b
                                                            0x011b9c1e
                                                            0x011b9c21
                                                            0x011b9c23
                                                            0x00000000
                                                            0x011b9c29
                                                            0x011b9c29
                                                            0x00000000
                                                            0x011b9c29
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9c30
                                                            0x011b9c38
                                                            0x011b9c3a
                                                            0x011b9c3d
                                                            0x011b9c3f
                                                            0x00000000
                                                            0x011b9c45
                                                            0x011b9c45
                                                            0x00000000
                                                            0x011b9c45
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9c4f
                                                            0x011b9c57
                                                            0x011b9c59
                                                            0x011b9c5c
                                                            0x011b9c5e
                                                            0x011b9b85
                                                            0x011b9b85
                                                            0x00000000
                                                            0x011b9c64
                                                            0x011b9c64
                                                            0x00000000
                                                            0x011b9c64
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9cb0
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9cab
                                                            0x011b9cb3
                                                            0x011b9cb6
                                                            0x00000000
                                                            0x00000000
                                                            0x011b9c6e
                                                            0x011b9c71
                                                            0x011b9c73
                                                            0x011b9c76
                                                            0x011b9c84
                                                            0x011b9c86
                                                            0x011b9c88
                                                            0x011b9c8a
                                                            0x011b9c8f
                                                            0x011b9c90
                                                            0x011b9c95
                                                            0x011b9c96
                                                            0x011b9c96
                                                            0x011b9c97
                                                            0x011b9c97
                                                            0x011b9c9a
                                                            0x011b9c9d
                                                            0x011b9c9f
                                                            0x011b9cb8
                                                            0x011b9cb8
                                                            0x011b9cbb
                                                            0x011b9cc0
                                                            0x011b9cc2
                                                            0x011b9cc2
                                                            0x011b9cc8
                                                            0x00000000
                                                            0x011b9cd7
                                                            0x011b9ca1
                                                            0x011b9ca1
                                                            0x011b9bb0
                                                            0x011b9bb0
                                                            0x011b9d8a
                                                            0x011b9d8a
                                                            0x011b9d8f
                                                            0x011b9d93
                                                            0x011b9d95
                                                            0x011b9d9a
                                                            0x00000000
                                                            0x011b9b48
                                                            0x011b9d7c
                                                            0x011b9d81
                                                            0x011b9d84
                                                            0x00000000

                                                            APIs
                                                            • WaitForMultipleObjects.KERNEL32(00000001,011BB978,00000000,000000FF,00000001,00000000,00000000,011BB978,00000001,?), ref: 011B9B74
                                                            • GetLastError.KERNEL32 ref: 011B9CE4
                                                            • GetExitCodeThread.KERNEL32(?,00000001), ref: 011B9D24
                                                            • GetLastError.KERNEL32 ref: 011B9D2E
                                                            Strings
                                                            • Failed to execute dependency action., xrefs: 011B9C64
                                                            • Failed to execute compatible package action., xrefs: 011B9CA1
                                                            • Failed to load compatible package on per-machine package., xrefs: 011B9C8A
                                                            • Failed to execute MSI package., xrefs: 011B9BD4
                                                            • Failed to execute EXE package., xrefs: 011B9BAB
                                                            • Failed to execute MSU package., xrefs: 011B9C29
                                                            • Invalid execute action., xrefs: 011B9D84
                                                            • Failed to execute package provider registration action., xrefs: 011B9C45
                                                            • c:\agent\_work\66\s\src\burn\engine\apply.cpp, xrefs: 011B9D0B, 011B9D55
                                                            • @Mqt, xrefs: 011B9CE4, 011B9D2E
                                                            • Failed to get cache thread exit code., xrefs: 011B9D5F
                                                            • Cache thread exited unexpectedly., xrefs: 011B9D75
                                                            • Failed to execute MSP package., xrefs: 011B9BF9
                                                            • Failed to wait for cache check-point., xrefs: 011B9D15
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                            • String ID: @Mqt$Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$c:\agent\_work\66\s\src\burn\engine\apply.cpp
                                                            • API String ID: 3703294532-731265450
                                                            • Opcode ID: 5cf1dca8249d3007ef2a5c2b48417ea8e3fb0badd9f92df94728cf4bc44d5f8f
                                                            • Instruction ID: 9f9f1c3ad9c05c9614fdab3c8a827cbb4a067a151b31c7d86faebea9233f2fd6
                                                            • Opcode Fuzzy Hash: 5cf1dca8249d3007ef2a5c2b48417ea8e3fb0badd9f92df94728cf4bc44d5f8f
                                                            • Instruction Fuzzy Hash: 137160B1A4161AEFDB19DFA5C984EEE7BF8EF45718F114159FA04E7240E3309E018B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D6FC4 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 76%
                                                            			E011D6FC4(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				int _t77;
				void* _t85;
				int _t93;
				int _t94;
				int _t95;
				int _t98;
				void* _t103;
				intOrPtr* _t106;
				int _t108;
				int _t109;
				int _t110;
				intOrPtr _t113;
				int _t115;

				_t106 = _a4;
				_t107 =  &_v20;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t115 =  *((intOrPtr*)( *_t106 + 0x44))(_t106,  &_v20);
				if(_t115 < 0) {
					L37:
					__eflags = _v8;
					if(_v8 != 0) {
						__imp__#6(_v8);
					}
					_t108 = _v12;
					__eflags = _t108;
					if(_t108 != 0) {
						 *((intOrPtr*)( *_t108 + 8))(_t108);
					}
					_t109 = _v16;
					__eflags = _t109;
					if(_t109 != 0) {
						 *((intOrPtr*)( *_t109 + 8))(_t109);
					}
					_t110 = _v20;
					__eflags = _t110;
					if(_t110 != 0) {
						 *((intOrPtr*)( *_t110 + 8))(_t110);
					}
					return _t115;
				} else {
					_t77 = E011D305B( &_v20, _v20,  &_v12,  &_v8);
					_t113 = _a8;
					while(1) {
						_t115 = _t77;
						if(_t115 != 0) {
							break;
						}
						if(CompareStringW(0x7f, _t77, _v8, 0xffffffff, L"rel", 0xffffffff) != 2) {
							_t93 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"href", 0xffffffff);
							__eflags = _t93 - 2;
							if(_t93 != 2) {
								_t94 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"length", 0xffffffff);
								__eflags = _t94 - 2;
								if(_t94 != 2) {
									_t95 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
									__eflags = _t95 - 2;
									if(_t95 != 2) {
										__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"type", 0xffffffff) - 2;
										if(__eflags != 0) {
											_t98 = E011D71DB(_t106, __eflags, _v12, _t113 + 0x20);
											L17:
											_t115 = _t98;
											L18:
											if(_t115 < 0) {
												L36:
												goto L37;
											}
											if(_v8 != 0) {
												__imp__#6(_v8);
												_v8 = _v8 & 0x00000000;
											}
											_t107 = _v12;
											if(_t107 != 0) {
												 *((intOrPtr*)( *_t107 + 8))(_t107);
												_v12 = _v12 & 0x00000000;
											}
											_t77 = E011D305B(_t107, _v20,  &_v12,  &_v8);
											continue;
										}
										_t103 = _t113 + 8;
										L8:
										_push(_v12);
										_push(_t103);
										L5:
										_t98 = E011D60FB(_t107);
										goto L17;
									}
									_t103 = _t113 + 4;
									goto L8;
								}
								_t115 = E011D2C2F(_t106, _v8, _t113 + 0x18);
								__eflags = _t115 - 0x80070057;
								if(_t115 == 0x80070057) {
									_t115 = _t115 + 0xffffffb6;
								}
								goto L18;
							}
							_t103 = _t113 + 0xc;
							goto L8;
						}
						_push(_v12);
						_push(_t113);
						goto L5;
					}
					if(__eflags < 0) {
						goto L36;
					}
					_t111 =  &_v16;
					_t115 =  *((intOrPtr*)( *_t106 + 0x30))(_t106,  &_v16);
					__eflags = _t115;
					if(_t115 < 0) {
						goto L36;
					}
					_t115 = E011D30E2( &_v16, _v16,  &_v12,  &_v8);
					__eflags = _t115;
					if(__eflags != 0) {
						L34:
						if(__eflags >= 0) {
							_t115 = E011D60FB(_t111, _t113 + 0x10, _t106);
						}
						goto L36;
					}
					_t85 = _t113 + 0x24;
					while(1) {
						_t115 = E011D72DE(_t106, __eflags, _v12, _t85);
						__eflags = _t115;
						if(_t115 < 0) {
							goto L36;
						}
						__eflags = _v8;
						if(_v8 != 0) {
							__imp__#6(_v8);
							_t46 =  &_v8;
							 *_t46 = _v8 & 0x00000000;
							__eflags =  *_t46;
						}
						_t111 = _v12;
						__eflags = _t111;
						if(_t111 != 0) {
							 *((intOrPtr*)( *_t111 + 8))(_t111);
							_t50 =  &_v12;
							 *_t50 = _v12 & 0x00000000;
							__eflags =  *_t50;
						}
						_t115 = E011D30E2(_t111, _v16,  &_v12,  &_v8);
						_t85 = _t113 + 0x24;
						__eflags = _t115;
						if(__eflags == 0) {
							continue;
						} else {
							goto L34;
						}
					}
					goto L36;
				}
			}





















                                                            0x011d6fcb
                                                            0x011d6fce
                                                            0x011d6fd4
                                                            0x011d6fd7
                                                            0x011d6fda
                                                            0x011d6fdd
                                                            0x011d6fe7
                                                            0x011d6feb
                                                            0x011d719d
                                                            0x011d719d
                                                            0x011d71a1
                                                            0x011d71a6
                                                            0x011d71a6
                                                            0x011d71ac
                                                            0x011d71af
                                                            0x011d71b1
                                                            0x011d71b6
                                                            0x011d71b6
                                                            0x011d71b9
                                                            0x011d71bc
                                                            0x011d71be
                                                            0x011d71c3
                                                            0x011d71c3
                                                            0x011d71c6
                                                            0x011d71c9
                                                            0x011d71cb
                                                            0x011d71d0
                                                            0x011d71d0
                                                            0x011d71d8
                                                            0x011d6ff1
                                                            0x011d6ffd
                                                            0x011d7002
                                                            0x011d7005
                                                            0x011d7005
                                                            0x011d7009
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7029
                                                            0x011d7049
                                                            0x011d704b
                                                            0x011d704e
                                                            0x011d7069
                                                            0x011d706b
                                                            0x011d706e
                                                            0x011d709c
                                                            0x011d709e
                                                            0x011d70a1
                                                            0x011d70ba
                                                            0x011d70bd
                                                            0x011d70cb
                                                            0x011d70d0
                                                            0x011d70d0
                                                            0x011d70d2
                                                            0x011d70d4
                                                            0x011d719c
                                                            0x00000000
                                                            0x011d719c
                                                            0x011d70de
                                                            0x011d70e3
                                                            0x011d70e9
                                                            0x011d70e9
                                                            0x011d70ed
                                                            0x011d70f2
                                                            0x011d70f7
                                                            0x011d70fa
                                                            0x011d70fa
                                                            0x011d7109
                                                            0x00000000
                                                            0x011d7109
                                                            0x011d70bf
                                                            0x011d7053
                                                            0x011d7053
                                                            0x011d7056
                                                            0x011d702f
                                                            0x011d702f
                                                            0x00000000
                                                            0x011d702f
                                                            0x011d70a3
                                                            0x00000000
                                                            0x011d70a3
                                                            0x011d707d
                                                            0x011d707f
                                                            0x011d7085
                                                            0x011d7087
                                                            0x011d7087
                                                            0x00000000
                                                            0x011d7085
                                                            0x011d7050
                                                            0x00000000
                                                            0x011d7050
                                                            0x011d702b
                                                            0x011d702e
                                                            0x00000000
                                                            0x011d702e
                                                            0x011d7113
                                                            0x00000000
                                                            0x00000000
                                                            0x011d711b
                                                            0x011d7123
                                                            0x011d7125
                                                            0x011d7127
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7139
                                                            0x011d713b
                                                            0x011d713d
                                                            0x011d718e
                                                            0x011d718e
                                                            0x011d719a
                                                            0x011d719a
                                                            0x00000000
                                                            0x011d718e
                                                            0x011d713f
                                                            0x011d7142
                                                            0x011d714b
                                                            0x011d714d
                                                            0x011d714f
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7151
                                                            0x011d7155
                                                            0x011d715a
                                                            0x011d7160
                                                            0x011d7160
                                                            0x011d7160
                                                            0x011d7160
                                                            0x011d7164
                                                            0x011d7167
                                                            0x011d7169
                                                            0x011d716e
                                                            0x011d7171
                                                            0x011d7171
                                                            0x011d7171
                                                            0x011d7171
                                                            0x011d7185
                                                            0x011d7187
                                                            0x011d718a
                                                            0x011d718c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d718c
                                                            0x00000000
                                                            0x011d7142

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,rel,000000FF,?,?,?,00000000), ref: 011D7024
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,href,000000FF), ref: 011D7049
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,length,000000FF), ref: 011D7069
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 011D709C
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,type,000000FF), ref: 011D70B8
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D70E3
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D715A
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D71A6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$Compare$Free
                                                            • String ID: comres.dll$feclient.dll$href$length$msasn1.dll$msi.dll$rel$title$type$version.dll
                                                            • API String ID: 318886736-3944986760
                                                            • Opcode ID: 16aefc2ff1c5e741d0faa5be0be29f05013f900445ea7d7c034d304ff1b9185c
                                                            • Instruction ID: b1889614dbe308b74499750ae983881fec9d1c94ffb2fdeca6af6380e423616d
                                                            • Opcode Fuzzy Hash: 16aefc2ff1c5e741d0faa5be0be29f05013f900445ea7d7c034d304ff1b9185c
                                                            • Instruction Fuzzy Hash: 47617335905219FBDB19DBA8CC44FAEBBB9BF05324F2043A5E621B71D0D731AA40DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BC96F Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 173processCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 56%
                                                            			E011BC96F(void* __edx, void* __eflags, WCHAR* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				int _v8;
				int _v12;
				struct _PROCESS_INFORMATION _v28;
				intOrPtr _v36;
				void* _v40;
				long _v44;
				char _v48;
				void _v52;
				int _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				struct _STARTUPINFOW _v136;
				void* __ebx;
				void* __edi;
				signed short _t69;
				signed short _t71;
				signed short _t74;
				long _t94;
				signed int _t95;
				void* _t99;
				void* _t100;
				signed short _t109;

				_t99 = __edx;
				_t94 = GetCurrentProcessId();
				_v8 = 0;
				_v12 = 0;
				E011BF600(_t100,  &_v136, 0, 0x44);
				_v60 = 0;
				_v56 = 0;
				asm("stosd");
				asm("stosd");
				_t95 = 6;
				asm("stosd");
				asm("stosd");
				memset( &_v52, 0, _t95 << 2);
				E011A4C89( &_v52);
				_v68 = _a12;
				_v64 = _a16;
				if(E011A4D1A(_t94, _t99,  &_v52,  &_v48) >= 0) {
					_t69 = E011A4E6A( &_v52, 0,  &_v8);
					__eflags = _t69;
					if(_t69 >= 0) {
						_push(_t94);
						_push(_v48);
						_push(_v52);
						_push(L"burn.embedded");
						_t71 = E01192064( &_v12, L"%ls -%ls %ls %ls %u", _a8);
						__eflags = _t71;
						if(_t71 >= 0) {
							_t74 = CreateProcessW(_a4, _v12, 0, 0, 1, 0x8000000, 0, 0,  &_v136,  &_v28);
							__eflags = _t74;
							if(_t74 != 0) {
								_v44 = GetProcessId(_v28.hProcess);
								_v28.hProcess = _v28.hProcess & 0x00000000;
								_v40 = _v28.hProcess;
								_t109 = E011A545D( &_v52);
								__eflags = _t109;
								if(_t109 >= 0) {
									_t109 = E011A5132(0, _v36, 0x11bc8cf,  &_v68,  &_v60);
									__eflags = _t109;
									if(_t109 >= 0) {
										_t109 = E011D02EC(_v40, 0xffffffff, _a20);
										__eflags = _t109;
										if(_t109 < 0) {
											_push(_a4);
											_push("Failed to wait for embedded executable: %ls");
											goto L19;
										}
									} else {
										_push("Failed to process messages from embedded message.");
										goto L2;
									}
								} else {
									_push("Failed to wait for embedded process to connect to pipe.");
									goto L2;
								}
							} else {
								_t109 = GetLastError();
								__eflags = _t109;
								if(__eflags > 0) {
									_t109 = _t109 & 0x0000ffff | 0x80070000;
									__eflags = _t109;
								}
								if(__eflags >= 0) {
									_t109 = 0x80004005;
								}
								E011938BA(_t92, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\embedded.cpp", 0x4c, _t109);
								_push(_a4);
								_push("Failed to create embedded process at path: %ls");
								L19:
								_push(_t109);
								E011CFB09();
							}
						} else {
							_push("Failed to allocate embedded command.");
							goto L2;
						}
					} else {
						_push("Failed to create embedded pipe.");
						goto L2;
					}
				} else {
					_push("Failed to create embedded pipe name and client token.");
					L2:
					_push(_t109);
					E011CFB09();
				}
				if(_v28.hThread != 0) {
					CloseHandle(_v28.hThread);
					_v28.hThread = _v28.hThread & 0x00000000;
				}
				if(_v28.hProcess != 0) {
					CloseHandle(_v28.hProcess);
					_v28.hProcess = _v28 & 0x00000000;
				}
				E0119287D(_v12);
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _v8 & 0x00000000;
				}
				E011A4CA8( &_v52);
				return _t109;
			}


























                                                            0x011bc96f
                                                            0x011bc983
                                                            0x011bc98d
                                                            0x011bc992
                                                            0x011bc995
                                                            0x011bc99c
                                                            0x011bc9a2
                                                            0x011bc9a5
                                                            0x011bc9a9
                                                            0x011bc9ac
                                                            0x011bc9ad
                                                            0x011bc9ae
                                                            0x011bc9b4
                                                            0x011bc9ba
                                                            0x011bc9c2
                                                            0x011bc9c8
                                                            0x011bc9dc
                                                            0x011bc9fa
                                                            0x011bca01
                                                            0x011bca03
                                                            0x011bca0c
                                                            0x011bca0d
                                                            0x011bca13
                                                            0x011bca16
                                                            0x011bca24
                                                            0x011bca2e
                                                            0x011bca30
                                                            0x011bca59
                                                            0x011bca5f
                                                            0x011bca61
                                                            0x011bcaa1
                                                            0x011bcaa7
                                                            0x011bcaab
                                                            0x011bcab7
                                                            0x011bcab9
                                                            0x011bcabb
                                                            0x011bcadc
                                                            0x011bcade
                                                            0x011bcae0
                                                            0x011bcaf9
                                                            0x011bcafb
                                                            0x011bcafd
                                                            0x011bcaff
                                                            0x011bcb02
                                                            0x00000000
                                                            0x011bcb02
                                                            0x011bcae2
                                                            0x011bcae2
                                                            0x00000000
                                                            0x011bcae2
                                                            0x011bcabd
                                                            0x011bcabd
                                                            0x00000000
                                                            0x011bcabd
                                                            0x011bca63
                                                            0x011bca69
                                                            0x011bca6b
                                                            0x011bca6d
                                                            0x011bca72
                                                            0x011bca78
                                                            0x011bca78
                                                            0x011bca7a
                                                            0x011bca7c
                                                            0x011bca7c
                                                            0x011bca89
                                                            0x011bca8e
                                                            0x011bca91
                                                            0x011bcb07
                                                            0x011bcb07
                                                            0x011bcb08
                                                            0x011bcb0d
                                                            0x011bca32
                                                            0x011bca32
                                                            0x00000000
                                                            0x011bca32
                                                            0x011bca05
                                                            0x011bca05
                                                            0x00000000
                                                            0x011bca05
                                                            0x011bc9de
                                                            0x011bc9de
                                                            0x011bc9e3
                                                            0x011bc9e3
                                                            0x011bc9e4
                                                            0x011bc9ea
                                                            0x011bcb1a
                                                            0x011bcb1f
                                                            0x011bcb21
                                                            0x011bcb21
                                                            0x011bcb29
                                                            0x011bcb2e
                                                            0x011bcb30
                                                            0x011bcb30
                                                            0x011bcb37
                                                            0x011bcb40
                                                            0x011bcb45
                                                            0x011bcb47
                                                            0x011bcb47
                                                            0x011bcb4f
                                                            0x011bcb5a

                                                            APIs
                                                            • GetCurrentProcessId.KERNEL32(747161D0,00000000,00000000), ref: 011BC97B
                                                              • Part of subcall function 011A4D1A: UuidCreate.RPCRT4(?), ref: 011A4D4D
                                                            • CreateProcessW.KERNEL32 ref: 011BCA59
                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 011BCA63
                                                            • GetProcessId.KERNEL32(011B219D,?,?,00000000,?,?,?,?), ref: 011BCA9B
                                                              • Part of subcall function 011A545D: lstrlenW.KERNEL32(?,?,00000000,?,011DA500,?,00000000,?,0119457C,?,011DA500), ref: 011A547E
                                                              • Part of subcall function 011A545D: GetCurrentProcessId.KERNEL32(?,0119457C,?,011DA500), ref: 011A5489
                                                              • Part of subcall function 011A545D: SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0119457C,?,011DA500), ref: 011A54C0
                                                              • Part of subcall function 011A545D: ConnectNamedPipe.KERNEL32(?,00000000,?,0119457C,?,011DA500), ref: 011A54D5
                                                              • Part of subcall function 011A545D: GetLastError.KERNEL32(?,0119457C,?,011DA500), ref: 011A54DF
                                                              • Part of subcall function 011A545D: Sleep.KERNEL32(00000064,?,0119457C,?,011DA500), ref: 011A5514
                                                              • Part of subcall function 011A545D: SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0119457C,?,011DA500), ref: 011A5537
                                                              • Part of subcall function 011A545D: WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0119457C,?,011DA500), ref: 011A5552
                                                              • Part of subcall function 011A545D: WriteFile.KERNEL32(?,0119457C,011DA500,00000000,00000000,?,0119457C,?,011DA500), ref: 011A556D
                                                              • Part of subcall function 011A545D: WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,0119457C,?,011DA500), ref: 011A5588
                                                              • Part of subcall function 011D02EC: WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,01194F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?), ref: 011D02F8
                                                              • Part of subcall function 011D02EC: GetLastError.KERNEL32(?,01194F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 011D0306
                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,011BC8CF,?,?,?,?,?,00000000,?,?,?,?), ref: 011BCB1F
                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,011BC8CF,?,?,?,?,?,00000000,?,?,?,?), ref: 011BCB2E
                                                            • CloseHandle.KERNEL32(00000000,?,?,000000FF,00000000,?,011BC8CF,?,?,?,?,?,00000000,?,?,?), ref: 011BCB45
                                                            Strings
                                                            • Failed to create embedded process at path: %ls, xrefs: 011BCA91
                                                            • burn.embedded, xrefs: 011BCA16
                                                            • %ls -%ls %ls %ls %u, xrefs: 011BCA1E
                                                            • Failed to allocate embedded command., xrefs: 011BCA32
                                                            • Failed to process messages from embedded message., xrefs: 011BCAE2
                                                            • Failed to wait for embedded process to connect to pipe., xrefs: 011BCABD
                                                            • Failed to create embedded pipe., xrefs: 011BCA05
                                                            • @Mqt, xrefs: 011BCA63
                                                            • c:\agent\_work\66\s\src\burn\engine\embedded.cpp, xrefs: 011BCA84
                                                            • Failed to create embedded pipe name and client token., xrefs: 011BC9DE
                                                            • Failed to wait for embedded executable: %ls, xrefs: 011BCB02
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Handle$Process$CloseErrorFileLastNamedPipeWrite$CreateCurrentState$ConnectObjectSingleSleepUuidWaitlstrlen
                                                            • String ID: %ls -%ls %ls %ls %u$@Mqt$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$c:\agent\_work\66\s\src\burn\engine\embedded.cpp
                                                            • API String ID: 875070380-3351275494
                                                            • Opcode ID: 7d7a0bb3f60ecc41ecb7a961148ad891f03bf4b187b730e6884633726af3df2d
                                                            • Instruction ID: e0ab0f9b9d72ba775a40115d150bf1023d83385ab3bf7e6df84a7bebdc3c0d56
                                                            • Opcode Fuzzy Hash: 7d7a0bb3f60ecc41ecb7a961148ad891f03bf4b187b730e6884633726af3df2d
                                                            • Instruction Fuzzy Hash: CA519F72D4162ABBDF1AEAE4DC85FEEBBB8AF04750F100125FA00B6150E7749A458BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119F1BA Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 182registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E0119F1BA(void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				short* _v16;
				char _v20;
				char _v24;
				void* __ebx;
				signed int _t54;
				signed int _t57;
				void* _t67;
				void* _t68;
				void* _t69;
				signed int _t72;
				signed short _t77;
				intOrPtr _t78;
				signed int _t79;

				_t78 = _a4;
				_v8 = 0;
				_v12 = 0;
				_v16 = L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce";
				_v20 = 0;
				_v24 = 0;
				_push(E011A3D0C( *((intOrPtr*)(_t78 + 8))));
				_push(E011A3D0C(_a16));
				_push(E011A43C4(_a12));
				E0119563D(2, 0x20000173,  *((intOrPtr*)(_t78 + 0x50)));
				E011D3349(_t67,  &_v20,  &_v24);
				if(_v20 < 5) {
					_v16 = L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
				}
				_t68 = _a8;
				if(_t68 == 0) {
					L8:
					if(_a12 == 1) {
						goto L10;
					} else {
						goto L9;
					}
				} else {
					_t79 = E011D0D39(_t68, L"Resume", _a12);
					if(_t79 >= 0) {
						if(_a12 != 3) {
							goto L8;
						} else {
							_t79 = E011D0D39(_t68, L"Installed", 1);
							if(_t79 >= 0) {
								L9:
								if(_a16 == 0) {
									L19:
									_t79 = E011D0823( *((intOrPtr*)(_t78 + 0x4c)), _v16, 0x20006,  &_v8);
									if(_t79 == 0x80070002 || _t79 == 0x80070003) {
										_t79 = 0;
										goto L29;
									} else {
										_t57 = RegDeleteValueW(_v8,  *(_t78 + 0x10));
										_t35 = _t57 - 2; // -2
										asm("sbb ecx, ecx");
										_t77 =  ~_t35 & _t57;
										if(_t77 == 0) {
											L29:
											if(_t68 != 0) {
												_t54 = RegDeleteValueW(_t68, L"BundleResumeCommandLine");
												_t36 = _t54 - 2; // -2
												asm("sbb ecx, ecx");
												_t72 =  ~_t36 & _t54;
												if(_t72 != 0) {
													if(_t72 > 0) {
														_t79 = _t72 & 0x0000ffff | 0x80070000;
													} else {
														_t79 = _t72;
													}
													if(_t79 >= 0) {
														_t79 = 0x80004005;
													}
													E011938BA(_t54, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\registration.cpp", 0x4f1, _t79);
													_push("Failed to delete resume command line value.");
													goto L37;
												}
											}
										} else {
											if(_t77 > 0) {
												_t79 = _t77 & 0x0000ffff | 0x80070000;
											} else {
												_t79 = _t77;
											}
											if(_t79 >= 0) {
												_t79 = 0x80004005;
											}
											E011938BA(_t57, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\registration.cpp", 0x4e7, _t79);
											_push("Failed to delete run key value.");
											goto L37;
										}
									}
								} else {
									L10:
									if( *((intOrPtr*)(_t78 + 8)) != 0) {
										goto L19;
									} else {
										_push(L"burn.runonce");
										_t79 = E01192022( &_v12, L"\"%ls\" /%ls",  *((intOrPtr*)(_t78 + 0x54)));
										if(_t79 >= 0) {
											_t79 = E011D0458( *((intOrPtr*)(_t78 + 0x4c)), _v16, 0x20006,  &_v8);
											if(_t79 >= 0) {
												_t79 = E011D0D87(_t69, _v8,  *(_t78 + 0x10), _v12);
												if(_t79 >= 0) {
													_t79 = E011D0D87(_t69, _t68, L"BundleResumeCommandLine",  *((intOrPtr*)(_t78 + 0x58)));
													if(_t79 < 0) {
														_push("Failed to write resume command line value.");
														goto L37;
													}
												} else {
													_push("Failed to write run key value.");
													goto L37;
												}
											} else {
												_push("Failed to create run key.");
												goto L37;
											}
										} else {
											_push("Failed to format resume command line for RunOnce.");
											goto L37;
										}
									}
								}
							} else {
								_push("Failed to write Installed value.");
								goto L37;
							}
						}
					} else {
						_push("Failed to write Resume value.");
						L37:
						_push(_t79);
						E011CFB09();
					}
				}
				if(_v12 != 0) {
					E01192762(_v12);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t79;
			}


















                                                            0x0119f1c3
                                                            0x0119f1c8
                                                            0x0119f1cb
                                                            0x0119f1ce
                                                            0x0119f1d8
                                                            0x0119f1db
                                                            0x0119f1e3
                                                            0x0119f1ec
                                                            0x0119f1f5
                                                            0x0119f200
                                                            0x0119f210
                                                            0x0119f219
                                                            0x0119f21b
                                                            0x0119f21b
                                                            0x0119f222
                                                            0x0119f227
                                                            0x0119f26a
                                                            0x0119f26e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119f229
                                                            0x0119f237
                                                            0x0119f23b
                                                            0x0119f24b
                                                            0x00000000
                                                            0x0119f24d
                                                            0x0119f25a
                                                            0x0119f25e
                                                            0x0119f270
                                                            0x0119f274
                                                            0x0119f311
                                                            0x0119f325
                                                            0x0119f32d
                                                            0x0119f37f
                                                            0x00000000
                                                            0x0119f337
                                                            0x0119f33d
                                                            0x0119f343
                                                            0x0119f348
                                                            0x0119f34a
                                                            0x0119f34c
                                                            0x0119f381
                                                            0x0119f383
                                                            0x0119f38b
                                                            0x0119f391
                                                            0x0119f396
                                                            0x0119f398
                                                            0x0119f39a
                                                            0x0119f39e
                                                            0x0119f3a7
                                                            0x0119f3a0
                                                            0x0119f3a0
                                                            0x0119f3a0
                                                            0x0119f3af
                                                            0x0119f3b1
                                                            0x0119f3b1
                                                            0x0119f3c1
                                                            0x0119f3c6
                                                            0x00000000
                                                            0x0119f3c6
                                                            0x0119f39a
                                                            0x0119f34e
                                                            0x0119f350
                                                            0x0119f359
                                                            0x0119f352
                                                            0x0119f352
                                                            0x0119f352
                                                            0x0119f361
                                                            0x0119f363
                                                            0x0119f363
                                                            0x0119f373
                                                            0x0119f378
                                                            0x00000000
                                                            0x0119f378
                                                            0x0119f34c
                                                            0x0119f27a
                                                            0x0119f27a
                                                            0x0119f27e
                                                            0x00000000
                                                            0x0119f284
                                                            0x0119f284
                                                            0x0119f29a
                                                            0x0119f2a1
                                                            0x0119f2c1
                                                            0x0119f2c5
                                                            0x0119f2df
                                                            0x0119f2e3
                                                            0x0119f2fd
                                                            0x0119f301
                                                            0x0119f307
                                                            0x00000000
                                                            0x0119f307
                                                            0x0119f2e5
                                                            0x0119f2e5
                                                            0x00000000
                                                            0x0119f2e5
                                                            0x0119f2c7
                                                            0x0119f2c7
                                                            0x00000000
                                                            0x0119f2c7
                                                            0x0119f2a3
                                                            0x0119f2a3
                                                            0x00000000
                                                            0x0119f2a3
                                                            0x0119f2a1
                                                            0x0119f27e
                                                            0x0119f260
                                                            0x0119f260
                                                            0x00000000
                                                            0x0119f260
                                                            0x0119f25e
                                                            0x0119f23d
                                                            0x0119f23d
                                                            0x0119f3cb
                                                            0x0119f3cb
                                                            0x0119f3cc
                                                            0x0119f3d2
                                                            0x0119f23b
                                                            0x0119f3d7
                                                            0x0119f3dc
                                                            0x0119f3dc
                                                            0x0119f3e5
                                                            0x0119f3ea
                                                            0x0119f3ea
                                                            0x0119f3f6

                                                            APIs
                                                              • Part of subcall function 011D3349: GetVersionExW.KERNEL32(?,?,?,00000000), ref: 011D3398
                                                            • RegCloseKey.ADVAPI32(00000000,?,011DFF38,00020006,00000000,?,00000000,00000000,00000000,?,00000000,00000001,00000000,00000000), ref: 0119F3EA
                                                              • Part of subcall function 011D0D39: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,0119F237,011DFF38,Resume,00000005,?,00000000,00000000,00000000), ref: 011D0D4E
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\registration.cpp, xrefs: 0119F36E, 0119F3BC
                                                            • Failed to write Resume value., xrefs: 0119F23D
                                                            • Failed to delete run key value., xrefs: 0119F378
                                                            • BundleResumeCommandLine, xrefs: 0119F2F2, 0119F385
                                                            • burn.runonce, xrefs: 0119F284
                                                            • Failed to format resume command line for RunOnce., xrefs: 0119F2A3
                                                            • Failed to write Installed value., xrefs: 0119F260
                                                            • Failed to create run key., xrefs: 0119F2C7
                                                            • Failed to write run key value., xrefs: 0119F2E5
                                                            • "%ls" /%ls, xrefs: 0119F28F
                                                            • Failed to write resume command line value., xrefs: 0119F307
                                                            • Failed to delete resume command line value., xrefs: 0119F3C6
                                                            • Resume, xrefs: 0119F22C
                                                            • Installed, xrefs: 0119F24F
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseValueVersion
                                                            • String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$burn.runonce$c:\agent\_work\66\s\src\burn\engine\registration.cpp
                                                            • API String ID: 2348918689-1350441746
                                                            • Opcode ID: b87dd8749f2a9b5cb309a7140032a9f0a52d104de50b0c3f4fef29ed1e81cb89
                                                            • Instruction ID: 69cf3dcec3210d6d857da011abbc5172e5c241067a05dca8ff2517ed9062d4f4
                                                            • Opcode Fuzzy Hash: b87dd8749f2a9b5cb309a7140032a9f0a52d104de50b0c3f4fef29ed1e81cb89
                                                            • Instruction Fuzzy Hash: 7C511132E04727BBDF1EAEA5CC05BAEBEA4BF14614F054169F921B6140D7B89A12C7C1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D7741 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 153stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 88%
                                                            			E011D7741(intOrPtr _a4, intOrPtr _a8) {
				int _t42;
				intOrPtr _t44;
				intOrPtr _t47;
				short** _t53;
				intOrPtr _t54;
				int _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				short* _t58;

				_t56 = _a8;
				_t53 =  *(_a4 + 0x24);
				while(_t53 != 0) {
					if(CompareStringW(0x7f, 0,  *_t53, 0xffffffff, L"http://appsyndication.org/2006/appsyn", 0xffffffff) != 2) {
						L5:
						_t8 =  &(_t53[4]); // 0x650076
						_t53 =  *_t8;
						continue;
					}
					_t4 =  &(_t53[1]); // 0x2e0069
					if(CompareStringW(0x7f, 0, L"digest", 0xffffffff,  *_t4, 0xffffffff) == 2) {
						_t19 =  &(_t53[3]); // 0x6c
						_t58 =  *_t19;
						while(_t58 != 0) {
							if(CompareStringW(0x7f, 0, L"algorithm", 0xffffffff, _t58[2], 0xffffffff) == 2) {
								if(CompareStringW(0x7f, 1, L"md5", 0xffffffff, _t58[4], 0xffffffff) != 2) {
									_t42 = CompareStringW(0x7f, 1, L"sha1", 0xffffffff, _t58[4], 0xffffffff);
									_t55 = 2;
									if(_t42 == _t55) {
										 *(_t56 + 0x18) = _t55;
									}
								} else {
									 *(_t56 + 0x18) = 1;
								}
								if(CompareStringW(0x7f, 1, L"sha256", 0xffffffff, _t58[4], 0xffffffff) == 2) {
									 *(_t56 + 0x18) = 3;
								}
								L21:
								if( *(_t56 + 0x18) != 3) {
									_t44 = 0x8007000d;
									_push(0x8007000d);
									_push(0x17c);
									L24:
									_t57 = _t44;
									L25:
									_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\apuputil.cpp");
									E011938BA(_t44);
									L9:
									return _t57;
								}
								_t29 =  &(_t53[2]); // 0x6c0064
								if(lstrlenW( *_t29) == 0x40) {
									_t47 = 0x20;
									 *((intOrPtr*)(_t56 + 0x14)) = _t47;
									_t44 = E011939DF(_t47, 1);
									 *((intOrPtr*)(_t56 + 0x10)) = _t44;
									if(_t44 != 0) {
										_t33 =  &(_t53[2]); // 0x6c0064
										_t57 = E0119276B( *_t33, _t44,  *((intOrPtr*)(_t56 + 0x14)));
										if(_t57 < 0) {
											goto L9;
										}
										goto L7;
									}
									_t57 = 0x8007000e;
									_push(0x8007000e);
									_push(0x174);
									goto L25;
								}
								_t44 = 0x8007000d;
								_push(0x8007000d);
								_push(0x16f);
								goto L24;
							}
							_t58 = _t58[6];
						}
						goto L21;
					}
					_t5 =  &(_t53[1]); // 0x2e0069
					if(CompareStringW(0x7f, 0, L"name", 0xffffffff,  *_t5, 0xffffffff) != 2) {
						goto L5;
					}
					_t6 =  &(_t53[2]); // 0x6c0064
					_t7 = _t56 + 4; // 0x5
					_t57 = E0119229E(_t7,  *_t6, 0);
					if(_t57 < 0) {
						goto L9;
					}
					goto L5;
				}
				L7:
				_t54 = _a4;
				 *((intOrPtr*)(_t56 + 8)) =  *((intOrPtr*)(_t54 + 0x18));
				 *((intOrPtr*)(_t56 + 0xc)) =  *((intOrPtr*)(_t54 + 0x1c));
				_t57 = E0119229E(_t56,  *((intOrPtr*)(_t54 + 0xc)), 0);
				if(_t57 >= 0) {
					 *(_t56 + 0x1c) =  *(_t56 + 0x1c) & 0x00000000;
					 *(_t56 + 4) =  *(_t56 + 4) & 0x00000000;
				}
				goto L9;
			}












                                                            0x011d774a
                                                            0x011d774d
                                                            0x011d77b9
                                                            0x011d776a
                                                            0x011d77b6
                                                            0x011d77b6
                                                            0x011d77b6
                                                            0x00000000
                                                            0x011d77b6
                                                            0x011d776e
                                                            0x011d7785
                                                            0x011d77ee
                                                            0x011d77ee
                                                            0x011d7811
                                                            0x011d780c
                                                            0x011d7830
                                                            0x011d784b
                                                            0x011d7853
                                                            0x011d7856
                                                            0x011d7858
                                                            0x011d7858
                                                            0x011d7832
                                                            0x011d7832
                                                            0x011d7832
                                                            0x011d7874
                                                            0x011d7876
                                                            0x011d7876
                                                            0x011d787d
                                                            0x011d7881
                                                            0x011d78ea
                                                            0x011d78ef
                                                            0x011d78f0
                                                            0x011d789c
                                                            0x011d789c
                                                            0x011d789e
                                                            0x011d789e
                                                            0x011d78a3
                                                            0x011d77e6
                                                            0x011d77eb
                                                            0x011d77eb
                                                            0x011d7883
                                                            0x011d788f
                                                            0x011d78af
                                                            0x011d78b3
                                                            0x011d78b6
                                                            0x011d78bb
                                                            0x011d78c0
                                                            0x011d78d3
                                                            0x011d78db
                                                            0x011d78df
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d78e5
                                                            0x011d78c2
                                                            0x011d78c7
                                                            0x011d78c8
                                                            0x00000000
                                                            0x011d78c8
                                                            0x011d7891
                                                            0x011d7896
                                                            0x011d7897
                                                            0x00000000
                                                            0x011d7897
                                                            0x011d780e
                                                            0x011d780e
                                                            0x00000000
                                                            0x011d7815
                                                            0x011d7789
                                                            0x011d77a0
                                                            0x00000000
                                                            0x00000000
                                                            0x011d77a4
                                                            0x011d77a7
                                                            0x011d77b0
                                                            0x011d77b4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d77b4
                                                            0x011d77bd
                                                            0x011d77bd
                                                            0x011d77c5
                                                            0x011d77cb
                                                            0x011d77d7
                                                            0x011d77db
                                                            0x011d77dd
                                                            0x011d77e1
                                                            0x011d77e1
                                                            0x00000000

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,msi.dll,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,?,011D7C2B,00000001,?), ref: 011D7761
                                                            • CompareStringW.KERNEL32(0000007F,00000000,digest,000000FF,002E0069,000000FF,?,011D7C2B,00000001,?), ref: 011D777C
                                                            • CompareStringW.KERNEL32(0000007F,00000000,name,000000FF,002E0069,000000FF,?,011D7C2B,00000001,?), ref: 011D7797
                                                            • CompareStringW.KERNEL32(0000007F,00000000,algorithm,000000FF,?,000000FF,?,011D7C2B,00000001,?), ref: 011D7803
                                                            • CompareStringW.KERNEL32(0000007F,00000001,md5,000000FF,?,000000FF,?,011D7C2B,00000001,?), ref: 011D7827
                                                            • CompareStringW.KERNEL32(0000007F,00000001,sha1,000000FF,?,000000FF,?,011D7C2B,00000001,?), ref: 011D784B
                                                            • CompareStringW.KERNEL32(0000007F,00000001,sha256,000000FF,?,000000FF,?,011D7C2B,00000001,?), ref: 011D786B
                                                            • lstrlenW.KERNEL32(006C0064,?,011D7C2B,00000001,?), ref: 011D7886
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString$lstrlen
                                                            • String ID: algorithm$c:\agent\_work\66\s\src\libs\dutil\apuputil.cpp$digest$http://appsyndication.org/2006/appsyn$md5$msi.dll$name$sha1$sha256
                                                            • API String ID: 1657112622-124732866
                                                            • Opcode ID: 00b417c4b7738c32a6ea25ff1d3916eed24295748e098a55a0494ad24acdbd4b
                                                            • Instruction ID: 82162ab2e5b719ad0eee22bdf957d570a2c4e5f4afd0cee043fc9461c43c7f49
                                                            • Opcode Fuzzy Hash: 00b417c4b7738c32a6ea25ff1d3916eed24295748e098a55a0494ad24acdbd4b
                                                            • Instruction Fuzzy Hash: 3B51F531649612BBDB294F14DC86F217B21AF11B34F214718FA34AF2D5C765E880C790
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01199FFE Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 214COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E01199FFE(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				void* _v12;
				char _v16;
				intOrPtr _v24;
				intOrPtr _v36;
				void _v40;
				void* _t51;
				void* _t57;
				void* _t59;
				void* _t73;
				void* _t74;
				void* _t76;
				void* _t92;
				void* _t93;
				intOrPtr _t96;
				signed int _t98;
				intOrPtr _t101;
				intOrPtr _t102;
				char* _t108;
				void* _t109;
				void _t110;
				intOrPtr _t111;
				void* _t112;
				void* _t113;
				void* _t114;

				_t98 = 6;
				memset( &_v40, 0, _t98 << 2);
				_t114 = _t113 + 0xc;
				_t100 = _a4;
				_t96 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t105 =  *((intOrPtr*)(_a4 + 0x10));
				_t51 =  *((intOrPtr*)(_a4 + 0x10)) - 1;
				if(_t51 == 0) {
					_t108 = L"VersionString";
					L9:
					_t109 = E01197303(_a8,  *((intOrPtr*)(_t100 + 0x18)),  &_v8, _t96);
					if(_t109 >= 0) {
						_t101 = 2;
						_v24 = _t101;
						if( *((intOrPtr*)(_a4 + 0x14)) != _t101) {
							L18:
							if(_t109 == 0x80070645) {
								L23:
								_push(_v8);
								_push("Product or related product not found: %ls");
								_t110 = 2;
								_push(_t110);
								E011CFFF0();
								_t102 = _a4;
								_t114 = _t114 + 0xc;
								_t57 =  *((intOrPtr*)(_t102 + 0x10)) - 1;
								if(_t57 == 0) {
									L26:
									_v40 = _t96;
									L27:
									_v36 = _t96;
									_v24 = 1;
									L28:
									_t111 = _t96;
									L31:
									if(_t111 >= 0) {
										_t59 =  *((intOrPtr*)(_t102 + 0x10)) - 1;
										if(_t59 == 0) {
											_push(3);
											L40:
											_pop(_t96);
											L41:
											_t112 = E011AFF10( &_v40, _t96);
											if(_t112 >= 0) {
												_t112 = E01198259(_a8,  *((intOrPtr*)(_a4 + 4)),  &_v40);
												if(_t112 >= 0) {
													L47:
													E0119287D(_v8);
													if(_v12 != 0) {
														E0119272F(_v12, _v16);
													}
													E011B04E3( &_v40);
													return _t112;
												}
												_push("Failed to set variable.");
												L45:
												_push(_t112);
												E011CFB09();
												L46:
												_push(_t112);
												E011CFFF0(2, "MsiProductSearch failed: ID \'%ls\', HRESULT 0x%x",  *_a4);
												goto L47;
											}
											_push("Failed to change value type.");
											goto L45;
										}
										_t73 = _t59 - 1;
										if(_t73 == 0) {
											_push(2);
											goto L40;
										}
										_t74 = _t73 - 1;
										if(_t74 == 0 || _t74 == 1) {
											_t96 = 1;
										}
										goto L41;
									}
									_push("Failed to get product info.");
									goto L45;
								}
								_t76 = _t57 - _t110;
								if(_t76 == 0) {
									_v40 = _t110;
									goto L27;
								}
								if(_t76 != 1) {
									goto L28;
								}
								goto L26;
							}
							_t111 = E011D2220(_t101, _v8, _t108,  &_v40);
							if(_t111 != 0x80070648) {
								L22:
								if(_t111 != 0x80070645) {
									L30:
									_t102 = _a4;
									goto L31;
								}
								goto L23;
							}
							_push(_v8);
							E011CFFF0(3, "Trying per-machine extended info for property \'%ls\' for product: %ls", _t108);
							_t114 = _t114 + 0x10;
							_t111 = E011D22AF(_t101, _v8, _t96, 4, _t108,  &_v40);
							if(_t111 != 0x80070645) {
								goto L30;
							}
							_push(_v8);
							E011CFFF0(2, "Trying per-user extended info for property \'%ls\' for product: %ls", _t108);
							_t114 = _t114 + 0x10;
							_t111 = E011D22AF(_t101, _v8, _t96, 2, _t108,  &_v40);
							goto L22;
						}
						_t112 = E011D1F3A(_t105, _v8,  &_v12,  &_v16, 1);
						if(_t112 >= 0) {
							if(_v16 != 1) {
								_t109 = 0x80070645;
								goto L18;
							}
							_t109 = E011923F3( &_v8,  *_v12, _t96);
							if(_t109 >= 0) {
								goto L18;
							}
							_push("Failed to copy upgrade code.");
							goto L45;
						}
						_push("Failed to enumerate related products for upgrade code.");
						goto L45;
					}
					_push("Failed to format GUID string.");
					goto L45;
				}
				_t92 = _t51 - 1;
				if(_t92 == 0) {
					_t108 = L"Language";
					goto L9;
				}
				_t93 = _t92 - 1;
				if(_t93 == 0) {
					_t108 = L"State";
					goto L9;
				}
				if(_t93 == 1) {
					_t108 = L"AssignmentType";
					goto L9;
				}
				_t112 = 0x80004001;
				E011CFB09(0x80004001, "Unsupported product search type: %u", _t105);
				_t114 = _t114 + 0xc;
				goto L46;
			}




























                                                            0x0119a00e
                                                            0x0119a00f
                                                            0x0119a00f
                                                            0x0119a011
                                                            0x0119a014
                                                            0x0119a016
                                                            0x0119a019
                                                            0x0119a01c
                                                            0x0119a01f
                                                            0x0119a024
                                                            0x0119a027
                                                            0x0119a066
                                                            0x0119a06b
                                                            0x0119a07b
                                                            0x0119a07f
                                                            0x0119a090
                                                            0x0119a091
                                                            0x0119a097
                                                            0x0119a0e5
                                                            0x0119a0eb
                                                            0x0119a15e
                                                            0x0119a15e
                                                            0x0119a161
                                                            0x0119a168
                                                            0x0119a169
                                                            0x0119a16a
                                                            0x0119a16f
                                                            0x0119a172
                                                            0x0119a178
                                                            0x0119a17b
                                                            0x0119a186
                                                            0x0119a186
                                                            0x0119a189
                                                            0x0119a189
                                                            0x0119a18c
                                                            0x0119a193
                                                            0x0119a193
                                                            0x0119a19f
                                                            0x0119a1a1
                                                            0x0119a1ad
                                                            0x0119a1b0
                                                            0x0119a1ca
                                                            0x0119a1cc
                                                            0x0119a1cc
                                                            0x0119a1cd
                                                            0x0119a1d7
                                                            0x0119a1db
                                                            0x0119a1f6
                                                            0x0119a1fa
                                                            0x0119a21e
                                                            0x0119a221
                                                            0x0119a22a
                                                            0x0119a232
                                                            0x0119a232
                                                            0x0119a23b
                                                            0x0119a246
                                                            0x0119a246
                                                            0x0119a1fc
                                                            0x0119a201
                                                            0x0119a201
                                                            0x0119a202
                                                            0x0119a209
                                                            0x0119a20c
                                                            0x0119a216
                                                            0x00000000
                                                            0x0119a21b
                                                            0x0119a1dd
                                                            0x00000000
                                                            0x0119a1dd
                                                            0x0119a1b2
                                                            0x0119a1b5
                                                            0x0119a1c6
                                                            0x00000000
                                                            0x0119a1c6
                                                            0x0119a1b7
                                                            0x0119a1ba
                                                            0x0119a1c3
                                                            0x0119a1c3
                                                            0x00000000
                                                            0x0119a1ba
                                                            0x0119a1a3
                                                            0x00000000
                                                            0x0119a1a3
                                                            0x0119a17d
                                                            0x0119a17f
                                                            0x0119a197
                                                            0x00000000
                                                            0x0119a197
                                                            0x0119a184
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119a184
                                                            0x0119a0fa
                                                            0x0119a102
                                                            0x0119a156
                                                            0x0119a15c
                                                            0x0119a19c
                                                            0x0119a19c
                                                            0x00000000
                                                            0x0119a19c
                                                            0x00000000
                                                            0x0119a15c
                                                            0x0119a104
                                                            0x0119a10f
                                                            0x0119a114
                                                            0x0119a127
                                                            0x0119a12f
                                                            0x00000000
                                                            0x00000000
                                                            0x0119a131
                                                            0x0119a13c
                                                            0x0119a141
                                                            0x0119a154
                                                            0x00000000
                                                            0x0119a154
                                                            0x0119a0ab
                                                            0x0119a0af
                                                            0x0119a0bf
                                                            0x0119a0e0
                                                            0x00000000
                                                            0x0119a0e0
                                                            0x0119a0d0
                                                            0x0119a0d4
                                                            0x00000000
                                                            0x00000000
                                                            0x0119a0d6
                                                            0x00000000
                                                            0x0119a0d6
                                                            0x0119a0b1
                                                            0x00000000
                                                            0x0119a0b1
                                                            0x0119a081
                                                            0x00000000
                                                            0x0119a081
                                                            0x0119a029
                                                            0x0119a02c
                                                            0x0119a05f
                                                            0x00000000
                                                            0x0119a05f
                                                            0x0119a02e
                                                            0x0119a031
                                                            0x0119a058
                                                            0x00000000
                                                            0x0119a058
                                                            0x0119a036
                                                            0x0119a051
                                                            0x00000000
                                                            0x0119a051
                                                            0x0119a039
                                                            0x0119a044
                                                            0x0119a049
                                                            0x00000000

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 0119A076
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Open@16
                                                            • String ID: AssignmentType$Failed to change value type.$Failed to copy upgrade code.$Failed to enumerate related products for upgrade code.$Failed to format GUID string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$Product or related product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
                                                            • API String ID: 3613110473-2134270738
                                                            • Opcode ID: 06b7335876b441dc9e9459cf926e304f53f79bbe92734a760de3973fd66fe300
                                                            • Instruction ID: aa1ee1b8ea0481d7119fee9bde9318ab880d6d447f747cf1241089c6223f6de8
                                                            • Opcode Fuzzy Hash: 06b7335876b441dc9e9459cf926e304f53f79bbe92734a760de3973fd66fe300
                                                            • Instruction Fuzzy Hash: 9D61F572D4012ABBCF1E9AE8E944EEE7B79EF15748F244169F520BB241D332DE048791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119EC76 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 172COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 57%
                                                            			E0119EC76(signed int _a4, intOrPtr* _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _v20;
				intOrPtr* _t44;
				signed int _t48;
				signed int _t68;
				intOrPtr _t70;
				signed int _t74;
				void* _t75;
				signed int _t77;
				signed int _t78;
				intOrPtr* _t79;
				intOrPtr* _t83;
				signed int _t85;
				signed int _t88;

				_t74 = 0;
				_v20 = 0;
				_t85 = 0;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				if(E011D3183(_a4, L"SoftwareTag",  &_v20) >= 0) {
					_t44 = _v20;
					_t84 =  &_v16;
					_push( &_v16);
					_push(_t44);
					if( *((intOrPtr*)( *_t44 + 0x20))() >= 0) {
						_t77 = _v16;
						if(_t77 == 0) {
							L22:
							_t88 = _t74;
							 *_a12 = _t77;
							 *_a8 = _t85;
							_t85 = _t74;
						} else {
							_t85 = E011939DF(_t77 << 4, 1);
							if(_t85 != 0) {
								_t77 = _v16;
								_a4 = 0;
								if(_t77 == 0) {
									goto L22;
								} else {
									_t13 = _t85 + 8; // 0x8
									_t75 = _t13;
									while(1) {
										_t88 = E011D30E2(_t77, _v20,  &_v8, 0);
										if(_t88 < 0) {
											break;
										}
										_t16 = _t75 - 8; // 0x0
										_t88 = E011D2B5D(_v8, L"Filename", _t16);
										if(_t88 < 0) {
											_push("Failed to get @Filename.");
											goto L2;
										} else {
											_t18 = _t75 - 4; // 0x4
											_t88 = E011D2B5D(_v8, L"Regid", _t18);
											if(_t88 < 0) {
												_push("Failed to get @Regid.");
												goto L2;
											} else {
												_t88 = E011D2B5D(_v8, L"Path", _t75);
												if(_t88 < 0) {
													_push("Failed to get @Path.");
													goto L2;
												} else {
													_t88 = E011D2D56(_v8,  &_v12);
													if(_t88 < 0) {
														_push("Failed to get SoftwareTag text.");
														goto L2;
													} else {
														_t24 = _t75 + 4; // 0xc
														_t88 = E0119252E(_t84, _t24, _v12, 0, 0xfde9);
														if(_t88 < 0) {
															_push("Failed to convert SoftwareTag text to UTF-8");
															goto L2;
														} else {
															_t68 = _v12;
															if(_t68 != 0) {
																__imp__#6(_t68);
																_v12 = _v12 & 0x00000000;
															}
															_t83 = _v8;
															if(_t83 != 0) {
																 *((intOrPtr*)( *_t83 + 8))(_t83);
																_v8 = _v8 & 0x00000000;
															}
															_t75 = _t75 + 0x10;
															_t77 = _v16;
															_t70 = _a4 + 1;
															_a4 = _t70;
															if(_t70 < _t77) {
																continue;
															} else {
																_t74 = 0;
																goto L22;
															}
														}
													}
												}
											}
										}
										goto L23;
									}
									_push("Failed to get next node.");
									goto L2;
								}
							} else {
								_t88 = 0x8007000e;
								E011938BA(_t55, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\registration.cpp", 0x41c, 0x8007000e);
								_push("Failed to allocate memory for software tag structs.");
								goto L2;
							}
						}
					} else {
						_push("Failed to get software tag count.");
						goto L2;
					}
				} else {
					_push("Failed to select software tag nodes.");
					L2:
					_push(_t88);
					E011CFB09();
				}
				L23:
				_t48 = _v12;
				if(_t48 != 0) {
					__imp__#6(_t48);
				}
				_t78 = _v8;
				if(_t78 != 0) {
					 *((intOrPtr*)( *_t78 + 8))(_t78);
				}
				_t79 = _v20;
				if(_t79 != 0) {
					 *((intOrPtr*)( *_t79 + 8))(_t79);
				}
				if(_t85 != 0) {
					E01193AA4(_t85);
				}
				return _t88;
			}



















                                                            0x0119ec82
                                                            0x0119ec8d
                                                            0x0119ec90
                                                            0x0119ec92
                                                            0x0119ec95
                                                            0x0119ec98
                                                            0x0119eca4
                                                            0x0119ecb8
                                                            0x0119ecbb
                                                            0x0119ecbe
                                                            0x0119ecbf
                                                            0x0119ecc9
                                                            0x0119ecd2
                                                            0x0119ecd7
                                                            0x0119edee
                                                            0x0119edf1
                                                            0x0119edf3
                                                            0x0119edf8
                                                            0x0119edfa
                                                            0x0119ecdd
                                                            0x0119ece8
                                                            0x0119ecec
                                                            0x0119ed0a
                                                            0x0119ed0d
                                                            0x0119ed12
                                                            0x00000000
                                                            0x0119ed18
                                                            0x0119ed18
                                                            0x0119ed18
                                                            0x0119ed1b
                                                            0x0119ed29
                                                            0x0119ed2d
                                                            0x00000000
                                                            0x00000000
                                                            0x0119ed33
                                                            0x0119ed44
                                                            0x0119ed48
                                                            0x0119ee5f
                                                            0x00000000
                                                            0x0119ed4e
                                                            0x0119ed4e
                                                            0x0119ed5f
                                                            0x0119ed63
                                                            0x0119ee55
                                                            0x00000000
                                                            0x0119ed69
                                                            0x0119ed77
                                                            0x0119ed7b
                                                            0x0119ee4b
                                                            0x00000000
                                                            0x0119ed81
                                                            0x0119ed8d
                                                            0x0119ed91
                                                            0x0119ee41
                                                            0x00000000
                                                            0x0119ed97
                                                            0x0119eda1
                                                            0x0119edaa
                                                            0x0119edae
                                                            0x0119ee37
                                                            0x00000000
                                                            0x0119edb4
                                                            0x0119edb4
                                                            0x0119edb9
                                                            0x0119edbc
                                                            0x0119edc2
                                                            0x0119edc2
                                                            0x0119edc6
                                                            0x0119edcb
                                                            0x0119edd0
                                                            0x0119edd3
                                                            0x0119edd3
                                                            0x0119edda
                                                            0x0119eddd
                                                            0x0119ede0
                                                            0x0119ede1
                                                            0x0119ede6
                                                            0x00000000
                                                            0x0119edec
                                                            0x0119edec
                                                            0x00000000
                                                            0x0119edec
                                                            0x0119ede6
                                                            0x0119edae
                                                            0x0119ed91
                                                            0x0119ed7b
                                                            0x0119ed63
                                                            0x00000000
                                                            0x0119ed48
                                                            0x0119ee69
                                                            0x00000000
                                                            0x0119ee69
                                                            0x0119ecee
                                                            0x0119ecee
                                                            0x0119ecfe
                                                            0x0119ed03
                                                            0x00000000
                                                            0x0119ed03
                                                            0x0119ecec
                                                            0x0119eccb
                                                            0x0119eccb
                                                            0x00000000
                                                            0x0119eccb
                                                            0x0119eca6
                                                            0x0119eca6
                                                            0x0119ecab
                                                            0x0119ecab
                                                            0x0119ecac
                                                            0x0119ecb2
                                                            0x0119edfc
                                                            0x0119edfc
                                                            0x0119ee01
                                                            0x0119ee04
                                                            0x0119ee04
                                                            0x0119ee0a
                                                            0x0119ee0f
                                                            0x0119ee14
                                                            0x0119ee14
                                                            0x0119ee17
                                                            0x0119ee1c
                                                            0x0119ee21
                                                            0x0119ee21
                                                            0x0119ee26
                                                            0x0119ee29
                                                            0x0119ee29
                                                            0x0119ee34

                                                            APIs
                                                            • SysFreeString.OLEAUT32(?), ref: 0119EE04
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • SysFreeString.OLEAUT32(?), ref: 0119EDBC
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\registration.cpp, xrefs: 0119ECF9
                                                            • Failed to allocate memory for software tag structs., xrefs: 0119ED03
                                                            • Regid, xrefs: 0119ED52
                                                            • Failed to get SoftwareTag text., xrefs: 0119EE41
                                                            • Failed to select software tag nodes., xrefs: 0119ECA6
                                                            • Failed to get @Filename., xrefs: 0119EE5F
                                                            • SoftwareTag, xrefs: 0119EC85
                                                            • Failed to get software tag count., xrefs: 0119ECCB
                                                            • Path, xrefs: 0119ED6A
                                                            • Failed to get @Regid., xrefs: 0119EE55
                                                            • Failed to convert SoftwareTag text to UTF-8, xrefs: 0119EE37
                                                            • Failed to get next node., xrefs: 0119EE69
                                                            • Filename, xrefs: 0119ED37
                                                            • Failed to get @Path., xrefs: 0119EE4B
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeHeapString$AllocateProcess
                                                            • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$c:\agent\_work\66\s\src\burn\engine\registration.cpp
                                                            • API String ID: 336948655-3163406687
                                                            • Opcode ID: 4c978ca0817a3f775aacb16a834bd530e29ba8b5acc2da2e7cedb922f1811e5a
                                                            • Instruction ID: 8df6a4b9a69962f558277fa5501889a32221332d216a9c202f8caf214d9404ff
                                                            • Opcode Fuzzy Hash: 4c978ca0817a3f775aacb16a834bd530e29ba8b5acc2da2e7cedb922f1811e5a
                                                            • Instruction Fuzzy Hash: FE51B571A0271AFBDF1DDFA9C894EAEBBB8BF04A14B05416DF921AB200D771DD008750
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BC45E Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 271COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E011BC45E(intOrPtr __ecx, void* __eflags, signed int _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24) {
				signed int _v8;
				intOrPtr _t121;
				intOrPtr _t176;
				intOrPtr* _t190;
				intOrPtr* _t197;
				intOrPtr _t198;
				intOrPtr _t203;
				signed int _t206;
				intOrPtr _t207;
				intOrPtr _t208;
				signed int _t209;
				signed int _t210;
				signed int _t212;
				void* _t214;
				void* _t220;
				signed int _t223;
				intOrPtr* _t224;
				void* _t225;

				_t193 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t190 = _a24;
				_t121 = E011939DF( *(_t190 + 0x80) << 3, 1);
				_t212 = _a4;
				 *((intOrPtr*)(_t212 + 0x7c)) = _t121;
				if(_t121 != 0) {
					_t206 = 0;
					 *(_t212 + 0x80) =  *(_t190 + 0x80);
					_a4 = 0;
					if( *(_t190 + 0x80) <= 0) {
						L16:
						 *(_t212 + 0x14) =  *(_t212 + 0x14) & 0x00000000;
						 *((intOrPtr*)(_t212 + 0xa8)) = 1;
						 *((intOrPtr*)(_t212 + 0x8c)) =  *((intOrPtr*)(_t190 + 0x8c));
						 *((intOrPtr*)(_t212 + 0x40)) =  *((intOrPtr*)(_t190 + 0x40));
						 *((intOrPtr*)(_t212 + 0x44)) =  *((intOrPtr*)(_t190 + 0x44));
						 *((intOrPtr*)(_t212 + 0x28)) =  *((intOrPtr*)(_t190 + 0x28));
						 *((intOrPtr*)(_t212 + 0x2c)) =  *((intOrPtr*)(_t190 + 0x2c));
						 *((intOrPtr*)(_t212 + 0x30)) =  *((intOrPtr*)(_t190 + 0x30));
						 *((intOrPtr*)(_t212 + 0x34)) =  *((intOrPtr*)(_t190 + 0x34));
						 *((intOrPtr*)(_t212 + 0x1c)) =  *((intOrPtr*)(_t190 + 0x1c));
						if(E0119229E(_t212,  *_t190, 0) >= 0) {
							_t97 = _t212 + 0x24; // 0x124
							if(E0119229E(_t97,  *((intOrPtr*)(_t190 + 0x24)), 0) >= 0) {
								 *((intOrPtr*)(_t212 + 0xb0)) =  *((intOrPtr*)(_t190 + 0xb0));
								if(E011A7D20(_t193,  &_v8,  *_a8,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(_a8 + 8)),  *((intOrPtr*)(_a8 + 0x1c)), 1, _a16, _a20, _a12,  *((intOrPtr*)(_t135 + 0xc))) >= 0) {
									_t109 = _t212 + 0x94; // 0x194
									if(E0119229E(_t109, _v8, 0) >= 0) {
										_t112 = _t212 + 0x98; // 0x198
										_t220 = E0119229E(_t112, _v8, 0);
										if(_t220 >= 0) {
											_t114 = _t212 + 0x9c; // 0x19c
											 *((intOrPtr*)(_t212 + 0xac)) = 1;
											_t220 = E0119229E(_t114, _v8, 0);
											if(_t220 >= 0) {
												 *((intOrPtr*)(_t212 + 0x18)) = 1;
											} else {
												_push("Failed to copy uninstall arguments for passthrough bundle package");
												goto L23;
											}
										} else {
											_push("Failed to copy related arguments for passthrough bundle package");
											goto L23;
										}
									} else {
										_push("Failed to copy install arguments for passthrough bundle package");
										goto L23;
									}
								} else {
									_push("Failed to recreate command-line arguments.");
									goto L23;
								}
							} else {
								_push("Failed to copy cache id for passthrough pseudo bundle.");
								goto L23;
							}
						} else {
							_push("Failed to copy key for passthrough pseudo bundle.");
							goto L23;
						}
					} else {
						while(1) {
							_t223 = _t206 << 3;
							_a24 =  *((intOrPtr*)(_t190 + 0x7c)) + _t223;
							 *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c)))) = E011939DF(0x58, 1);
							_t150 =  *((intOrPtr*)(_t212 + 0x7c));
							_t207 =  *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c))));
							if(_t207 == 0) {
								break;
							}
							_t197 = _a24;
							 *((intOrPtr*)(_t207 + 4)) =  *((intOrPtr*)( *_t197 + 4));
							_t198 =  *_t197;
							_t208 =  *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c))));
							 *((intOrPtr*)(_t208 + 0x10)) =  *((intOrPtr*)(_t198 + 0x10));
							 *((intOrPtr*)(_t208 + 0x14)) =  *((intOrPtr*)(_t198 + 0x14));
							_t220 = E0119229E( *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c)))),  *((intOrPtr*)( *_a24)), 0);
							if(_t220 < 0) {
								_push("Failed to copy key for passthrough pseudo bundle payload.");
								goto L23;
							} else {
								_t220 = E0119229E( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x18,  *((intOrPtr*)( *_a24 + 0x18)), 0);
								if(_t220 < 0) {
									_push("Failed to copy filename for passthrough pseudo bundle.");
									goto L23;
								} else {
									_t220 = E0119229E( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x38,  *((intOrPtr*)( *_a24 + 0x38)), 0);
									if(_t220 < 0) {
										_push("Failed to copy local source path for passthrough pseudo bundle.");
										goto L23;
									} else {
										_t224 = _a24;
										_t173 =  *_t224;
										if( *((intOrPtr*)( *_t224 + 0x40)) == 0) {
											L12:
											_t174 =  *_t224;
											if( *((intOrPtr*)( *_t224 + 0x30)) == 0) {
												L15:
												_t209 = _a4;
												_t193 =  *((intOrPtr*)(_t212 + 0x7c));
												 *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + 4 + _t209 * 8)) =  *((intOrPtr*)(_t224 + 4));
												_t206 = _t209 + 1;
												_a4 = _t206;
												if(_t206 <  *(_t190 + 0x80)) {
													continue;
												} else {
													goto L16;
												}
											} else {
												_t176 = E011939DF( *((intOrPtr*)(_t174 + 0x34)), 0);
												_t210 = _a4;
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x30)) = _t176;
												_t177 =  *((intOrPtr*)(_t212 + 0x7c));
												_t203 =  *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8));
												if( *((intOrPtr*)(_t203 + 0x30)) == 0) {
													_t214 = 0x8007000e;
													_t220 = 0x8007000e;
													E011938BA(_t177, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0xcc, 0x8007000e);
													_push("Failed to allocate memory for pseudo bundle payload hash.");
													goto L2;
												} else {
													 *((intOrPtr*)(_t203 + 0x34)) =  *((intOrPtr*)( *_t224 + 0x34));
													E01193C78( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x34)),  *((intOrPtr*)( *_t224 + 0x30)),  *((intOrPtr*)( *_t224 + 0x34)));
													_t225 = _t225 + 0x10;
													goto L15;
												}
											}
										} else {
											_t220 = E0119229E( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x40,  *((intOrPtr*)(_t173 + 0x40)), 0);
											if(_t220 < 0) {
												_push("Failed to copy download source for passthrough pseudo bundle.");
												L23:
												_push(_t220);
												goto L3;
											} else {
												_t224 = _a24;
												goto L12;
											}
										}
									}
								}
							}
							goto L36;
						}
						_t214 = 0x8007000e;
						_t220 = 0x8007000e;
						E011938BA(_t150, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0xb6, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L2;
					}
				} else {
					_t214 = 0x8007000e;
					_t220 = 0x8007000e;
					E011938BA(_t121, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0xae, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of passthrough bundle.");
					L2:
					_push(_t214);
					L3:
					E011CFB09();
				}
				L36:
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t220;
			}





















                                                            0x011bc45e
                                                            0x011bc461
                                                            0x011bc462
                                                            0x011bc467
                                                            0x011bc478
                                                            0x011bc47d
                                                            0x011bc480
                                                            0x011bc485
                                                            0x011bc4b6
                                                            0x011bc4b8
                                                            0x011bc4be
                                                            0x011bc4c7
                                                            0x011bc61e
                                                            0x011bc61e
                                                            0x011bc622
                                                            0x011bc632
                                                            0x011bc63b
                                                            0x011bc641
                                                            0x011bc647
                                                            0x011bc64d
                                                            0x011bc653
                                                            0x011bc659
                                                            0x011bc661
                                                            0x011bc670
                                                            0x011bc6e0
                                                            0x011bc6ed
                                                            0x011bc6fc
                                                            0x011bc72b
                                                            0x011bc736
                                                            0x011bc74a
                                                            0x011bc75a
                                                            0x011bc766
                                                            0x011bc76a
                                                            0x011bc77a
                                                            0x011bc780
                                                            0x011bc790
                                                            0x011bc794
                                                            0x011bc7a0
                                                            0x011bc796
                                                            0x011bc796
                                                            0x00000000
                                                            0x011bc796
                                                            0x011bc76c
                                                            0x011bc76c
                                                            0x00000000
                                                            0x011bc76c
                                                            0x011bc74c
                                                            0x011bc74c
                                                            0x00000000
                                                            0x011bc74c
                                                            0x011bc72d
                                                            0x011bc72d
                                                            0x00000000
                                                            0x011bc72d
                                                            0x011bc6ef
                                                            0x011bc6ef
                                                            0x00000000
                                                            0x011bc6ef
                                                            0x011bc672
                                                            0x011bc672
                                                            0x00000000
                                                            0x011bc672
                                                            0x011bc4cd
                                                            0x011bc4cd
                                                            0x011bc4d2
                                                            0x011bc4db
                                                            0x011bc4e6
                                                            0x011bc4e9
                                                            0x011bc4ec
                                                            0x011bc4f1
                                                            0x00000000
                                                            0x00000000
                                                            0x011bc4f7
                                                            0x011bc501
                                                            0x011bc507
                                                            0x011bc509
                                                            0x011bc50f
                                                            0x011bc515
                                                            0x011bc52a
                                                            0x011bc52e
                                                            0x011bc6af
                                                            0x00000000
                                                            0x011bc534
                                                            0x011bc550
                                                            0x011bc554
                                                            0x011bc6a8
                                                            0x00000000
                                                            0x011bc55a
                                                            0x011bc576
                                                            0x011bc57a
                                                            0x011bc6a1
                                                            0x00000000
                                                            0x011bc580
                                                            0x011bc580
                                                            0x011bc583
                                                            0x011bc589
                                                            0x011bc5af
                                                            0x011bc5af
                                                            0x011bc5b5
                                                            0x011bc601
                                                            0x011bc601
                                                            0x011bc604
                                                            0x011bc60a
                                                            0x011bc60e
                                                            0x011bc60f
                                                            0x011bc618
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011bc5b7
                                                            0x011bc5bc
                                                            0x011bc5c4
                                                            0x011bc5ca
                                                            0x011bc5cd
                                                            0x011bc5d0
                                                            0x011bc5d7
                                                            0x011bc680
                                                            0x011bc690
                                                            0x011bc692
                                                            0x011bc697
                                                            0x00000000
                                                            0x011bc5dd
                                                            0x011bc5e2
                                                            0x011bc5f9
                                                            0x011bc5fe
                                                            0x00000000
                                                            0x011bc5fe
                                                            0x011bc5d7
                                                            0x011bc58b
                                                            0x011bc5a2
                                                            0x011bc5a6
                                                            0x011bc679
                                                            0x011bc6b4
                                                            0x011bc6b4
                                                            0x00000000
                                                            0x011bc5ac
                                                            0x011bc5ac
                                                            0x00000000
                                                            0x011bc5ac
                                                            0x011bc5a6
                                                            0x011bc589
                                                            0x011bc57a
                                                            0x011bc554
                                                            0x00000000
                                                            0x011bc52e
                                                            0x011bc6ba
                                                            0x011bc6ca
                                                            0x011bc6cc
                                                            0x011bc6d1
                                                            0x00000000
                                                            0x011bc6d1
                                                            0x011bc487
                                                            0x011bc487
                                                            0x011bc497
                                                            0x011bc499
                                                            0x011bc49e
                                                            0x011bc4a3
                                                            0x011bc4a3
                                                            0x011bc4a4
                                                            0x011bc4a4
                                                            0x011bc4aa
                                                            0x011bc7a7
                                                            0x011bc7ab
                                                            0x011bc7b0
                                                            0x011bc7b0
                                                            0x011bc7bb

                                                            Strings
                                                            • Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 011BC49E
                                                            • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 011BC6D1
                                                            • Failed to copy cache id for passthrough pseudo bundle., xrefs: 011BC6EF
                                                            • Failed to copy install arguments for passthrough bundle package, xrefs: 011BC74C
                                                            • Failed to recreate command-line arguments., xrefs: 011BC72D
                                                            • c:\agent\_work\66\s\src\burn\engine\pseudobundle.cpp, xrefs: 011BC492, 011BC68B, 011BC6C5
                                                            • Failed to copy download source for passthrough pseudo bundle., xrefs: 011BC679
                                                            • Failed to copy filename for passthrough pseudo bundle., xrefs: 011BC6A8
                                                            • Failed to copy related arguments for passthrough bundle package, xrefs: 011BC76C
                                                            • Failed to copy uninstall arguments for passthrough bundle package, xrefs: 011BC796
                                                            • Failed to copy local source path for passthrough pseudo bundle., xrefs: 011BC6A1
                                                            • Failed to allocate memory for pseudo bundle payload hash., xrefs: 011BC697
                                                            • Failed to copy key for passthrough pseudo bundle., xrefs: 011BC672
                                                            • Failed to copy key for passthrough pseudo bundle payload., xrefs: 011BC6AF
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateProcess
                                                            • String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$c:\agent\_work\66\s\src\burn\engine\pseudobundle.cpp
                                                            • API String ID: 1357844191-1911474293
                                                            • Opcode ID: 71f7c04e603c7dee9a4d4a18ad9a84f2e68449c6126406ff5832418914a69b69
                                                            • Instruction ID: 0279e71f0b471d492bef2bc2c89a0df115d3c9fa9ffdf7faa8fbaf716fed29a1
                                                            • Opcode Fuzzy Hash: 71f7c04e603c7dee9a4d4a18ad9a84f2e68449c6126406ff5832418914a69b69
                                                            • Instruction Fuzzy Hash: 4DB16A75A00606EFDB29DF68C881F95BBE1BF18714F11819AED14AB361D731E811CBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119B1D7 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 24%
                                                            			E0119B1D7(intOrPtr _a4) {
				void* _t35;
				intOrPtr* _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				signed int _t52;
				intOrPtr _t55;
				signed short _t56;
				intOrPtr* _t58;
				signed short _t59;
				signed short _t60;
				signed short _t61;
				signed short _t67;

				_t56 = 0;
				_t58 = GetModuleHandleW(0);
				if(_t58 != 0) {
					if(0x5a4d ==  *_t58) {
						_t48 =  *((intOrPtr*)(_t58 + 0x3c));
						if( *((intOrPtr*)(_t48 + _t58)) == 0x4550) {
							_t5 = _t58 + 0x18; // 0x18
							_t44 = _t5 + ( *(_t48 + _t58 + 0x14) & 0x0000ffff) + _t48;
							if(E011BF8C3(_t44, ".wixburn", 8) == 0) {
								L17:
								if( *((intOrPtr*)(_t44 + 0x10)) >= 0x34) {
									_t46 =  *((intOrPtr*)(_t44 + 0xc)) + _t58;
									if( *((intOrPtr*)(_t46 + 4)) == 2) {
										_t55 = _a4;
										_t49 = _t56;
										while(1) {
											_t26 =  *((intOrPtr*)(_t55 + _t49 * 4));
											if( *((intOrPtr*)(_t55 + _t49 * 4)) !=  *((intOrPtr*)(_t46 + 8 + _t49 * 4))) {
												break;
											}
											_t49 = _t49 + 1;
											if(_t49 != 4) {
												continue;
											} else {
											}
											goto L29;
										}
										_t59 = 0x8007000d;
										_t56 = 0x8007000d;
										E011938BA(_t26, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x18a, 0x8007000d);
										_push("Bundle guid didn\'t match the guid in the PE Header in memory.");
										goto L28;
									} else {
										_t60 = 0x8007000d;
										_t56 = 0x8007000d;
										E011938BA(_t25, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x184, 0x8007000d);
										_push( *((intOrPtr*)(_t46 + 4)));
										_push("Failed to read section info, unsupported version: %08x");
										goto L22;
									}
								} else {
									_t60 = 0x8007000d;
									_t56 = 0x8007000d;
									E011938BA(_t25, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x17a, 0x8007000d);
									_push( *((intOrPtr*)(_t44 + 0x10)));
									_push("Failed to read section info, data to short: %u");
									L22:
									_push(_t60);
									E011CFB09();
								}
							} else {
								_t52 =  *( *((intOrPtr*)(_t58 + 0x3c)) + _t58 + 6) & 0x0000ffff;
								_t35 = 1;
								while(_t35 < _t52) {
									_t44 = _t44 + 0x28;
									_t35 = _t35 + 1;
									if( *_t44 != 0x7869772e ||  *((intOrPtr*)(_t44 + 4)) != 0x6e727562) {
										continue;
									} else {
										goto L17;
									}
									goto L29;
								}
								_t59 = 0x8007000d;
								_t56 = 0x8007000d;
								E011938BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x16e, 0x8007000d);
								_push("Failed to find Burn section.");
								L28:
								_push(_t59);
								E011CFB09();
							}
							L29:
						} else {
							_t61 = 0x8007000d;
							_t56 = 0x8007000d;
							E011938BA(0x5a4d, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x155, 0x8007000d);
							_push("Failed to find valid NT image header in buffer.");
							goto L9;
						}
					} else {
						_t61 = 0x8007000d;
						_t56 = 0x8007000d;
						E011938BA(0x5a4d, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x14a, 0x8007000d);
						_push("Failed to find valid DOS image header in buffer.");
						L9:
						_push(_t61);
						goto L6;
					}
				} else {
					_t56 = GetLastError();
					if(_t56 > 0) {
						_t56 = _t56 & 0x0000ffff | 0x80070000;
						_t67 = _t56;
					}
					if(_t67 >= 0) {
						_t56 = 0x80004005;
					}
					E011938BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x140, _t56);
					_push("Failed to get module handle to process.");
					_push(_t56);
					L6:
					E011CFB09();
				}
				return _t56;
			}
















                                                            0x0119b1dc
                                                            0x0119b1e5
                                                            0x0119b1e9
                                                            0x0119b233
                                                            0x0119b254
                                                            0x0119b25e
                                                            0x0119b286
                                                            0x0119b28b
                                                            0x0119b29d
                                                            0x0119b2c3
                                                            0x0119b2c7
                                                            0x0119b30b
                                                            0x0119b311
                                                            0x0119b33d
                                                            0x0119b340
                                                            0x0119b342
                                                            0x0119b342
                                                            0x0119b349
                                                            0x00000000
                                                            0x00000000
                                                            0x0119b34b
                                                            0x0119b34f
                                                            0x00000000
                                                            0x00000000
                                                            0x0119b351
                                                            0x00000000
                                                            0x0119b34f
                                                            0x0119b353
                                                            0x0119b363
                                                            0x0119b365
                                                            0x0119b36a
                                                            0x00000000
                                                            0x0119b313
                                                            0x0119b313
                                                            0x0119b323
                                                            0x0119b325
                                                            0x0119b32a
                                                            0x0119b32d
                                                            0x00000000
                                                            0x0119b32d
                                                            0x0119b2c9
                                                            0x0119b2c9
                                                            0x0119b2d9
                                                            0x0119b2db
                                                            0x0119b2e0
                                                            0x0119b2e3
                                                            0x0119b332
                                                            0x0119b332
                                                            0x0119b333
                                                            0x0119b338
                                                            0x0119b29f
                                                            0x0119b2a2
                                                            0x0119b2a9
                                                            0x0119b2aa
                                                            0x0119b2ae
                                                            0x0119b2b1
                                                            0x0119b2b8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119b2b8
                                                            0x0119b2ea
                                                            0x0119b2fa
                                                            0x0119b2fc
                                                            0x0119b301
                                                            0x0119b36f
                                                            0x0119b36f
                                                            0x0119b370
                                                            0x0119b376
                                                            0x0119b377
                                                            0x0119b260
                                                            0x0119b260
                                                            0x0119b270
                                                            0x0119b272
                                                            0x0119b277
                                                            0x00000000
                                                            0x0119b277
                                                            0x0119b235
                                                            0x0119b235
                                                            0x0119b245
                                                            0x0119b247
                                                            0x0119b24c
                                                            0x0119b251
                                                            0x0119b251
                                                            0x00000000
                                                            0x0119b251
                                                            0x0119b1eb
                                                            0x0119b1f1
                                                            0x0119b1f5
                                                            0x0119b1fa
                                                            0x0119b200
                                                            0x0119b200
                                                            0x0119b202
                                                            0x0119b204
                                                            0x0119b204
                                                            0x0119b214
                                                            0x0119b219
                                                            0x0119b21e
                                                            0x0119b21f
                                                            0x0119b21f
                                                            0x0119b225
                                                            0x0119b37d

                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,0119BACA,00000008,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B1DF
                                                            • GetLastError.KERNEL32(?,0119BACA,00000008,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 0119B1EB
                                                            • _memcmp.LIBVCRUNTIME ref: 0119B293
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorHandleLastModule_memcmp
                                                            • String ID: .wix$.wixburn$@Mqt$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$c:\agent\_work\66\s\src\burn\engine\section.cpp
                                                            • API String ID: 3888311042-506847095
                                                            • Opcode ID: 931e524c454117ad47b98a6cebe0f5a6c5c26c15cbbc697e01b275487518e15f
                                                            • Instruction ID: 1373f73f922f91a1288b5dd014b2f7d8122d9fa57c9d43fa7bc941ac28a50bb3
                                                            • Opcode Fuzzy Hash: 931e524c454117ad47b98a6cebe0f5a6c5c26c15cbbc697e01b275487518e15f
                                                            • Instruction Fuzzy Hash: 9C418E32289212B7DF2D5596BC41F6A2655EF91A22B1540ADFD326F280D7A8D403C2AF
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A3AD7 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 54%
                                                            			E011A3AD7(void* __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				short _v528;
				short* _v532;
				int _v536;
				int _v540;
				char _v544;
				void* __ebx;
				void* __esi;
				signed int _t29;
				long _t39;
				intOrPtr _t56;
				void* _t63;
				void* _t64;
				signed int _t66;
				signed short _t69;
				signed int _t72;
				signed short _t78;

				_t64 = __edi;
				_t63 = __edx;
				_t29 =  *0x11fa008; // 0x295f764a
				_v8 = _t29 ^ _t72;
				_t56 = _a4;
				E011BF600(__edi,  &_v528, 0, 0x208);
				_v544 = 0;
				_v532 = 0;
				_v540 = 0;
				_v536 = 0;
				if(GetTempPathW(0x104,  &_v528) != 0) {
					_t69 = E01191CA7( &_v528, 0x104,  &_v540);
					if(_t69 >= 0) {
						_t39 = GetCurrentProcessId();
						__imp__ProcessIdToSessionId(_t39,  &_v544, _t64);
						if(_t39 == 0) {
							_t70 = _v540;
							L17:
							_t69 = E0119229E(_t56,  &_v528, _t70);
							if(_t69 >= 0) {
								L20:
								_pop(_t64);
								L21:
								if(_v532 != 0) {
									E01192762(_v532);
								}
								return E011BDD1F(_t56, _v8 ^ _t72, _t63, _t64, _t69);
							}
							_push("Failed to copy temp folder.");
							L19:
							_push(_t69);
							E011CFB09();
							goto L20;
						}
						_t69 = E01192022( &_v532, L"%u\\", _v544);
						if(_t69 >= 0) {
							_t69 = E01191CA7(_v532, 0x7fffffff,  &_v536);
							if(_t69 >= 0) {
								_t70 = _v540;
								_t66 = _v540 - _v536;
								if(CompareStringW(0, 0,  &(( &_v528)[_t66]), _v536, _v532, _v536) == 2) {
									_t70 = _t66;
								}
								goto L17;
							}
							_push("Failed to get length of session id string.");
							goto L19;
						}
						_push("Failed to format session id as a string.");
						goto L19;
					}
					_push("Failed to get length of temp folder.");
					L6:
					_push(_t69);
					E011CFB09();
					goto L21;
				}
				_t69 = GetLastError();
				if(_t69 > 0) {
					_t69 = _t69 & 0x0000ffff | 0x80070000;
					_t78 = _t69;
				}
				if(_t78 >= 0) {
					_t69 = 0x80004005;
				}
				E011938BA(_t54, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\logging.cpp", 0x28d, _t69);
				_push("Failed to get temp folder.");
				goto L6;
			}




















                                                            0x011a3ad7
                                                            0x011a3ad7
                                                            0x011a3ae0
                                                            0x011a3ae7
                                                            0x011a3aeb
                                                            0x011a3afe
                                                            0x011a3b06
                                                            0x011a3b12
                                                            0x011a3b18
                                                            0x011a3b1e
                                                            0x011a3b33
                                                            0x011a3b89
                                                            0x011a3b8d
                                                            0x011a3b9e
                                                            0x011a3ba5
                                                            0x011a3bad
                                                            0x011a3c3e
                                                            0x011a3c44
                                                            0x011a3c52
                                                            0x011a3c56
                                                            0x011a3c65
                                                            0x011a3c65
                                                            0x011a3c66
                                                            0x011a3c6d
                                                            0x011a3c75
                                                            0x011a3c75
                                                            0x011a3c89
                                                            0x011a3c89
                                                            0x011a3c58
                                                            0x011a3c5d
                                                            0x011a3c5d
                                                            0x011a3c5e
                                                            0x00000000
                                                            0x011a3c64
                                                            0x011a3bca
                                                            0x011a3bd1
                                                            0x011a3bf4
                                                            0x011a3bf8
                                                            0x011a3c07
                                                            0x011a3c1b
                                                            0x011a3c38
                                                            0x011a3c3a
                                                            0x011a3c3a
                                                            0x00000000
                                                            0x011a3c38
                                                            0x011a3bfa
                                                            0x00000000
                                                            0x011a3bfa
                                                            0x011a3bd3
                                                            0x00000000
                                                            0x011a3bd3
                                                            0x011a3b8f
                                                            0x011a3b68
                                                            0x011a3b68
                                                            0x011a3b69
                                                            0x00000000
                                                            0x011a3b6f
                                                            0x011a3b3b
                                                            0x011a3b3f
                                                            0x011a3b44
                                                            0x011a3b4a
                                                            0x011a3b4a
                                                            0x011a3b4c
                                                            0x011a3b4e
                                                            0x011a3b4e
                                                            0x011a3b5e
                                                            0x011a3b63
                                                            0x00000000

                                                            APIs
                                                            • GetTempPathW.KERNEL32(00000104,?,?,00000000,crypt32.dll), ref: 011A3B2B
                                                            • GetLastError.KERNEL32(?,00000000,crypt32.dll), ref: 011A3B35
                                                            • GetCurrentProcessId.KERNEL32(?,?,?,00000104,?,?,00000000,crypt32.dll), ref: 011A3B9E
                                                            • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,crypt32.dll), ref: 011A3BA5
                                                            • CompareStringW.KERNEL32(00000000,00000000,?,?,?,?,?,7FFFFFFF,?,?,?,?,?,00000000,crypt32.dll), ref: 011A3C2F
                                                            Strings
                                                            • Failed to format session id as a string., xrefs: 011A3BD3
                                                            • crypt32.dll, xrefs: 011A3AEA
                                                            • Failed to get length of session id string., xrefs: 011A3BFA
                                                            • %u\, xrefs: 011A3BBF
                                                            • Failed to get length of temp folder., xrefs: 011A3B8F
                                                            • Jv_), xrefs: 011A3AE0
                                                            • @Mqt, xrefs: 011A3B35
                                                            • c:\agent\_work\66\s\src\burn\engine\logging.cpp, xrefs: 011A3B59
                                                            • Failed to get temp folder., xrefs: 011A3B63
                                                            • Failed to copy temp folder., xrefs: 011A3C58
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Process$CompareCurrentErrorLastPathSessionStringTemp
                                                            • String ID: %u\$@Mqt$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$Jv_)$c:\agent\_work\66\s\src\burn\engine\logging.cpp$crypt32.dll
                                                            • API String ID: 2407829081-2213466260
                                                            • Opcode ID: 69e026acbe0a23e8fbccb097a41c5c0887309734c971283e9ae935833093d5a4
                                                            • Instruction ID: 17fb956967af0fb1306e5c160f6cd5ef3e4f7b940cffecd12ee5ce6e56efb1f5
                                                            • Opcode Fuzzy Hash: 69e026acbe0a23e8fbccb097a41c5c0887309734c971283e9ae935833093d5a4
                                                            • Instruction Fuzzy Hash: FD41E776D9123E6BCB399B659C4CFD9BBB9BF20710F1101A6E928B7140D7709E80CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CF58A Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 76libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 85%
                                                            			E011CF58A() {
				_Unknown_base(*)()* _t2;
				_Unknown_base(*)()* _t5;
				signed short _t6;
				signed short _t11;
				signed short _t21;

				_t11 = E011938BD(L"AdvApi32.dll", 0x11fb5b8);
				if(_t11 < 0) {
					_t2 =  *0x11fb5ac; // 0x745b2af0
				} else {
					 *0x11fb5a8 = GetProcAddress( *0x11fb5b8, "SystemFunction040");
					_t2 = GetProcAddress( *0x11fb5b8, "SystemFunction041");
					 *0x11fb5ac = _t2;
				}
				if( *0x11fb5a8 == 0 || _t2 == 0) {
					_t11 = E011938BD(L"Crypt32.dll", 0x11fb5bc);
					if(_t11 >= 0) {
						_t5 = GetProcAddress( *0x11fb5bc, "CryptProtectMemory");
						 *0x11fb5b0 = _t5;
						if( *0x11fb5a8 != 0 || _t5 != 0) {
							_t6 = GetProcAddress( *0x11fb5bc, "CryptUnprotectMemory");
							__eflags =  *0x11fb5ac;
							 *0x11fb5b4 = _t6;
							if( *0x11fb5ac != 0) {
								goto L21;
							} else {
								__eflags = _t6;
								if(_t6 != 0) {
									goto L21;
								} else {
									_t11 = GetLastError();
									__eflags = _t11;
									if(__eflags > 0) {
										_t11 = _t11 & 0x0000ffff | 0x80070000;
										__eflags = _t11;
									}
									if(__eflags >= 0) {
										_t11 = 0x80004005;
									}
									_push(_t11);
									_push(0x2d);
									goto L13;
								}
							}
						} else {
							_t11 = GetLastError();
							if(_t11 > 0) {
								_t11 = _t11 & 0x0000ffff | 0x80070000;
								_t21 = _t11;
							}
							if(_t21 >= 0) {
								_t11 = 0x80004005;
							}
							_push(_t11);
							_push(0x28);
							L13:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\cryputil.cpp");
							E011938BA(_t7);
						}
					}
				} else {
					L21:
					 *0x11fb5c0 = 1;
				}
				return _t11;
			}








                                                            0x011cf5a1
                                                            0x011cf5a5
                                                            0x011cf5cd
                                                            0x011cf5a7
                                                            0x011cf5bf
                                                            0x011cf5c4
                                                            0x011cf5c6
                                                            0x011cf5c6
                                                            0x011cf5d9
                                                            0x011cf5f2
                                                            0x011cf5f6
                                                            0x011cf607
                                                            0x011cf610
                                                            0x011cf615
                                                            0x011cf653
                                                            0x011cf655
                                                            0x011cf65c
                                                            0x011cf661
                                                            0x00000000
                                                            0x011cf663
                                                            0x011cf663
                                                            0x011cf665
                                                            0x00000000
                                                            0x011cf667
                                                            0x011cf66d
                                                            0x011cf66f
                                                            0x011cf671
                                                            0x011cf676
                                                            0x011cf67c
                                                            0x011cf67c
                                                            0x011cf67e
                                                            0x011cf680
                                                            0x011cf680
                                                            0x011cf685
                                                            0x011cf686
                                                            0x00000000
                                                            0x011cf686
                                                            0x011cf665
                                                            0x011cf61b
                                                            0x011cf621
                                                            0x011cf625
                                                            0x011cf62a
                                                            0x011cf630
                                                            0x011cf630
                                                            0x011cf632
                                                            0x011cf634
                                                            0x011cf634
                                                            0x011cf639
                                                            0x011cf63a
                                                            0x011cf63c
                                                            0x011cf63c
                                                            0x011cf641
                                                            0x011cf641
                                                            0x011cf615
                                                            0x011cf68a
                                                            0x011cf68a
                                                            0x011cf68a
                                                            0x011cf68a
                                                            0x011cf698

                                                            APIs
                                                            • GetProcAddress.KERNEL32(SystemFunction040,AdvApi32.dll), ref: 011CF5B2
                                                            • GetProcAddress.KERNEL32(SystemFunction041), ref: 011CF5C4
                                                            • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 011CF607
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 011CF61B
                                                            • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 011CF653
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 011CF667
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$ErrorLast
                                                            • String ID: @Mqt$AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$c:\agent\_work\66\s\src\libs\dutil\cryputil.cpp
                                                            • API String ID: 4214558900-1655854694
                                                            • Opcode ID: 5ea8f1255819a58be7b10fe54c63557d543f640f4af269e2d7ab3abe069086dd
                                                            • Instruction ID: eedf963d0cad6ab25bc8368d63fa0ee38b5f47a776e600a3079d3d065c3e4323
                                                            • Opcode Fuzzy Hash: 5ea8f1255819a58be7b10fe54c63557d543f640f4af269e2d7ab3abe069086dd
                                                            • Instruction Fuzzy Hash: 9921F87294533367D73D5A75EC087463D56AB20F54F06413DEE20BB274E76888868F88
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119A249 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 140registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E0119A249(intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				int* _v12;
				int* _v16;
				int _v20;
				void* _t35;
				signed short _t46;
				signed short _t47;
				intOrPtr _t54;
				signed int _t58;
				void* _t63;
				signed short _t65;
				void* _t67;

				_t54 = _a4;
				_t58 =  *(_t54 + 0x24);
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				if(E01197303(_a8,  *((intOrPtr*)(_t54 + 0x1c)),  &_v8, 0) >= 0) {
					asm("sbb edi, edi");
					_t65 = E011D0823( *((intOrPtr*)(_t54 + 0x18)), _v8, ( ~_t58 & 0x00000100) + 1,  &_v16);
					__eflags = _t65;
					if(_t65 >= 0) {
						_t35 = 0;
						_t63 = 1;
						__eflags =  *(_t54 + 0x20);
						if( *(_t54 + 0x20) == 0) {
							L20:
							_t65 = E01198274(_a8,  *((intOrPtr*)(_t54 + 4)), _t63, _t35, 0);
							__eflags = _t65;
							if(_t65 >= 0) {
								L25:
								E0119287D(_v8);
								E0119287D(_v12);
								if(_v16 != 0) {
									RegCloseKey(_v16);
								}
								return _t65;
							}
							_push("Failed to set variable.");
							L22:
							_push(_t65);
							E011CFB09();
							L23:
							if(_t65 < 0) {
								_push(_t65);
								E011CFFF0(2, "RegistrySearchExists failed: ID \'%ls\', HRESULT 0x%x", _v8);
							}
							goto L25;
						}
						_t65 = E01197303(_a8,  *(_t54 + 0x20),  &_v12, 0);
						__eflags = _t65;
						if(_t65 >= 0) {
							_t46 = RegQueryValueExW(_v16, _v12, 0,  &_v20, 0, 0);
							_t65 = _t46;
							_t47 = _t46;
							__eflags = _t47;
							if(_t47 == 0) {
								L19:
								_t35 = 0;
								__eflags = 0;
								goto L20;
							}
							__eflags = _t47 == 0;
							if(_t47 == 0) {
								_push(_v12);
								E011CFFF0(2, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v8);
								_t67 = _t67 + 0x10;
								L18:
								_t63 = 0;
								__eflags = 0;
								goto L19;
							}
							_t35 = 0;
							__eflags = _t65;
							if(__eflags == 0) {
								goto L20;
							}
							if(__eflags > 0) {
								_t65 = _t65 & 0x0000ffff | 0x80070000;
								__eflags = _t65;
							}
							if(__eflags >= 0) {
								_t65 = 0x80004005;
							}
							E011938BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x322, _t65);
							_push("Failed to query registry key value.");
							goto L22;
						}
						_push("Failed to format value string.");
						goto L22;
					}
					_push(_v8);
					__eflags = _t65 - 0x80070002;
					if(_t65 != 0x80070002) {
						_push("Failed to open registry key. Key = \'%ls\'");
						_push(_t65);
						E011CFB09();
						_t67 = _t67 + 0xc;
						goto L23;
					}
					_push("Registry key not found. Key = \'%ls\'");
					_push(2);
					E011CFFF0();
					_t67 = _t67 + 0xc;
					goto L18;
				}
				_push("Failed to format key string.");
				goto L22;
			}















                                                            0x0119a250
                                                            0x0119a258
                                                            0x0119a25b
                                                            0x0119a25e
                                                            0x0119a261
                                                            0x0119a264
                                                            0x0119a27a
                                                            0x0119a28c
                                                            0x0119a2a1
                                                            0x0119a2a3
                                                            0x0119a2a5
                                                            0x0119a2db
                                                            0x0119a2dd
                                                            0x0119a2de
                                                            0x0119a2e1
                                                            0x0119a373
                                                            0x0119a382
                                                            0x0119a384
                                                            0x0119a386
                                                            0x0119a3ac
                                                            0x0119a3af
                                                            0x0119a3b7
                                                            0x0119a3c0
                                                            0x0119a3c5
                                                            0x0119a3c5
                                                            0x0119a3d1
                                                            0x0119a3d1
                                                            0x0119a388
                                                            0x0119a38d
                                                            0x0119a38d
                                                            0x0119a38e
                                                            0x0119a395
                                                            0x0119a397
                                                            0x0119a399
                                                            0x0119a3a4
                                                            0x0119a3a9
                                                            0x00000000
                                                            0x0119a397
                                                            0x0119a2f7
                                                            0x0119a2f9
                                                            0x0119a2fb
                                                            0x0119a316
                                                            0x0119a31c
                                                            0x0119a31e
                                                            0x0119a31e
                                                            0x0119a321
                                                            0x0119a371
                                                            0x0119a371
                                                            0x0119a371
                                                            0x00000000
                                                            0x0119a371
                                                            0x0119a324
                                                            0x0119a327
                                                            0x0119a35a
                                                            0x0119a367
                                                            0x0119a36c
                                                            0x0119a36f
                                                            0x0119a36f
                                                            0x0119a36f
                                                            0x00000000
                                                            0x0119a36f
                                                            0x0119a329
                                                            0x0119a32b
                                                            0x0119a32d
                                                            0x00000000
                                                            0x00000000
                                                            0x0119a32f
                                                            0x0119a334
                                                            0x0119a33a
                                                            0x0119a33a
                                                            0x0119a33c
                                                            0x0119a33e
                                                            0x0119a33e
                                                            0x0119a34e
                                                            0x0119a353
                                                            0x00000000
                                                            0x0119a353
                                                            0x0119a2fd
                                                            0x00000000
                                                            0x0119a2fd
                                                            0x0119a2a7
                                                            0x0119a2aa
                                                            0x0119a2b0
                                                            0x0119a2c6
                                                            0x0119a2cb
                                                            0x0119a2cc
                                                            0x0119a2d1
                                                            0x00000000
                                                            0x0119a2d1
                                                            0x0119a2b2
                                                            0x0119a2b7
                                                            0x0119a2b9
                                                            0x0119a2be
                                                            0x00000000
                                                            0x0119a2be
                                                            0x0119a27c
                                                            0x00000000

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 0119A271
                                                            • RegCloseKey.ADVAPI32(00000000,00000100,00000000,000002C0,?,00000001,00000000,00000000,?,00000000,?,000002C0,000002C0,?,00000000,00000000), ref: 0119A3C5
                                                            Strings
                                                            • Failed to open registry key. Key = '%ls', xrefs: 0119A2C6
                                                            • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 0119A39D
                                                            • Failed to format value string., xrefs: 0119A2FD
                                                            • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0119A360
                                                            • Failed to format key string., xrefs: 0119A27C
                                                            • Registry key not found. Key = '%ls', xrefs: 0119A2B2
                                                            • c:\agent\_work\66\s\src\burn\engine\search.cpp, xrefs: 0119A349
                                                            • Failed to set variable., xrefs: 0119A388
                                                            • Failed to query registry key value., xrefs: 0119A353
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseOpen@16
                                                            • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$c:\agent\_work\66\s\src\burn\engine\search.cpp
                                                            • API String ID: 1561904661-635686934
                                                            • Opcode ID: a03fbc1ae2338a35eb5d5ab14e6663653f91c868d11cea846b6322d21c63c21a
                                                            • Instruction ID: a4421723ad981390cbb04018fbf82c66c9db531663085f6cdc19cd0db55a080e
                                                            • Opcode Fuzzy Hash: a03fbc1ae2338a35eb5d5ab14e6663653f91c868d11cea846b6322d21c63c21a
                                                            • Instruction Fuzzy Hash: B9412272D04026BBDF1EAEA8EC01FAE7EA9EF14710F014265FD20A7151E7B19B149691
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01197FA2 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 215COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E01197FA2(void* __edi, void* __eflags, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				struct _CRITICAL_SECTION* _t62;
				char* _t63;
				char* _t64;
				intOrPtr _t72;
				void* _t74;
				char* _t79;
				void* _t80;
				char* _t91;
				void* _t95;
				signed int _t98;
				void* _t99;
				void* _t103;
				void* _t104;
				void* _t107;
				intOrPtr _t108;
				intOrPtr* _t112;
				void* _t114;

				_v24 = 0;
				_v20 = 0;
				_v8 = 0;
				_v32 = 0;
				_v28 = 0;
				EnterCriticalSection(_a4);
				_t114 = E011CF1AF(_a12, _a16,  *((intOrPtr*)(_a4 + 0x1c)));
				if(_t114 >= 0) {
					_t62 = _a4;
					_v12 = _v12 & 0x00000000;
					if( *((intOrPtr*)(_t62 + 0x1c)) <= 0) {
						L45:
						LeaveCriticalSection(_t62);
						_t107 = 8;
						_t99 = _t107;
						_t63 =  &_v24;
						do {
							 *_t63 = 0;
							_t63 = _t63 + 1;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						_t64 =  &_v32;
						do {
							 *_t64 = 0;
							_t64 = _t64 + 1;
							_t107 = _t107 - 1;
						} while (_t107 != 0);
						E0119287D(_v8);
						return _t114;
					}
					_t108 = 0;
					_v16 = 0;
					do {
						_t112 =  *((intOrPtr*)(_a4 + 0x20)) + _t108;
						if(_a8 != 0) {
							if( *((intOrPtr*)(_t112 + 0x28)) == 0) {
								L6:
								_t95 = 0;
								L7:
								_t114 = E011CF1AF(_a12, _a16, _t95);
								if(_t114 < 0) {
									_push("Failed to write included flag.");
									L43:
									_push(_t114);
									E011CFB09();
									_t62 = _a4;
									L44:
									goto L45;
								}
								if(_t95 == 0) {
									goto L31;
								}
								_t97 = _a16;
								_t114 = E011CF1DD(_t98, _a12, _a16,  *_t112);
								if(_t114 < 0) {
									_push("Failed to write variable name.");
									goto L43;
								}
								_t114 = E011CF1AF(_a12, _t97,  *((intOrPtr*)(_t112 + 0x18)));
								if(_t114 < 0) {
									_push("Failed to write variable value type.");
									goto L43;
								}
								_t72 =  *((intOrPtr*)(_t112 + 0x18));
								if(_t72 == 0) {
									L30:
									_t114 = E011CF1AF(_a12, _t97,  *((intOrPtr*)(_t112 + 0x24)));
									if(_t114 < 0) {
										_push("Failed to write literal flag.");
										goto L43;
									}
									goto L31;
								}
								_t74 = _t72 - 1;
								if(_t74 == 0) {
									_t114 = E011B00BF(_t98, _t112 + 8,  &_v24);
									if(_t114 < 0) {
										_push("Failed to get numeric.");
										goto L43;
									}
									_t114 = E011CF17A(_a12, _t97, _v24, _v20);
									if(_t114 < 0) {
										L33:
										_push("Failed to write variable value as number.");
										goto L43;
									}
									_t103 = 8;
									_t79 =  &_v24;
									do {
										 *_t79 = 0;
										_t79 = _t79 + 1;
										_t103 = _t103 - 1;
									} while (_t103 != 0);
									goto L30;
								}
								_t80 = _t74 - 1;
								if(_t80 == 0) {
									_t114 = E011B0132(_t112 + 8,  &_v8);
									if(_t114 < 0) {
										_push("Failed to get string.");
										goto L43;
									}
									_t114 = E011CF1DD(_t98, _a12, _t97, _v8);
									if(_t114 < 0) {
										_push("Failed to write variable value as string.");
										goto L43;
									}
									if(_v8 != 0) {
										E0119287D(_v8);
										_v8 = _v8 & 0x00000000;
									}
									goto L30;
								}
								if(_t80 != 1) {
									_t114 = 0x80070057;
									_push("Unsupported variable type.");
									goto L43;
								}
								_t114 = E011B021E(_t98, _t112 + 8,  &_v32);
								if(_t114 < 0) {
									_push("Failed to get version.");
									goto L43;
								}
								_t114 = E011CF17A(_a12, _t97, _v32, _v28);
								if(_t114 < 0) {
									goto L33;
								}
								_t104 = 8;
								_t91 =  &_v32;
								do {
									 *_t91 = 0;
									_t91 = _t91 + 1;
									_t104 = _t104 - 1;
								} while (_t104 != 0);
								goto L30;
							}
							L21:
							_t95 = 1;
							goto L7;
						}
						if( *((intOrPtr*)(_t112 + 0x2c)) != 2) {
							goto L21;
						}
						goto L6;
						L31:
						_t62 = _a4;
						_t98 = _v12 + 1;
						_t108 = _v16 + 0x38;
						_v12 = _t98;
						_v16 = _t108;
					} while (_t98 <  *((intOrPtr*)(_t62 + 0x1c)));
					goto L44;
				}
				_push("Failed to write variable count.");
				_push(_t114);
				E011CFB09();
				_t62 = _a4;
				goto L45;
			}



























                                                            0x01197fb0
                                                            0x01197fb3
                                                            0x01197fb6
                                                            0x01197fb9
                                                            0x01197fbc
                                                            0x01197fbf
                                                            0x01197fd4
                                                            0x01197fd8
                                                            0x01197fef
                                                            0x01197ff2
                                                            0x01197ffa
                                                            0x011981e6
                                                            0x011981e7
                                                            0x011981ef
                                                            0x011981f0
                                                            0x011981f2
                                                            0x011981f5
                                                            0x011981f5
                                                            0x011981f8
                                                            0x011981f9
                                                            0x011981f9
                                                            0x011981fe
                                                            0x01198201
                                                            0x01198201
                                                            0x01198204
                                                            0x01198205
                                                            0x01198205
                                                            0x0119820d
                                                            0x01198217
                                                            0x01198217
                                                            0x01198000
                                                            0x01198002
                                                            0x01198006
                                                            0x0119800c
                                                            0x01198012
                                                            0x011980db
                                                            0x01198022
                                                            0x01198022
                                                            0x01198024
                                                            0x01198030
                                                            0x01198034
                                                            0x011981d5
                                                            0x011981da
                                                            0x011981da
                                                            0x011981db
                                                            0x011981e0
                                                            0x011981e5
                                                            0x00000000
                                                            0x011981e5
                                                            0x0119803c
                                                            0x00000000
                                                            0x00000000
                                                            0x01198044
                                                            0x01198050
                                                            0x01198054
                                                            0x011981ce
                                                            0x00000000
                                                            0x011981ce
                                                            0x01198066
                                                            0x0119806a
                                                            0x011981c7
                                                            0x00000000
                                                            0x011981c7
                                                            0x01198073
                                                            0x01198076
                                                            0x01198161
                                                            0x0119816d
                                                            0x01198171
                                                            0x011981c0
                                                            0x00000000
                                                            0x011981c0
                                                            0x00000000
                                                            0x01198171
                                                            0x0119807c
                                                            0x0119807f
                                                            0x01198137
                                                            0x0119813b
                                                            0x011981b9
                                                            0x00000000
                                                            0x011981b9
                                                            0x0119814c
                                                            0x01198150
                                                            0x01198191
                                                            0x01198191
                                                            0x00000000
                                                            0x01198191
                                                            0x01198154
                                                            0x01198155
                                                            0x01198158
                                                            0x01198158
                                                            0x0119815b
                                                            0x0119815c
                                                            0x0119815c
                                                            0x00000000
                                                            0x01198158
                                                            0x01198085
                                                            0x01198088
                                                            0x011980f6
                                                            0x011980fa
                                                            0x011981b2
                                                            0x00000000
                                                            0x011981b2
                                                            0x0119810c
                                                            0x01198110
                                                            0x011981ab
                                                            0x00000000
                                                            0x011981ab
                                                            0x0119811a
                                                            0x0119811f
                                                            0x01198124
                                                            0x01198124
                                                            0x00000000
                                                            0x0119811a
                                                            0x0119808d
                                                            0x0119819f
                                                            0x011981a4
                                                            0x00000000
                                                            0x011981a4
                                                            0x011980a0
                                                            0x011980a4
                                                            0x01198198
                                                            0x00000000
                                                            0x01198198
                                                            0x011980b9
                                                            0x011980bd
                                                            0x00000000
                                                            0x00000000
                                                            0x011980c5
                                                            0x011980c6
                                                            0x011980c9
                                                            0x011980c9
                                                            0x011980cc
                                                            0x011980cd
                                                            0x011980cd
                                                            0x00000000
                                                            0x011980d2
                                                            0x011980e1
                                                            0x011980e3
                                                            0x00000000
                                                            0x011980e3
                                                            0x0119801c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01198173
                                                            0x01198176
                                                            0x01198179
                                                            0x0119817d
                                                            0x01198180
                                                            0x01198183
                                                            0x01198186
                                                            0x00000000
                                                            0x0119818f
                                                            0x01197fda
                                                            0x01197fdf
                                                            0x01197fe0
                                                            0x01197fe5
                                                            0x00000000

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 01197FBF
                                                            • LeaveCriticalSection.KERNEL32(?), ref: 011981E7
                                                            Strings
                                                            • Failed to write literal flag., xrefs: 011981C0
                                                            • Failed to write variable value type., xrefs: 011981C7
                                                            • Unsupported variable type., xrefs: 011981A4
                                                            • feclient.dll, xrefs: 0119809A, 011980F0, 01198131
                                                            • Failed to get numeric., xrefs: 011981B9
                                                            • Failed to write variable value as number., xrefs: 01198191
                                                            • Failed to write variable name., xrefs: 011981CE
                                                            • Failed to write variable count., xrefs: 01197FDA
                                                            • Failed to write variable value as string., xrefs: 011981AB
                                                            • Failed to get string., xrefs: 011981B2
                                                            • Failed to get version., xrefs: 01198198
                                                            • Failed to write included flag., xrefs: 011981D5
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID: Failed to get numeric.$Failed to get string.$Failed to get version.$Failed to write included flag.$Failed to write literal flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.$feclient.dll
                                                            • API String ID: 3168844106-2118673349
                                                            • Opcode ID: 47807d4b2be60895e07baabadcb0f4df8b26b27350adcf19a442263398e6b92a
                                                            • Instruction ID: 2741609d4818376bea352a66839e46e9c0ae17d70d36ed7d716c9a139507125b
                                                            • Opcode Fuzzy Hash: 47807d4b2be60895e07baabadcb0f4df8b26b27350adcf19a442263398e6b92a
                                                            • Instruction Fuzzy Hash: 2A71B0B290021EEFDF1EDEA8CD40BAE7BA9BF16714F014129EA21A7250D730D951CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A3F22 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 225sleepCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 75%
                                                            			E011A3F22(void* __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __edi;
				void* __esi;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t51;
				intOrPtr* _t55;
				intOrPtr _t75;
				intOrPtr* _t84;
				intOrPtr* _t85;
				signed char* _t89;
				intOrPtr _t103;
				intOrPtr* _t105;
				char _t108;

				_t92 = __ecx;
				_push(__ecx);
				_t105 = _a4;
				_t108 = 0;
				_v8 = 0;
				_t89 = _t105 + 8;
				E011A3A2C(__ecx, _t105, 0, _t89);
				if(( *_t89 & 0x00000006) == 0) {
					L11:
					_t103 = 0;
					L12:
					_t90 = _t105 + 0xc;
					_t46 =  *(_t105 + 0xc);
					if(_t46 == 0 ||  *_t46 == _t103) {
						_t47 =  *((intOrPtr*)(_t105 + 0x10));
						if(_t47 == 0 ||  *_t47 == _t103) {
							E011CFA47();
							 *_t105 = 2;
							goto L40;
						} else {
							_t108 = E011A3AD7(_t103, _t105,  &_v8);
							if(_t108 >= 0) {
								_t108 = E011CFDEF(_t92, _t103, _t105, _v8,  *((intOrPtr*)(_t105 + 0x10)), 0,  *((intOrPtr*)(_t105 + 0x14)), 0, 0, _t90);
								if(_t108 < 0) {
									E011CFA47();
									_push(2);
									_t108 = 0;
									_pop(1);
								}
								 *_t105 = 1;
								goto L40;
							}
							_push("Failed to get non-session specific TEMP folder.");
							goto L16;
						}
					} else {
						_a4 = _t103;
						_t108 = E01194263(_t92,  &_v8);
						if(_t108 >= 0) {
							_t75 = _a4;
							do {
								if(_t75 != 0) {
									Sleep(0x7d0);
								}
								_t108 = E011CFDEF(0, _t103, _t105, _v8,  *_t90, 0, 0,  *(_t105 + 8) & 0x00000001, 0, _t90);
								_t75 = _a4;
								if(( *(_t105 + 8) & 0x00000001) != 0 && _t108 == 0x80070020) {
									_t75 = _t75 + 1;
									_a4 = _t75;
								}
							} while (_t75 != 0 && _t75 <= 3);
							if(_t108 >= 0) {
								 *_t105 = 1;
								L40:
								if( *_t105 != 1) {
									L52:
									if(_v8 != 0) {
										E01192762(_v8);
									}
									return _t108;
								}
								_t51 = E011933DA( *_t90);
								_a4 = _t51;
								if(_t51 == 0 ||  *_t51 == 0) {
									_t108 = E0119229E(_t105 + 0x10,  *_t90, 0);
									if(_t108 >= 0) {
										goto L49;
									}
									_push("Failed to copy full log path to prefix.");
								} else {
									_t108 = E0119229E(_t105 + 0x10,  *_t90, _t51 -  *_t90 >> 1);
									if(_t108 >= 0) {
										_t108 = E0119229E(_t105 + 0x14, _a4 + 2, 0);
										if(_t108 >= 0) {
											L49:
											_t55 =  *((intOrPtr*)(_t105 + 4));
											if(_t55 != 0 &&  *_t55 != 0) {
												E011982B5(_a8, _t55,  *_t90, 0);
											}
											goto L52;
										}
										_push("Failed to copy log extension to extension.");
										L16:
										_push(_t108);
										E011CFB09();
										goto L52;
									}
									_push("Failed to copy log path to prefix.");
								}
								goto L16;
							}
							E011CFA47();
							 *_t105 = 2;
							if(( *(_t105 + 8) & 0x00000001) == 0) {
								_a4 = _t108;
								_t108 = 0x80070656;
								E011AE59F(0, _a12, _a16, 0x80070656);
								_t81 = _a4;
								if(_a4 >= 0) {
									goto L40;
								}
								E011CFB09(_t81, "Failed to open log: %ls",  *_t90);
								goto L52;
							}
							_t108 = 0;
							goto L40;
						}
						_push("Failed to get current directory.");
						goto L16;
					}
				}
				if(( *_t89 & 0x00000004) == 0) {
					if(( *_t89 & 0x00000002) == 0) {
						L6:
						_t92 = _t105 + 0xc;
						_t103 = 0;
						_t84 =  *((intOrPtr*)(_t105 + 0xc));
						if(_t84 == 0 ||  *_t84 == 0) {
							_t85 =  *((intOrPtr*)(_t105 + 0x10));
							if(_t85 == 0 ||  *_t85 == _t103) {
								E01192EBC(_t103, _t103, L"Setup", _t103, "log", _t92, _t103);
								goto L11;
							} else {
								goto L12;
							}
						} else {
							goto L12;
						}
					}
					_push(0);
					_push(3);
					L5:
					E011CFF78();
					goto L6;
				}
				_push(0);
				_push(4);
				goto L5;
			}

















                                                            0x011a3f22
                                                            0x011a3f25
                                                            0x011a3f29
                                                            0x011a3f2e
                                                            0x011a3f30
                                                            0x011a3f33
                                                            0x011a3f37
                                                            0x011a3f3f
                                                            0x011a3f8b
                                                            0x011a3f8b
                                                            0x011a3f8d
                                                            0x011a3f8d
                                                            0x011a3f90
                                                            0x011a3f94
                                                            0x011a4066
                                                            0x011a406b
                                                            0x011a40ba
                                                            0x011a40bf
                                                            0x00000000
                                                            0x011a4072
                                                            0x011a407b
                                                            0x011a407f
                                                            0x011a409f
                                                            0x011a40a3
                                                            0x011a40a5
                                                            0x011a40ac
                                                            0x011a40ae
                                                            0x011a40b0
                                                            0x011a40b0
                                                            0x011a40b6
                                                            0x00000000
                                                            0x011a40b6
                                                            0x011a4081
                                                            0x00000000
                                                            0x011a4081
                                                            0x011a3fa3
                                                            0x011a3fa6
                                                            0x011a3faf
                                                            0x011a3fb3
                                                            0x011a3fc7
                                                            0x011a3fca
                                                            0x011a3fcc
                                                            0x011a3fd3
                                                            0x011a3fd3
                                                            0x011a3ff4
                                                            0x011a3ff6
                                                            0x011a3ff9
                                                            0x011a4003
                                                            0x011a4004
                                                            0x011a4004
                                                            0x011a4007
                                                            0x011a4012
                                                            0x011a405e
                                                            0x011a40c5
                                                            0x011a40c8
                                                            0x011a4160
                                                            0x011a4164
                                                            0x011a4169
                                                            0x011a4169
                                                            0x011a4174
                                                            0x011a4174
                                                            0x011a40d0
                                                            0x011a40d5
                                                            0x011a40da
                                                            0x011a4136
                                                            0x011a413a
                                                            0x00000000
                                                            0x00000000
                                                            0x011a413c
                                                            0x011a40e3
                                                            0x011a40f5
                                                            0x011a40f9
                                                            0x011a4118
                                                            0x011a411c
                                                            0x011a4146
                                                            0x011a4146
                                                            0x011a414b
                                                            0x011a415b
                                                            0x011a415b
                                                            0x00000000
                                                            0x011a414b
                                                            0x011a411e
                                                            0x011a3fba
                                                            0x011a3fba
                                                            0x011a3fbb
                                                            0x00000000
                                                            0x011a3fc1
                                                            0x011a40fb
                                                            0x011a40fb
                                                            0x00000000
                                                            0x011a40da
                                                            0x011a4014
                                                            0x011a401d
                                                            0x011a4023
                                                            0x011a402e
                                                            0x011a4031
                                                            0x011a403d
                                                            0x011a4042
                                                            0x011a4047
                                                            0x00000000
                                                            0x00000000
                                                            0x011a4051
                                                            0x00000000
                                                            0x011a4056
                                                            0x011a4027
                                                            0x00000000
                                                            0x011a4027
                                                            0x011a3fb5
                                                            0x00000000
                                                            0x011a3fb5
                                                            0x011a3f94
                                                            0x011a3f44
                                                            0x011a3f50
                                                            0x011a3f5c
                                                            0x011a3f5c
                                                            0x011a3f5f
                                                            0x011a3f61
                                                            0x011a3f65
                                                            0x011a3f6c
                                                            0x011a3f71
                                                            0x011a3f86
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011a3f65
                                                            0x011a3f54
                                                            0x011a3f55
                                                            0x011a3f57
                                                            0x011a3f57
                                                            0x00000000
                                                            0x011a3f57
                                                            0x011a3f48
                                                            0x011a3f49
                                                            0x00000000

                                                            APIs
                                                              • Part of subcall function 011A3A2C: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000000,?,?,?,?,011A3F3C,feclient.dll,?,00000000,?,?,?,01194B57), ref: 011A3ACD
                                                            • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,01194B57,?,?,011DA488,?,00000001,00000000,00000000), ref: 011A3FD3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseSleep
                                                            • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                            • API String ID: 2834455192-2673269691
                                                            • Opcode ID: cad393af5ab1f1d16ede5ed14cd865a84d6e5e1ca007af6ae0f857043351ba6a
                                                            • Instruction ID: a6535ca83e57db7baab31340ba38a89a693370c9c53c3f46693d44beb7fcc268
                                                            • Opcode Fuzzy Hash: cad393af5ab1f1d16ede5ed14cd865a84d6e5e1ca007af6ae0f857043351ba6a
                                                            • Instruction Fuzzy Hash: EC61F279A10216BEEF2E9F78CD45B7A7FACFF10644B494529E811DB540E7B0EC4087A2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01196DCB Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 164COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 44%
                                                            			E01196DCB(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, signed int* _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _t43;
				signed int _t52;
				void* _t54;
				void* _t56;
				char* _t57;
				struct _CRITICAL_SECTION* _t68;
				signed int _t71;
				signed int _t75;
				signed int _t76;
				intOrPtr _t78;
				intOrPtr _t80;
				unsigned int _t81;
				intOrPtr _t84;
				void* _t87;
				intOrPtr _t88;
				signed int* _t89;
				void* _t91;

				_t70 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t68 = _a4;
				EnterCriticalSection(_t68);
				_t84 = _a8;
				_t87 = E011956E2(_t70, _t68, _t84,  &_v8);
				if(_t87 >= 0) {
					_t43 = _v8;
					if(_t87 != 1) {
						_t78 =  *((intOrPtr*)(_t68 + 0x20));
						_t71 = _t43 * 0x38;
						_t88 =  *((intOrPtr*)(_t71 + _t78 + 0x2c));
						if(_t88 <= 0 || _a20 == 1 || _a20 == 2 &&  *((intOrPtr*)(_t71 + _t78 + 0x28)) != 0 || _a20 == 3 && _t88 != 2) {
							L14:
							_t89 = _a12;
							if(_a24 == 0) {
								L30:
								_a20 = _v8 * 0x38;
								_t87 = E011B03A6( *((intOrPtr*)(_t68 + 0x20)) + 8 + _v8 * 0x38, _t89);
								if(_t87 >= 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t68 + 0x20)) + _a20 + 0x24)) = _a16;
									goto L33;
								}
								_push(_t84);
								_push("Failed to set value of variable: %ls");
								goto L2;
							}
							_t80 =  *((intOrPtr*)(_t68 + 0x20));
							_t75 = _t43 * 0x38;
							if( *((intOrPtr*)(_t75 + _t80 + 0x2c)) != 0) {
								goto L30;
							}
							if( *((intOrPtr*)(_t75 + _t80 + 0x20)) == 0) {
								_t52 = _t89[4];
								if(_t52 == 0) {
									if( *((intOrPtr*)(_t75 + _t80 + 0x18)) == 0) {
										goto L30;
									}
									_push( *_t89);
									_push(_t84);
									_push("Unsetting variable \'%ls\'");
									L29:
									_push(2);
									E011CFFF0();
									_t91 = _t91 + 0x10;
									goto L30;
								}
								_t54 = _t52 - 1;
								if(_t54 == 0) {
									_push(_t89[1]);
									_push( *_t89);
									E011CFFF0(2, "Setting numeric variable \'%ls\' to value %lld", _t84);
									_t91 = _t91 + 0x14;
									goto L30;
								}
								_t56 = _t54 - 1;
								if(_t56 == 0) {
									_t57 = "Unsetting variable \'%ls\'";
									if( *_t89 != 0) {
										_t57 = "Setting string variable \'%ls\' to value \'%ls\'";
									}
									_push( *_t89);
									_push(_t84);
									_push(_t57);
									goto L29;
								}
								if(_t56 == 1) {
									_t76 =  *_t89;
									_t81 = _t89[1];
									_push(_t76 & 0x0000ffff);
									_push((_t81 << 0x00000020 | _t76) >> 0x10 & 0x0000ffff);
									_push(_t81 & 0x0000ffff);
									_push(_t81 >> 0x10);
									E011CFFF0(2, "Setting version variable \'%ls\' to value \'%hu.%hu.%hu.%hu\'", _t84);
									_t91 = _t91 + 0x1c;
								}
								goto L30;
							}
							E011CFFF0(2, "Setting hidden variable \'%ls\'", _t84);
							_t91 = _t91 + 0xc;
							goto L30;
						} else {
							_t87 = 0x80070057;
							E011938BA(_t43, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x60b, 0x80070057);
							_push(_t84);
							_push("Attempt to set built-in variable value: %ls");
							L2:
							_push(_t87);
							E011CFB09();
							_t91 = _t91 + 0xc;
							L33:
							LeaveCriticalSection(_t68);
							if(_t87 < 0 && _a24 != 0) {
								_push(_t87);
								E011CFFF0(2, "Setting variable failed: ID \'%ls\', HRESULT 0x%x", _t84);
							}
							return _t87;
						}
					}
					_t87 = E01196C3C(_t70, _t68, _t84, _t43);
					if(_t87 >= 0) {
						_t43 = _v8;
						goto L14;
					}
					_push(_t84);
					_push("Failed to insert variable \'%ls\'.");
					goto L2;
				}
				_push(_t84);
				_push("Failed to find variable value \'%ls\'.");
				goto L2;
			}





















                                                            0x01196dcb
                                                            0x01196dce
                                                            0x01196dcf
                                                            0x01196dd4
                                                            0x01196dda
                                                            0x01196de0
                                                            0x01196dee
                                                            0x01196df2
                                                            0x01196e08
                                                            0x01196e0e
                                                            0x01196e26
                                                            0x01196e29
                                                            0x01196e2c
                                                            0x01196e32
                                                            0x01196e72
                                                            0x01196e76
                                                            0x01196e79
                                                            0x01196f35
                                                            0x01196f3d
                                                            0x01196f4b
                                                            0x01196f4f
                                                            0x01196f65
                                                            0x00000000
                                                            0x01196f65
                                                            0x01196f51
                                                            0x01196f52
                                                            0x00000000
                                                            0x01196f52
                                                            0x01196e7f
                                                            0x01196e82
                                                            0x01196e8a
                                                            0x00000000
                                                            0x00000000
                                                            0x01196e95
                                                            0x01196eaf
                                                            0x01196eb2
                                                            0x01196f21
                                                            0x00000000
                                                            0x00000000
                                                            0x01196f23
                                                            0x01196f25
                                                            0x01196f26
                                                            0x01196f2b
                                                            0x01196f2b
                                                            0x01196f2d
                                                            0x01196f32
                                                            0x00000000
                                                            0x01196f32
                                                            0x01196eb4
                                                            0x01196eb7
                                                            0x01196f05
                                                            0x01196f08
                                                            0x01196f12
                                                            0x01196f17
                                                            0x00000000
                                                            0x01196f17
                                                            0x01196eb9
                                                            0x01196ebc
                                                            0x01196ef3
                                                            0x01196ef8
                                                            0x01196efa
                                                            0x01196efa
                                                            0x01196eff
                                                            0x01196f01
                                                            0x01196f02
                                                            0x00000000
                                                            0x01196f02
                                                            0x01196ec1
                                                            0x01196ec3
                                                            0x01196ec5
                                                            0x01196ecb
                                                            0x01196ed5
                                                            0x01196ed9
                                                            0x01196edd
                                                            0x01196ee6
                                                            0x01196eeb
                                                            0x01196eeb
                                                            0x00000000
                                                            0x01196ec1
                                                            0x01196e9f
                                                            0x01196ea4
                                                            0x00000000
                                                            0x01196e52
                                                            0x01196e52
                                                            0x01196e62
                                                            0x01196e67
                                                            0x01196e68
                                                            0x01196dfa
                                                            0x01196dfa
                                                            0x01196dfb
                                                            0x01196e00
                                                            0x01196f69
                                                            0x01196f6a
                                                            0x01196f72
                                                            0x01196f7a
                                                            0x01196f83
                                                            0x01196f88
                                                            0x01196f91
                                                            0x01196f91
                                                            0x01196e32
                                                            0x01196e18
                                                            0x01196e1c
                                                            0x01196e6f
                                                            0x00000000
                                                            0x01196e6f
                                                            0x01196e1e
                                                            0x01196e1f
                                                            0x00000000
                                                            0x01196e1f
                                                            0x01196df4
                                                            0x01196df5
                                                            0x00000000

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(00000000,011953FA,00000000,01195482,00000000,?,011982B1,?,?,?,00000000,00000000), ref: 01196DDA
                                                              • Part of subcall function 011956E2: CompareStringW.KERNELBASE(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,011965B1,011965B1,?,01195678,?,?,00000000), ref: 0119571E
                                                              • Part of subcall function 011956E2: GetLastError.KERNEL32(?,01195678,?,?,00000000,?,?,011965B1,?,01197F03,?,?,?,?,?), ref: 0119574D
                                                            • LeaveCriticalSection.KERNEL32(00000000,?,?,00000000,00000000,00000000), ref: 01196F6A
                                                            Strings
                                                            • Failed to find variable value '%ls'., xrefs: 01196DF5
                                                            • Unsetting variable '%ls', xrefs: 01196EF3, 01196F26
                                                            • c:\agent\_work\66\s\src\burn\engine\variable.cpp, xrefs: 01196E5D
                                                            • Setting hidden variable '%ls', xrefs: 01196E98
                                                            • Attempt to set built-in variable value: %ls, xrefs: 01196E68
                                                            • Setting numeric variable '%ls' to value %lld, xrefs: 01196F0B
                                                            • Setting string variable '%ls' to value '%ls', xrefs: 01196EFA, 01196F02
                                                            • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 01196EDF
                                                            • Failed to insert variable '%ls'., xrefs: 01196E1F
                                                            • Failed to set value of variable: %ls, xrefs: 01196F52
                                                            • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 01196F7C
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                            • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$c:\agent\_work\66\s\src\burn\engine\variable.cpp
                                                            • API String ID: 2716280545-3393465121
                                                            • Opcode ID: a76cee7a38a5467ac6ae1d0e127ef2cfc196e59ea30e129eb21fc4c6747d7d00
                                                            • Instruction ID: 2cc26eb387e50acd22e7de0e10495961d2a9ffc18a59add7d44aec8fe0311c11
                                                            • Opcode Fuzzy Hash: a76cee7a38a5467ac6ae1d0e127ef2cfc196e59ea30e129eb21fc4c6747d7d00
                                                            • Instruction Fuzzy Hash: 8951F471A00222ABDF3DDE19CC59FAB3BB9EB95B48F15012DF8615A242C335D941C6F2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C8C92 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011C8C92(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x11fa708) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E011C5CE8(_t46);
							E011C880C( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E011C5CE8(_t47);
							E011C890A( *((intOrPtr*)(_t74 + 0x88)));
						}
						E011C5CE8( *((intOrPtr*)(_t74 + 0x7c)));
						E011C5CE8( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E011C5CE8( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E011C5CE8( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E011C5CE8( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E011C5CE8( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E011C8E05( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x11fa128) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E011C5CE8(_t31);
							E011C5CE8( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E011C5CE8(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E011C5CE8(_t74);
			}















                                                            0x011c8c9a
                                                            0x011c8c9e
                                                            0x011c8ca6
                                                            0x011c8caf
                                                            0x011c8cb4
                                                            0x011c8cbb
                                                            0x011c8cc3
                                                            0x011c8ccb
                                                            0x011c8cd6
                                                            0x011c8cdc
                                                            0x011c8cdd
                                                            0x011c8ce5
                                                            0x011c8ced
                                                            0x011c8cf8
                                                            0x011c8cfe
                                                            0x011c8d02
                                                            0x011c8d0d
                                                            0x011c8d13
                                                            0x011c8cb4
                                                            0x011c8d14
                                                            0x011c8d1c
                                                            0x011c8d2f
                                                            0x011c8d42
                                                            0x011c8d50
                                                            0x011c8d5b
                                                            0x011c8d60
                                                            0x011c8d69
                                                            0x011c8d71
                                                            0x011c8d72
                                                            0x011c8d78
                                                            0x011c8d7b
                                                            0x011c8d7e
                                                            0x011c8d85
                                                            0x011c8d87
                                                            0x011c8d8b
                                                            0x011c8d93
                                                            0x011c8d9a
                                                            0x011c8da0
                                                            0x011c8da1
                                                            0x011c8da1
                                                            0x011c8da8
                                                            0x011c8daa
                                                            0x011c8daf
                                                            0x011c8db7
                                                            0x011c8dbc
                                                            0x011c8dbd
                                                            0x011c8dbd
                                                            0x011c8dc0
                                                            0x011c8dc3
                                                            0x011c8dc6
                                                            0x011c8dc9
                                                            0x011c8dc9
                                                            0x011c8ddb

                                                            APIs
                                                            • ___free_lconv_mon.LIBCMT ref: 011C8CD6
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C8829
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C883B
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C884D
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C885F
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C8871
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C8883
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C8895
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C88A7
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C88B9
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C88CB
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C88DD
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C88EF
                                                              • Part of subcall function 011C880C: _free.LIBCMT ref: 011C8901
                                                            • _free.LIBCMT ref: 011C8CCB
                                                              • Part of subcall function 011C5CE8: HeapFree.KERNEL32(00000000,00000000,?,011C89A1,?,00000000,?,00000000,?,011C89C8,?,00000007,?,?,011C8E2A,?), ref: 011C5CFE
                                                              • Part of subcall function 011C5CE8: GetLastError.KERNEL32(?,?,011C89A1,?,00000000,?,00000000,?,011C89C8,?,00000007,?,?,011C8E2A,?,?), ref: 011C5D10
                                                            • _free.LIBCMT ref: 011C8CED
                                                            • _free.LIBCMT ref: 011C8D02
                                                            • _free.LIBCMT ref: 011C8D0D
                                                            • _free.LIBCMT ref: 011C8D2F
                                                            • _free.LIBCMT ref: 011C8D42
                                                            • _free.LIBCMT ref: 011C8D50
                                                            • _free.LIBCMT ref: 011C8D5B
                                                            • _free.LIBCMT ref: 011C8D93
                                                            • _free.LIBCMT ref: 011C8D9A
                                                            • _free.LIBCMT ref: 011C8DB7
                                                            • _free.LIBCMT ref: 011C8DCF
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                            • String ID:
                                                            • API String ID: 161543041-0
                                                            • Opcode ID: 0dc9b50e538a61e727fbc0ddf67afe11e415fae65369c120dc3efd05525d119b
                                                            • Instruction ID: 70b8fff8bbca61a379f3c1ac3b0e70656f8dd7d52fdb590b868381c2c139caca
                                                            • Opcode Fuzzy Hash: 0dc9b50e538a61e727fbc0ddf67afe11e415fae65369c120dc3efd05525d119b
                                                            • Instruction Fuzzy Hash: C0318D316002069FEB69AA7CD9C4BAAB7EAFF30A15F20452EE549D7150DF70F840DB24
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A2C15 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 298COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 89%
                                                            			E011A2C15(signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, int _a24) {
				int _v8;
				char _v12;
				int _v16;
				char _v20;
				intOrPtr* _v24;
				void* __edi;
				int _t107;
				signed int* _t108;
				signed int _t109;
				signed int _t110;
				signed int _t118;
				signed int _t125;
				short* _t126;
				signed int _t130;
				signed int _t131;
				signed int _t138;
				intOrPtr* _t146;
				signed int _t148;
				signed int _t151;
				signed int _t153;
				signed int _t157;
				signed int _t159;
				signed int _t160;
				signed int _t163;
				signed int _t164;
				intOrPtr _t165;
				signed int _t166;
				void* _t167;

				_t146 = _a4;
				_t163 = _a8;
				_v8 = 0;
				 *((intOrPtr*)(_t146 + 0x10)) = 1;
				_t164 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				if( *((intOrPtr*)(_t163 + 0xc)) != 0) {
					L2:
					_t107 = 1;
					L3:
					 *((intOrPtr*)(_t146 + 0x18)) = _t107;
					 *((intOrPtr*)(_t146 + 0x1c)) = 0;
					_t12 = _t163 + 0x40; // 0x6c0065
					_t108 =  *_t12;
					if(_t108 != 0) {
						__eflags =  *_t108;
						if( *_t108 == 0) {
							goto L7;
						}
						goto L6;
					} else {
						_t13 = _t163 + 0x10; // 0x6c0064
						_t108 =  *_t13;
						L6:
						_v8 = _t108;
						L7:
						if( *_t146 != 3) {
							__eflags =  *(_t163 + 0x2c);
							if(__eflags != 0) {
								L44:
								_a24 = 1;
								L45:
								_t64 = _t163 + 0x54; // 0x6c44746c
								_t109 = E011D3B71(_t163, __eflags,  *_t64, 0);
								__eflags = _t109;
								if(_t109 == 0) {
									L48:
									 *(_t146 + 0x14) =  *(_t146 + 0x14) | 0x00000003;
									L51:
									 *(_t146 + 0x14) =  *(_t146 + 0x14) | 0x00000004;
									_t148 = 0;
									 *((intOrPtr*)(_t146 + 0x38)) = 1;
									_a16 = 0;
									__eflags =  *(_t163 + 0xb8);
									if( *(_t163 + 0xb8) <= 0) {
										L61:
										_t110 = _v8;
										__eflags = _t110;
										if(_t110 == 0) {
											L68:
											if(_v12 != 0) {
												E011D4DA3(_t163, _v12);
											}
											if(_v20 != 0) {
												E011D88C5(_v20, _v16);
											}
											return _t164;
										}
										__eflags =  *(_t163 + 0x40);
										if( *(_t163 + 0x40) != 0) {
											L64:
											__eflags = E011B7A93(_t148, _t163, _t110);
											if(__eflags != 0) {
												goto L68;
											}
											_t100 = _t163 + 0x10; // 0x6c0064
											_t164 = E011A0EBF(__eflags, _t146, 1, _v8,  *_t100);
											__eflags = _t164;
											if(_t164 >= 0) {
												goto L68;
											}
											_push("Failed to add registration action for self dependent.");
											L67:
											_push(_t164);
											E011CFB09();
											goto L68;
										}
										__eflags = _a24;
										if(_a24 != 0) {
											goto L68;
										}
										goto L64;
									}
									_t157 = 0;
									__eflags = 0;
									_a20 = 0;
									do {
										_t75 = _t163 + 0xb4; // 0x74757070
										_t118 =  *_t75 + _t157;
										_a12 = _t118;
										__eflags =  *_t118 - 5;
										if( *_t118 != 5) {
											goto L60;
										}
										_a4 = _a4 & 0x00000000;
										__eflags =  *(_t118 + 0xa0);
										if( *(_t118 + 0xa0) <= 0) {
											goto L60;
										}
										_t151 = 0;
										__eflags = 0;
										_a8 = 0;
										do {
											_v24 =  *((intOrPtr*)(_t118 + 0x9c)) + _t151;
											__eflags = E011B7A93(_t151, _t163,  *( *((intOrPtr*)(_t118 + 0x9c)) + _t151));
											if(__eflags != 0) {
												goto L58;
											}
											_t164 = E011A0EBF(__eflags, _t146, 1,  *_v24,  *((intOrPtr*)(_a12 + 0x18)));
											__eflags = _t164;
											if(_t164 < 0) {
												_push("Failed to add registration action for dependent related bundle.");
												goto L67;
											}
											L58:
											_t118 = _a12;
											_t159 = _a4 + 1;
											_t151 = _a8 + 0x10;
											_a4 = _t159;
											_a8 = _t151;
											__eflags = _t159 -  *(_t118 + 0xa0);
										} while (_t159 <  *(_t118 + 0xa0));
										_t148 = _a16;
										_t157 = _a20;
										L60:
										_t148 = _t148 + 1;
										_t157 = _t157 + 0xf8;
										_a16 = _t148;
										_a20 = _t157;
										_t96 = _t163 + 0xb8; // 0x632e6c69
										__eflags = _t148 -  *_t96;
									} while (_t148 <  *_t96);
									goto L61;
								}
								__eflags =  *_t146 - 7;
								if( *_t146 != 7) {
									goto L51;
								}
								_t125 = E011A97D7();
								__eflags = _t125;
								if(_t125 != 0) {
									__eflags =  *_t146 - 7;
									if( *_t146 == 7) {
										_t67 = _t146 + 0x14;
										 *_t67 =  *(_t146 + 0x14) | 0x00000002;
										__eflags =  *_t67;
									}
									goto L51;
								}
								goto L48;
							}
							_a24 = 0;
							__eflags =  *(_t163 + 0x34);
							if(__eflags == 0) {
								goto L45;
							}
							goto L44;
						}
						_t15 = _t163 + 0xbc; // 0x7070
						_t126 =  *_t15;
						_t165 = 2;
						if(_t126 == 0) {
							L11:
							_t18 = _t163 + 0xbc; // 0x7070
							_push( *_t18);
							_t19 = _t163 + 0x44; // 0x320033
							E0119563D(_t165, 0xa00000d1,  *_t19);
							_t167 = _t167 + 0x10;
							L12:
							_t164 = E011D4C78( &_v12, 5, 1);
							if(_t164 >= 0) {
								_t130 = _v8;
								__eflags = _t130;
								if(_t130 == 0) {
									L20:
									__eflags = _a16 - 2;
									if(_a16 == 2) {
										goto L68;
									}
									_t131 = _a20;
									_t166 = 0;
									__eflags = _t131;
									if(_t131 == 0) {
										L26:
										_t153 = _t166;
										_a12 = _t153;
										__eflags =  *(_t163 + 0xb8) - _t166;
										if( *(_t163 + 0xb8) <= _t166) {
											L35:
											_t54 = _t163 + 0x44; // 0x320033
											_t55 = _t163 + 0x4c; // 0x44746553
											_t164 = E011D8705(_t153,  *_t55,  *_t54, _t166, _v12,  &_v20,  &_v16);
											__eflags = _t164 - 0x80070002;
											if(_t164 != 0x80070002) {
												__eflags = _t164;
												if(_t164 < 0) {
													_push("Failed to check for remaining dependents during planning.");
													goto L67;
												}
												__eflags = _v16;
												if(_v16 != 0) {
													 *((intOrPtr*)(_t146 + 0x1c)) = 1;
													 *_a24 =  *_a24 & 0x00000000;
													E0119563D(2, 0xa00000d2, _v16);
												}
												goto L68;
											}
											_t164 = 0;
											goto L68;
										}
										_t160 = _t166;
										_a16 = _t166;
										do {
											_t32 = _t163 + 0xb4; // 0x74757070
											_t138 =  *_t32 + _t160;
											_a20 = _t138;
											__eflags =  *_t138 - 5;
											if( *_t138 != 5) {
												goto L34;
											}
											_a4 = _t166;
											__eflags =  *((intOrPtr*)(_t138 + 0xa0)) - _t166;
											if( *((intOrPtr*)(_t138 + 0xa0)) <= _t166) {
												goto L34;
											}
											_t161 = _t166;
											_a8 = _t166;
											while(1) {
												_t164 = E011B79DE(_t153, _v12,  *((intOrPtr*)( *((intOrPtr*)(_t138 + 0x9c)) + _t161)));
												__eflags = _t164;
												if(_t164 < 0) {
													break;
												}
												_t138 = _a20;
												_t153 = _a4 + 1;
												_t161 = _a8 + 0x10;
												_a4 = _t153;
												_a8 = _a8 + 0x10;
												__eflags = _t153 -  *((intOrPtr*)(_t138 + 0xa0));
												if(_t153 <  *((intOrPtr*)(_t138 + 0xa0))) {
													continue;
												}
												_t153 = _a12;
												_t166 = 0;
												__eflags = 0;
												_t160 = _a16;
												goto L34;
											}
											_push("Failed to add dependent bundle provider key to ignore dependents.");
											goto L67;
											L34:
											_t153 = _t153 + 1;
											_t160 = _t160 + 0xf8;
											_a12 = _t153;
											_a16 = _t160;
											_t50 = _t163 + 0xb8; // 0x632e6c69
											__eflags = _t153 -  *_t50;
										} while (_t153 <  *_t50);
										goto L35;
									}
									__eflags =  *_t131;
									if( *_t131 == 0) {
										goto L26;
									}
									_t164 = E011B79DE(0, _v12, _t131);
									__eflags = _t164;
									if(_t164 >= 0) {
										_t166 = 0;
										__eflags = 0;
										goto L26;
									}
									_push("Failed to add dependents ignored from command-line.");
									goto L67;
								}
								__eflags = E011B7A93(0, _t163, _t130);
								if(__eflags == 0) {
									goto L20;
								}
								_t22 = _t163 + 0x10; // 0x6c0064
								_t164 = E011A0EBF(__eflags, _t146, 2, _v8,  *_t22);
								__eflags = _t164;
								if(_t164 >= 0) {
									_t164 = E011B79DE(0, _v12, _v8);
									__eflags = _t164;
									if(_t164 >= 0) {
										goto L20;
									}
									_push("Failed to add self-dependent to ignore dependents.");
									goto L67;
								}
								_push("Failed to allocate registration action.");
								goto L67;
							}
							_push("Failed to create the string dictionary.");
							goto L67;
						}
						_t16 = _t163 + 0x10; // 0x6c0064
						if(CompareStringW(0, 1,  *_t16, 0xffffffff, _t126, 0xffffffff) != _t165) {
							goto L11;
						}
						 *((intOrPtr*)(_t146 + 0x38)) = _t165;
						goto L12;
					}
				}
				_t107 = 0;
				if(_a12 != 4) {
					goto L3;
				}
				goto L2;
			}































                                                            0x011a2c1c
                                                            0x011a2c23
                                                            0x011a2c29
                                                            0x011a2c2c
                                                            0x011a2c2f
                                                            0x011a2c31
                                                            0x011a2c34
                                                            0x011a2c37
                                                            0x011a2c3d
                                                            0x011a2c47
                                                            0x011a2c47
                                                            0x011a2c49
                                                            0x011a2c49
                                                            0x011a2c4c
                                                            0x011a2c4f
                                                            0x011a2c4f
                                                            0x011a2c54
                                                            0x011a2c5b
                                                            0x011a2c5e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2c56
                                                            0x011a2c56
                                                            0x011a2c56
                                                            0x011a2c60
                                                            0x011a2c60
                                                            0x011a2c63
                                                            0x011a2c66
                                                            0x011a2e33
                                                            0x011a2e36
                                                            0x011a2e40
                                                            0x011a2e40
                                                            0x011a2e43
                                                            0x011a2e44
                                                            0x011a2e47
                                                            0x011a2e4c
                                                            0x011a2e4e
                                                            0x011a2e5e
                                                            0x011a2e5e
                                                            0x011a2e6d
                                                            0x011a2e6d
                                                            0x011a2e71
                                                            0x011a2e73
                                                            0x011a2e7a
                                                            0x011a2e7d
                                                            0x011a2e83
                                                            0x011a2f1e
                                                            0x011a2f1e
                                                            0x011a2f21
                                                            0x011a2f23
                                                            0x011a2f5d
                                                            0x011a2f61
                                                            0x011a2f66
                                                            0x011a2f66
                                                            0x011a2f6f
                                                            0x011a2f77
                                                            0x011a2f77
                                                            0x011a2f82
                                                            0x011a2f82
                                                            0x011a2f25
                                                            0x011a2f29
                                                            0x011a2f31
                                                            0x011a2f38
                                                            0x011a2f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2f3c
                                                            0x011a2f4a
                                                            0x011a2f4c
                                                            0x011a2f4e
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2f50
                                                            0x011a2f55
                                                            0x011a2f55
                                                            0x011a2f56
                                                            0x00000000
                                                            0x011a2f5c
                                                            0x011a2f2b
                                                            0x011a2f2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2f2f
                                                            0x011a2e89
                                                            0x011a2e89
                                                            0x011a2e8b
                                                            0x011a2e8e
                                                            0x011a2e8e
                                                            0x011a2e94
                                                            0x011a2e96
                                                            0x011a2e99
                                                            0x011a2e9c
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2e9e
                                                            0x011a2ea2
                                                            0x011a2ea9
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2eab
                                                            0x011a2eab
                                                            0x011a2ead
                                                            0x011a2eb0
                                                            0x011a2eb8
                                                            0x011a2ec3
                                                            0x011a2ec5
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2eda
                                                            0x011a2edc
                                                            0x011a2ede
                                                            0x011a2f85
                                                            0x00000000
                                                            0x011a2f85
                                                            0x011a2ee4
                                                            0x011a2ee7
                                                            0x011a2eea
                                                            0x011a2eee
                                                            0x011a2ef1
                                                            0x011a2ef4
                                                            0x011a2ef7
                                                            0x011a2ef7
                                                            0x011a2eff
                                                            0x011a2f02
                                                            0x011a2f05
                                                            0x011a2f05
                                                            0x011a2f06
                                                            0x011a2f0c
                                                            0x011a2f0f
                                                            0x011a2f12
                                                            0x011a2f12
                                                            0x011a2f12
                                                            0x00000000
                                                            0x011a2e8e
                                                            0x011a2e50
                                                            0x011a2e53
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2e55
                                                            0x011a2e5a
                                                            0x011a2e5c
                                                            0x011a2e64
                                                            0x011a2e67
                                                            0x011a2e69
                                                            0x011a2e69
                                                            0x011a2e69
                                                            0x011a2e69
                                                            0x00000000
                                                            0x011a2e67
                                                            0x00000000
                                                            0x011a2e5c
                                                            0x011a2e38
                                                            0x011a2e3b
                                                            0x011a2e3e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2e3e
                                                            0x011a2c6c
                                                            0x011a2c6c
                                                            0x011a2c74
                                                            0x011a2c77
                                                            0x011a2c92
                                                            0x011a2c92
                                                            0x011a2c92
                                                            0x011a2c98
                                                            0x011a2ca1
                                                            0x011a2ca6
                                                            0x011a2ca9
                                                            0x011a2cb6
                                                            0x011a2cba
                                                            0x011a2cc6
                                                            0x011a2cc9
                                                            0x011a2ccb
                                                            0x011a2d11
                                                            0x011a2d11
                                                            0x011a2d15
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2d1b
                                                            0x011a2d1e
                                                            0x011a2d20
                                                            0x011a2d22
                                                            0x011a2d44
                                                            0x011a2d44
                                                            0x011a2d46
                                                            0x011a2d49
                                                            0x011a2d4f
                                                            0x011a2dc5
                                                            0x011a2dd1
                                                            0x011a2dd4
                                                            0x011a2ddc
                                                            0x011a2dde
                                                            0x011a2de4
                                                            0x011a2df7
                                                            0x011a2df9
                                                            0x011a2e29
                                                            0x00000000
                                                            0x011a2e29
                                                            0x011a2dfb
                                                            0x011a2dff
                                                            0x011a2e10
                                                            0x011a2e19
                                                            0x011a2e1c
                                                            0x011a2e21
                                                            0x00000000
                                                            0x011a2dff
                                                            0x011a2de6
                                                            0x00000000
                                                            0x011a2de6
                                                            0x011a2d51
                                                            0x011a2d53
                                                            0x011a2d56
                                                            0x011a2d56
                                                            0x011a2d5c
                                                            0x011a2d5e
                                                            0x011a2d61
                                                            0x011a2d64
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2d66
                                                            0x011a2d69
                                                            0x011a2d6f
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2d71
                                                            0x011a2d73
                                                            0x011a2d76
                                                            0x011a2d87
                                                            0x011a2d89
                                                            0x011a2d8b
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2d90
                                                            0x011a2d93
                                                            0x011a2d97
                                                            0x011a2d9a
                                                            0x011a2d9d
                                                            0x011a2da0
                                                            0x011a2da6
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2da8
                                                            0x011a2dab
                                                            0x011a2dab
                                                            0x011a2dad
                                                            0x00000000
                                                            0x011a2dad
                                                            0x011a2ded
                                                            0x00000000
                                                            0x011a2db0
                                                            0x011a2db0
                                                            0x011a2db1
                                                            0x011a2db7
                                                            0x011a2dba
                                                            0x011a2dbd
                                                            0x011a2dbd
                                                            0x011a2dbd
                                                            0x00000000
                                                            0x011a2d56
                                                            0x011a2d24
                                                            0x011a2d27
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2d32
                                                            0x011a2d34
                                                            0x011a2d36
                                                            0x011a2d42
                                                            0x011a2d42
                                                            0x00000000
                                                            0x011a2d42
                                                            0x011a2d38
                                                            0x00000000
                                                            0x011a2d38
                                                            0x011a2cd4
                                                            0x011a2cd6
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2cd8
                                                            0x011a2ce6
                                                            0x011a2ce8
                                                            0x011a2cea
                                                            0x011a2d01
                                                            0x011a2d03
                                                            0x011a2d05
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2d07
                                                            0x00000000
                                                            0x011a2d07
                                                            0x011a2cec
                                                            0x00000000
                                                            0x011a2cec
                                                            0x011a2cbc
                                                            0x00000000
                                                            0x011a2cbc
                                                            0x011a2c7e
                                                            0x011a2c8b
                                                            0x00000000
                                                            0x00000000
                                                            0x011a2c8d
                                                            0x00000000
                                                            0x011a2c8d
                                                            0x011a2c54
                                                            0x011a2c43
                                                            0x011a2c45
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,00007070,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 011A2C83
                                                            Strings
                                                            • Failed to check for remaining dependents during planning., xrefs: 011A2E29
                                                            • Failed to allocate registration action., xrefs: 011A2CEC
                                                            • Failed to create the string dictionary., xrefs: 011A2CBC
                                                            • Failed to add dependents ignored from command-line., xrefs: 011A2D38
                                                            • Failed to add registration action for self dependent., xrefs: 011A2F50
                                                            • crypt32.dll, xrefs: 011A2CCE, 011A2DC8, 011A2EBD, 011A2F32
                                                            • Failed to add dependent bundle provider key to ignore dependents., xrefs: 011A2DED
                                                            • Failed to add self-dependent to ignore dependents., xrefs: 011A2D07
                                                            • wininet.dll, xrefs: 011A2ED0
                                                            • Failed to add registration action for dependent related bundle., xrefs: 011A2F85
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                            • API String ID: 1825529933-1705955799
                                                            • Opcode ID: 36bc30f1d9f6be9fbafd14bff8b2ef66ce8f4f140e3063163337ae07e4984038
                                                            • Instruction ID: a2005e48d43b37460567cd5fda39b36cc7b4020d91d10d2c5f3bb62aefda4501
                                                            • Opcode Fuzzy Hash: 36bc30f1d9f6be9fbafd14bff8b2ef66ce8f4f140e3063163337ae07e4984038
                                                            • Instruction Fuzzy Hash: BCB18E74A00626EFDF2E9F68C840BAE7FB5BF04710F418169E914AB251D770D991CBD2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D3D01 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 251fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 79%
                                                            			E011D3D01(signed short _a4, signed short* _a8, long _a12, long _a16, long _a20, signed short _a24, signed short _a28) {
				void* _v8;
				signed short _v12;
				char _v16;
				WCHAR* _t35;
				signed short _t37;
				void* _t40;
				signed short _t44;
				signed short _t48;
				long _t58;
				signed short _t59;
				signed short _t61;
				signed short _t66;
				intOrPtr _t69;
				void* _t70;
				long _t71;
				signed int _t76;
				signed short _t77;
				long _t78;
				signed short _t80;
				void* _t81;
				signed short* _t82;
				signed short _t83;

				_t78 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						_t35 = _a12;
						__eflags = _t35;
						if(_t35 != 0) {
							__eflags = 0 -  *_t35;
							if(0 !=  *_t35) {
								_t81 = CreateFileW(_t35, 0x80000000, 5, 0, 3, 0x8000080, 0);
								_v8 = _t81;
								__eflags = _t81 - 0xffffffff;
								if(_t81 != 0xffffffff) {
									L20:
									_t37 =  &_v16;
									__imp__GetFileSizeEx(_t81, _t37);
									__eflags = _t37;
									if(_t37 != 0) {
										__eflags = _a16 - _t78;
										if(_a16 == _t78) {
											L37:
											__eflags = _a28;
											if(_a28 == 0) {
												_t69 = _v16;
												_t38 = _v12;
												_t66 = _t69 - _t78;
												_t70 = _t69 - _t78;
												_push(0);
												_pop(0);
												asm("sbb eax, edi");
												__eflags = 0 - _v12;
												if(__eflags > 0) {
													L39:
													_t82 = _a4;
													__eflags =  *_t82;
													if( *_t82 == 0) {
														__eflags = _t66;
														if(_t66 == 0) {
															L42:
															_t83 = 0;
															 *_a8 = 0;
															L67:
															_t40 = _v8;
															__eflags = _t40 - 0xffffffff;
															if(_t40 != 0xffffffff) {
																CloseHandle(_t40);
															}
															L69:
															goto L70;
														}
														_t80 = E011939DF(_t66, 1);
														__eflags = _t80;
														if(_t80 != 0) {
															L52:
															_t71 = 0;
															_t44 = 0;
															_a12 = 0;
															_a24 = 0;
															while(1) {
																_a16 = _t71;
																_t83 = E011CEEC2(_t66, _t44,  &_a16);
																__eflags = _t83;
																if(_t83 < 0) {
																	break;
																}
																_t48 = ReadFile(_v8, _a24 + _t80, _a16,  &_a12, 0);
																__eflags = _t48;
																if(_t48 == 0) {
																	_t83 = GetLastError();
																	__eflags = _t83;
																	if(__eflags > 0) {
																		_t83 = _t83 & 0x0000ffff | 0x80070000;
																		__eflags = _t83;
																	}
																	if(__eflags >= 0) {
																		_t83 = 0x80004005;
																	}
																	E011938BA(_t49, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x3a1, _t83);
																	break;
																}
																_t44 = _a24 + _a12;
																__eflags = _a12;
																_a24 = _t44;
																if(_a12 != 0) {
																	_t71 = 0;
																	__eflags = 0;
																	continue;
																}
																__eflags = _t44 - _t66;
																if(_t44 == _t66) {
																	 *_a4 = _t80;
																	_t80 = 0;
																	 *_a8 = _t66;
																} else {
																	_t83 = 0x8000ffff;
																}
																break;
															}
															__eflags = _t80;
															if(_t80 != 0) {
																E01193AA4(_t80);
															}
															goto L67;
														}
														_t38 = 0x8007000e;
														_push(0x8007000e);
														_t83 = 0x8007000e;
														_push(0x394);
														L26:
														_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp");
														E011938BA(_t38);
														goto L67;
													}
													__eflags = _t66;
													if(_t66 != 0) {
														_t80 = E01193B7C( *_t82, _t66, 1);
														__eflags = _t80;
														if(_t80 != 0) {
															goto L52;
														}
														_t38 = 0x8007000e;
														_push(0x8007000e);
														_t83 = 0x8007000e;
														_push(0x387);
														goto L26;
													}
													E01193AA4( *_t82);
													 *_t82 = 0;
													goto L42;
												}
												if(__eflags < 0) {
													L46:
													_t83 = 0x8007007a;
													_push(0x8007007a);
													_push(0x379);
													goto L26;
												}
												__eflags = _a24 - _t70;
												if(_a24 >= _t70) {
													goto L39;
												}
												goto L46;
											}
											_t66 = _a24;
											__eflags = 0;
											goto L39;
										}
										_t78 = _a20;
										__eflags = 0 - _v12;
										if(__eflags < 0) {
											L32:
											_t58 = SetFilePointer(_t81, _t78, 0, 1);
											__eflags = _t58 - 0xffffffff;
											if(_t58 != 0xffffffff) {
												goto L37;
											}
											_t83 = GetLastError();
											__eflags = _t83;
											if(__eflags > 0) {
												_t83 = _t83 & 0x0000ffff | 0x80070000;
												__eflags = _t83;
											}
											if(__eflags >= 0) {
												goto L37;
											} else {
												_push(_t83);
												_push(0x367);
												goto L26;
											}
										}
										if(__eflags > 0) {
											L31:
											_t83 = 0x80070057;
											goto L67;
										}
										__eflags = _t78 - _v16;
										if(_t78 <= _v16) {
											goto L32;
										}
										goto L31;
									}
									_t83 = GetLastError();
									__eflags = _t83;
									if(__eflags > 0) {
										_t83 = _t83 & 0x0000ffff | 0x80070000;
										__eflags = _t83;
									}
									if(__eflags >= 0) {
										_t83 = 0x80004005;
									}
									_push(_t83);
									_push(0x359);
									goto L26;
								}
								_t59 = GetLastError();
								_t77 = _t59;
								_t76 = _t59 & 0x0000ffff | 0x80070000;
								__eflags = _t59;
								if(_t59 > 0) {
									_t77 = _t76;
								}
								_t83 = 0x80070002;
								__eflags = _t77 - 0x80070002;
								if(_t77 != 0x80070002) {
									__eflags = _t59;
									if(__eflags == 0) {
										_t81 = _v8;
										goto L20;
									}
									_t83 = _t59;
									if(__eflags > 0) {
										_t83 = _t76;
									}
									__eflags = _t83;
									if(_t83 >= 0) {
										_t83 = 0x80004005;
									}
									E011938BA(_t59, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x354, _t83);
								}
								goto L69;
							}
							_t61 = 0x80070057;
							_push(0x80070057);
							_push(0x34a);
							goto L2;
						}
						_t61 = 0x80070057;
						_push(0x80070057);
						_push(0x349);
					} else {
						_t61 = 0x80070057;
						_push(0x80070057);
						_push(0x348);
					}
					goto L2;
				} else {
					_t61 = 0x80070057;
					_push(0x80070057);
					_push(0x347);
					L2:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp");
					_t83 = _t61;
					E011938BA(_t61);
					L70:
					return _t83;
				}
			}

























                                                            0x011d3d09
                                                            0x011d3d0b
                                                            0x011d3d0e
                                                            0x011d3d14
                                                            0x011d3d32
                                                            0x011d3d35
                                                            0x011d3d44
                                                            0x011d3d47
                                                            0x011d3d49
                                                            0x011d3d5a
                                                            0x011d3d5d
                                                            0x011d3d8a
                                                            0x011d3d8c
                                                            0x011d3d8f
                                                            0x011d3d92
                                                            0x011d3ddf
                                                            0x011d3ddf
                                                            0x011d3de4
                                                            0x011d3dea
                                                            0x011d3dec
                                                            0x011d3e1d
                                                            0x011d3e20
                                                            0x011d3e6a
                                                            0x011d3e6a
                                                            0x011d3e6e
                                                            0x011d3e96
                                                            0x011d3e9b
                                                            0x011d3e9e
                                                            0x011d3ea0
                                                            0x011d3ea2
                                                            0x011d3ea4
                                                            0x011d3ea5
                                                            0x011d3ea7
                                                            0x011d3ea9
                                                            0x011d3e75
                                                            0x011d3e75
                                                            0x011d3e78
                                                            0x011d3e7b
                                                            0x011d3ee4
                                                            0x011d3ee6
                                                            0x011d3e8a
                                                            0x011d3e8d
                                                            0x011d3e8f
                                                            0x011d3fa6
                                                            0x011d3fa6
                                                            0x011d3fa9
                                                            0x011d3fac
                                                            0x011d3faf
                                                            0x011d3faf
                                                            0x011d3fb5
                                                            0x00000000
                                                            0x011d3fb5
                                                            0x011d3ef0
                                                            0x011d3ef2
                                                            0x011d3ef4
                                                            0x011d3f08
                                                            0x011d3f08
                                                            0x011d3f0a
                                                            0x011d3f0c
                                                            0x011d3f0f
                                                            0x011d3f16
                                                            0x011d3f16
                                                            0x011d3f24
                                                            0x011d3f26
                                                            0x011d3f28
                                                            0x00000000
                                                            0x00000000
                                                            0x011d3f3c
                                                            0x011d3f42
                                                            0x011d3f44
                                                            0x011d3f74
                                                            0x011d3f76
                                                            0x011d3f78
                                                            0x011d3f7d
                                                            0x011d3f83
                                                            0x011d3f83
                                                            0x011d3f85
                                                            0x011d3f87
                                                            0x011d3f87
                                                            0x011d3f97
                                                            0x00000000
                                                            0x011d3f97
                                                            0x011d3f49
                                                            0x011d3f4c
                                                            0x011d3f50
                                                            0x011d3f53
                                                            0x011d3f14
                                                            0x011d3f14
                                                            0x00000000
                                                            0x011d3f14
                                                            0x011d3f55
                                                            0x011d3f57
                                                            0x011d3f63
                                                            0x011d3f65
                                                            0x011d3f6a
                                                            0x011d3f59
                                                            0x011d3f59
                                                            0x011d3f59
                                                            0x00000000
                                                            0x011d3f57
                                                            0x011d3f9c
                                                            0x011d3f9e
                                                            0x011d3fa1
                                                            0x011d3fa1
                                                            0x00000000
                                                            0x011d3f9e
                                                            0x011d3ef6
                                                            0x011d3efb
                                                            0x011d3efc
                                                            0x011d3efe
                                                            0x011d3e0e
                                                            0x011d3e0e
                                                            0x011d3e13
                                                            0x00000000
                                                            0x011d3e13
                                                            0x011d3e7d
                                                            0x011d3e7f
                                                            0x011d3ecc
                                                            0x011d3ece
                                                            0x011d3ed0
                                                            0x00000000
                                                            0x00000000
                                                            0x011d3ed2
                                                            0x011d3ed7
                                                            0x011d3ed8
                                                            0x011d3eda
                                                            0x00000000
                                                            0x011d3eda
                                                            0x011d3e83
                                                            0x011d3e88
                                                            0x00000000
                                                            0x011d3e88
                                                            0x011d3eab
                                                            0x011d3eb2
                                                            0x011d3eb2
                                                            0x011d3eb7
                                                            0x011d3eb8
                                                            0x00000000
                                                            0x011d3eb8
                                                            0x011d3ead
                                                            0x011d3eb0
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d3eb0
                                                            0x011d3e70
                                                            0x011d3e73
                                                            0x00000000
                                                            0x011d3e73
                                                            0x011d3e22
                                                            0x011d3e27
                                                            0x011d3e2a
                                                            0x011d3e3d
                                                            0x011d3e42
                                                            0x011d3e48
                                                            0x011d3e4b
                                                            0x00000000
                                                            0x00000000
                                                            0x011d3e4f
                                                            0x011d3e51
                                                            0x011d3e53
                                                            0x011d3e58
                                                            0x011d3e5e
                                                            0x011d3e5e
                                                            0x011d3e60
                                                            0x00000000
                                                            0x011d3e62
                                                            0x011d3e62
                                                            0x011d3e63
                                                            0x00000000
                                                            0x011d3e63
                                                            0x011d3e60
                                                            0x011d3e2c
                                                            0x011d3e33
                                                            0x011d3e33
                                                            0x00000000
                                                            0x011d3e33
                                                            0x011d3e2e
                                                            0x011d3e31
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d3e31
                                                            0x011d3df0
                                                            0x011d3df2
                                                            0x011d3df4
                                                            0x011d3df9
                                                            0x011d3dff
                                                            0x011d3dff
                                                            0x011d3e01
                                                            0x011d3e03
                                                            0x011d3e03
                                                            0x011d3e08
                                                            0x011d3e09
                                                            0x00000000
                                                            0x011d3e09
                                                            0x011d3d94
                                                            0x011d3d99
                                                            0x011d3d9b
                                                            0x011d3da1
                                                            0x011d3da3
                                                            0x011d3da5
                                                            0x011d3da5
                                                            0x011d3da7
                                                            0x011d3dac
                                                            0x011d3dae
                                                            0x011d3db4
                                                            0x011d3db6
                                                            0x011d3ddc
                                                            0x00000000
                                                            0x011d3ddc
                                                            0x011d3db8
                                                            0x011d3dba
                                                            0x011d3dbc
                                                            0x011d3dbc
                                                            0x011d3dbe
                                                            0x011d3dc0
                                                            0x011d3dc2
                                                            0x011d3dc2
                                                            0x011d3dd2
                                                            0x011d3dd2
                                                            0x00000000
                                                            0x011d3dae
                                                            0x011d3d5f
                                                            0x011d3d64
                                                            0x011d3d65
                                                            0x00000000
                                                            0x011d3d65
                                                            0x011d3d4b
                                                            0x011d3d50
                                                            0x011d3d51
                                                            0x011d3d37
                                                            0x011d3d37
                                                            0x011d3d3c
                                                            0x011d3d3d
                                                            0x011d3d3d
                                                            0x00000000
                                                            0x011d3d16
                                                            0x011d3d16
                                                            0x011d3d1b
                                                            0x011d3d1c
                                                            0x011d3d21
                                                            0x011d3d21
                                                            0x011d3d26
                                                            0x011d3d28
                                                            0x011d3fb7
                                                            0x011d3fbb
                                                            0x011d3fbb

                                                            APIs
                                                            • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,?,?,00000000,?,00000000,?,?,?), ref: 011D3D7E
                                                            • GetLastError.KERNEL32 ref: 011D3D94
                                                            • GetFileSizeEx.KERNEL32(00000000,?), ref: 011D3DE4
                                                            • GetLastError.KERNEL32 ref: 011D3DEE
                                                            • SetFilePointer.KERNEL32(00000000,?,?,00000001), ref: 011D3E42
                                                            • GetLastError.KERNEL32 ref: 011D3E4D
                                                            • ReadFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,00000001), ref: 011D3F3C
                                                            • CloseHandle.KERNEL32(?), ref: 011D3FAF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: File$ErrorLast$CloseCreateHandlePointerReadSize
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 3286166115-1324176156
                                                            • Opcode ID: 7ae103c37dac780a77c097638e6d47689be314f421600c1ef64cf1a75900f3ff
                                                            • Instruction ID: 7828610406efdfc320d4b6f89a617e87967bcd2e999c95174ee7b4d44fb27498
                                                            • Opcode Fuzzy Hash: 7ae103c37dac780a77c097638e6d47689be314f421600c1ef64cf1a75900f3ff
                                                            • Instruction Fuzzy Hash: A381ECB1A20626ABDB2D8E1D8C44B6F7AA8BF40760F154169FD75EB2C0D774CD008793
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01192EBC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 202sleepfiletimeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 70%
                                                            			E01192EBC(void* __edx, intOrPtr* _a4, char* _a8, signed int _a12, intOrPtr* _a16, intOrPtr _a20, void** _a24) {
				signed int _v8;
				short _v528;
				struct _SYSTEMTIME _v544;
				char _v548;
				WCHAR* _v552;
				char _v556;
				signed int _v560;
				WCHAR* _v564;
				intOrPtr* _v568;
				intOrPtr _v572;
				void** _v576;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				long _t64;
				long _t67;
				void* _t76;
				char* _t77;
				long _t85;
				void** _t89;
				long _t90;
				signed int _t92;
				long _t94;
				char* _t98;
				intOrPtr* _t102;
				void* _t103;
				void* _t104;
				void* _t106;
				intOrPtr* _t107;
				signed int _t111;
				void* _t112;
				void* _t113;
				long _t127;

				_t103 = __edx;
				_t53 =  *0x11fa008; // 0x295f764a
				_v8 = _t53 ^ _t111;
				_v560 = _a12;
				_t98 = _a8;
				_v568 = _a16;
				_t107 = _a4;
				_v572 = _a20;
				_v576 = _a24;
				E011BF600(_t104,  &_v528, 0, 0x208);
				asm("stosd");
				_t113 = _t112 + 0xc;
				_v548 = 0;
				_v556 = 0;
				_v552 = 0;
				asm("stosd");
				_v564 = 0;
				asm("stosd");
				asm("stosd");
				_t106 =  &_v544 | 0xffffffff;
				if(_t107 == 0 ||  *_t107 == 0) {
					_t64 = GetTempPathW(0x104,  &_v528);
					__eflags = _t64;
					if(_t64 != 0) {
						_push( &_v548);
						_push(_t98);
						_push( &_v528);
						goto L10;
					}
					_t108 = GetLastError();
					__eflags = _t108;
					if(__eflags > 0) {
						__eflags = _t108;
					}
					if(__eflags >= 0) {
						_t108 = 0x80004005;
					}
					E011938BA(_t95, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\pathutil.cpp", 0x284, _t108);
					goto L34;
				} else {
					_push( &_v548);
					_push(_t98);
					_push(_t107);
					L10:
					_t67 = E01192E55(0);
					_t108 = _t67;
					if(_t67 < 0) {
						L34:
						if(_v552 != 0) {
							E01192762(_v552);
						}
						if(_v556 != 0) {
							E01192762(_v556);
						}
						if(_v548 != 0) {
							E01192762(_v548);
						}
						return E011BDD1F(_t98, _v8 ^ _t111, _t103, _t106, _t108);
					}
					if(E01193533(0, _v548,  &_v556) != 0) {
						L13:
						_t98 = _v560;
						if(_t98 == 0) {
							_t98 = 0x11da534;
						}
						while(1) {
							_v560 = _v560 & 0x00000000;
							_v564 = _v564 + 1;
							GetLocalTime( &_v544);
							_t102 = _v568;
							_t76 = 0x2e;
							_t77 = 0x11da534;
							if(_t76 !=  *_t102) {
								_t77 = ".";
							}
							_push(_t102);
							_push(_t77);
							_push(_t98);
							_push(_v544.wSecond & 0x0000ffff);
							_push(_v544.wMinute & 0x0000ffff);
							_push(_v544.wHour & 0x0000ffff);
							_push(_v544.wDay & 0x0000ffff);
							_push(_v544.wMonth & 0x0000ffff);
							_push(_v544.wYear & 0x0000ffff);
							_t85 = E01192022( &_v552, L"%ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls", _v548);
							_t108 = _t85;
							_t113 = _t113 + 0x30;
							if(_t85 < 0) {
								break;
							}
							_t106 = CreateFileW(_v552, 0x40000000, 1, 0, 1, 0x80, 0);
							if(_t106 != 0xffffffff) {
								L28:
								_t88 = _v572;
								if(_v572 == 0) {
									L30:
									_t89 = _v576;
									if(_t89 != 0) {
										 *_t89 = _t106;
										_t106 = _t106 | 0xffffffff;
									}
									break;
								}
								_t90 = E0119229E(_t88, _v552, 0);
								_t108 = _t90;
								if(_t90 < 0) {
									break;
								}
								goto L30;
							}
							_t108 = GetLastError();
							if(_t108 == 0x50 || _t108 == 5) {
								Sleep(0x64);
								if(_v564 >= 0xa) {
									goto L23;
								}
								_t108 = 0;
								_t92 = 1;
								goto L24;
							} else {
								L23:
								_t92 = _v560;
								L24:
								if(_t108 > 0) {
									_t127 = _t108;
								}
								if(_t127 < 0) {
									goto L34;
								} else {
									if(_t92 != 0) {
										continue;
									}
									goto L28;
								}
							}
						}
						if(_t106 != 0xffffffff) {
							CloseHandle(_t106);
						}
						goto L34;
					}
					_t94 = E0119415F(_v556, _t74);
					_t108 = _t94;
					if(_t94 < 0) {
						goto L34;
					}
					goto L13;
				}
			}





































                                                            0x01192ebc
                                                            0x01192ec5
                                                            0x01192ecc
                                                            0x01192ed2
                                                            0x01192edc
                                                            0x01192edf
                                                            0x01192ee9
                                                            0x01192eec
                                                            0x01192ef6
                                                            0x01192f0b
                                                            0x01192f18
                                                            0x01192f1b
                                                            0x01192f1e
                                                            0x01192f24
                                                            0x01192f2a
                                                            0x01192f30
                                                            0x01192f31
                                                            0x01192f37
                                                            0x01192f38
                                                            0x01192f39
                                                            0x01192f3e
                                                            0x01192f5c
                                                            0x01192f62
                                                            0x01192f64
                                                            0x01192f9f
                                                            0x01192fa0
                                                            0x01192fa7
                                                            0x00000000
                                                            0x01192fa7
                                                            0x01192f6c
                                                            0x01192f6e
                                                            0x01192f70
                                                            0x01192f7b
                                                            0x01192f7b
                                                            0x01192f7d
                                                            0x01192f7f
                                                            0x01192f7f
                                                            0x01192f8f
                                                            0x00000000
                                                            0x01192f45
                                                            0x01192f4b
                                                            0x01192f4c
                                                            0x01192f4d
                                                            0x01192fa8
                                                            0x01192fa8
                                                            0x01192fad
                                                            0x01192fb1
                                                            0x01193122
                                                            0x01193129
                                                            0x01193131
                                                            0x01193131
                                                            0x0119313d
                                                            0x01193145
                                                            0x01193145
                                                            0x01193151
                                                            0x01193159
                                                            0x01193159
                                                            0x0119316e
                                                            0x0119316e
                                                            0x01192fcb
                                                            0x01192fe3
                                                            0x01192fe3
                                                            0x01192feb
                                                            0x01192fed
                                                            0x01192fed
                                                            0x01192ff2
                                                            0x01192ff2
                                                            0x01192fff
                                                            0x01193006
                                                            0x0119300c
                                                            0x01193014
                                                            0x01193018
                                                            0x0119301d
                                                            0x0119301f
                                                            0x0119301f
                                                            0x01193024
                                                            0x01193025
                                                            0x0119302d
                                                            0x0119302e
                                                            0x01193036
                                                            0x0119303e
                                                            0x01193046
                                                            0x0119304e
                                                            0x01193056
                                                            0x01193069
                                                            0x0119306e
                                                            0x01193070
                                                            0x01193075
                                                            0x00000000
                                                            0x00000000
                                                            0x01193099
                                                            0x0119309e
                                                            0x011930e9
                                                            0x011930e9
                                                            0x011930f1
                                                            0x01193107
                                                            0x01193107
                                                            0x0119310f
                                                            0x01193111
                                                            0x01193113
                                                            0x01193113
                                                            0x00000000
                                                            0x0119310f
                                                            0x011930fc
                                                            0x01193101
                                                            0x01193105
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01193105
                                                            0x011930a6
                                                            0x011930ab
                                                            0x011930b4
                                                            0x011930c1
                                                            0x00000000
                                                            0x00000000
                                                            0x011930c5
                                                            0x011930c7
                                                            0x00000000
                                                            0x011930ca
                                                            0x011930ca
                                                            0x011930ca
                                                            0x011930d0
                                                            0x011930d2
                                                            0x011930dd
                                                            0x011930dd
                                                            0x011930df
                                                            0x00000000
                                                            0x011930e1
                                                            0x011930e3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011930e3
                                                            0x011930df
                                                            0x011930ab
                                                            0x01193119
                                                            0x0119311c
                                                            0x0119311c
                                                            0x00000000
                                                            0x01193119
                                                            0x01192fd4
                                                            0x01192fd9
                                                            0x01192fdd
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01192fdd

                                                            APIs
                                                            • GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 01192F5C
                                                            • GetLastError.KERNEL32 ref: 01192F66
                                                            • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 01193006
                                                            • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 01193093
                                                            • GetLastError.KERNEL32 ref: 011930A0
                                                            • Sleep.KERNEL32(00000064), ref: 011930B4
                                                            • CloseHandle.KERNEL32(?), ref: 0119311C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                            • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$@Mqt$Jv_)$c:\agent\_work\66\s\src\libs\dutil\pathutil.cpp
                                                            • API String ID: 3480017824-3681419710
                                                            • Opcode ID: 1ab368ed3bf9940fdcddc8d7159717ee0d291c679f04f4ddf6361d44f4534c14
                                                            • Instruction ID: 1c8b6971e75ccbda4f674f6ed3e125f093f011fd2fc840a25d334b66fc492ee5
                                                            • Opcode Fuzzy Hash: 1ab368ed3bf9940fdcddc8d7159717ee0d291c679f04f4ddf6361d44f4534c14
                                                            • Instruction Fuzzy Hash: AB719672D11229ABDF389B68DD48BEDB7B8BF08710F0401A5EA24B7190D7349E81CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A4D1A Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • UuidCreate.RPCRT4(?), ref: 011A4D4D
                                                            • StringFromGUID2.OLE32(?,?,00000027), ref: 011A4D7C
                                                            • UuidCreate.RPCRT4(?), ref: 011A4DC7
                                                            • StringFromGUID2.OLE32(?,?,00000027), ref: 011A4DF3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CreateFromStringUuid
                                                            • String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$Jv_)$c:\agent\_work\66\s\src\burn\engine\pipe.cpp
                                                            • API String ID: 4041566446-3323098357
                                                            • Opcode ID: dddbf70a46a35f6987ebd2cd42e73762d08832e44b40830768a93cb45b555516
                                                            • Instruction ID: 15c96f8084fa12249f28bbe5877614ff0bc2d46fd1cd0aff95da125d6040441d
                                                            • Opcode Fuzzy Hash: dddbf70a46a35f6987ebd2cd42e73762d08832e44b40830768a93cb45b555516
                                                            • Instruction Fuzzy Hash: CE41EF3AD00308BBDB29DBF4C804EDEBBF8AF54714F25012AE915BB200DBB49904CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011AE8CE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100threadCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 66%
                                                            			E011AE8CE(intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void _v24;
				void* _t21;
				signed short _t24;
				void* _t28;
				intOrPtr _t41;
				signed short _t43;
				signed short _t48;

				_v12 = 0;
				asm("stosd");
				_t43 = 0;
				asm("stosd");
				_v8 = 0;
				asm("stosd");
				_t21 = CreateEventW(0, 1, 0, 0);
				_v12 = _t21;
				if(_t21 != 0) {
					_t41 = _a8;
					_v24 = _t21;
					_v20 = _a4;
					_v16 = _t41;
					_t24 = CreateThread(0, 0, 0x11ae60c,  &_v24, 0, 0);
					_v8 = _t24;
					__eflags = _t24;
					if(_t24 != 0) {
						WaitForMultipleObjects(2,  &_v12, 0, 0xffffffff);
						 *((intOrPtr*)(_t41 + 0x3e4)) = _v8;
						_t28 = 0;
						_v8 = 0;
					} else {
						_t43 = GetLastError();
						__eflags = _t43;
						if(__eflags > 0) {
							_t43 = _t43 & 0x0000ffff | 0x80070000;
							__eflags = _t43;
						}
						if(__eflags >= 0) {
							_t43 = 0x80004005;
						}
						E011938BA(_t32, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\uithread.cpp", 0x3c, _t43);
						_push("Failed to create the UI thread.");
						goto L6;
					}
				} else {
					_t43 = GetLastError();
					if(_t43 > 0) {
						_t43 = _t43 & 0x0000ffff | 0x80070000;
						_t48 = _t43;
					}
					if(_t48 >= 0) {
						_t43 = 0x80004005;
					}
					E011938BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\uithread.cpp", 0x33, _t43);
					_push("Failed to create initialization event.");
					L6:
					_push(_t43);
					E011CFB09();
					_t28 = _v8;
				}
				if(_t28 != 0) {
					CloseHandle(_t28);
					_v8 = 0;
				}
				if(_v12 != 0) {
					CloseHandle(_v12);
				}
				return _t43;
			}














                                                            0x011ae8de
                                                            0x011ae8e1
                                                            0x011ae8e2
                                                            0x011ae8e8
                                                            0x011ae8ea
                                                            0x011ae8ed
                                                            0x011ae8ee
                                                            0x011ae8f4
                                                            0x011ae8f9
                                                            0x011ae938
                                                            0x011ae93c
                                                            0x011ae943
                                                            0x011ae951
                                                            0x011ae954
                                                            0x011ae95a
                                                            0x011ae95d
                                                            0x011ae95f
                                                            0x011ae99c
                                                            0x011ae9a5
                                                            0x011ae9ab
                                                            0x011ae9ad
                                                            0x011ae961
                                                            0x011ae967
                                                            0x011ae969
                                                            0x011ae96b
                                                            0x011ae970
                                                            0x011ae976
                                                            0x011ae976
                                                            0x011ae978
                                                            0x011ae97a
                                                            0x011ae97a
                                                            0x011ae987
                                                            0x011ae98c
                                                            0x00000000
                                                            0x011ae98c
                                                            0x011ae8fb
                                                            0x011ae901
                                                            0x011ae905
                                                            0x011ae90a
                                                            0x011ae910
                                                            0x011ae910
                                                            0x011ae912
                                                            0x011ae914
                                                            0x011ae914
                                                            0x011ae921
                                                            0x011ae926
                                                            0x011ae92b
                                                            0x011ae92b
                                                            0x011ae92c
                                                            0x011ae931
                                                            0x011ae935
                                                            0x011ae9b8
                                                            0x011ae9bb
                                                            0x011ae9bd
                                                            0x011ae9bd
                                                            0x011ae9c3
                                                            0x011ae9c8
                                                            0x011ae9c8
                                                            0x011ae9d0

                                                            APIs
                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,011954CB,?,?), ref: 011AE8EE
                                                            • GetLastError.KERNEL32(?,011954CB,?,?), ref: 011AE8FB
                                                            • CreateThread.KERNEL32 ref: 011AE954
                                                            • GetLastError.KERNEL32(?,011954CB,?,?), ref: 011AE961
                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,011954CB,?,?), ref: 011AE99C
                                                            • CloseHandle.KERNEL32(00000000,?,011954CB,?,?), ref: 011AE9BB
                                                            • CloseHandle.KERNEL32(?,?,011954CB,?,?), ref: 011AE9C8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                            • String ID: @Mqt$Failed to create initialization event.$Failed to create the UI thread.$c:\agent\_work\66\s\src\burn\engine\uithread.cpp
                                                            • API String ID: 2351989216-1285120612
                                                            • Opcode ID: f84a2824c2565b44086b9842c9a9a94a62bdd69ada8ff403fdd2b90bd5e1c25f
                                                            • Instruction ID: b7a3365a1f5e419a09b963dc9f897d3fb8e20ac6fd51188471d538ae9472cfc7
                                                            • Opcode Fuzzy Hash: f84a2824c2565b44086b9842c9a9a94a62bdd69ada8ff403fdd2b90bd5e1c25f
                                                            • Instruction Fuzzy Hash: 2331B57AD0222ABBE719DFDD9844A9FBEFCBF04650F510169EA05F7240E7309E0087A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B1286 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 87threadCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E011B1286(intOrPtr _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t25;
				signed short _t28;
				signed short _t34;
				signed short _t37;
				intOrPtr _t42;

				_v8 = _v8 & 0x00000000;
				_t42 = _a4;
				_v16 =  *(_t42 + 0x28);
				_v12 =  *(_t42 + 0x20);
				_t25 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
				if(_t25 == 0) {
					if(ResetEvent( *(_t42 + 0x28)) != 0) {
						 *(_t42 + 0x2c) =  *(_t42 + 0x2c) & 0x00000000;
					} else {
						_t28 = GetLastError();
						if(_t28 > 0) {
							_t28 = _t28 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t28;
						if(_t28 >= 0) {
							_t28 = 0x80004005;
							_v8 = 0x80004005;
						}
						E011938BA(_t28, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x13e, _t28);
						_push("Failed to reset operation complete event.");
						goto L19;
					}
				} else {
					if(_t25 == 1) {
						if(GetExitCodeThread( *(_t42 + 0x20),  &_v8) == 0) {
							_t34 = GetLastError();
							if(_t34 > 0) {
								_t34 = _t34 & 0x0000ffff | 0x80070000;
							}
							_v8 = _t34;
							if(_t34 >= 0) {
								_t34 = 0x80004005;
								_v8 = 0x80004005;
							}
							E011938BA(_t34, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x145, _t34);
							_push("Failed to get extraction thread exit code.");
							goto L19;
						}
					} else {
						_t37 = GetLastError();
						if(_t37 > 0) {
							_t37 = _t37 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t37;
						if(_t37 >= 0) {
							_t37 = 0x80004005;
							_v8 = 0x80004005;
						}
						E011938BA(_t37, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x14b, _t37);
						_push("Failed to wait for operation complete event.");
						L19:
						_push(_v8);
						E011CFB09();
					}
				}
				return _v8;
			}











                                                            0x011b128c
                                                            0x011b1291
                                                            0x011b129b
                                                            0x011b12a1
                                                            0x011b12aa
                                                            0x011b12b2
                                                            0x011b1350
                                                            0x011b1394
                                                            0x011b1352
                                                            0x011b1352
                                                            0x011b135a
                                                            0x011b135f
                                                            0x011b135f
                                                            0x011b1364
                                                            0x011b1369
                                                            0x011b136b
                                                            0x011b1370
                                                            0x011b1370
                                                            0x011b137e
                                                            0x011b1383
                                                            0x00000000
                                                            0x011b1383
                                                            0x011b12b8
                                                            0x011b12bb
                                                            0x011b1307
                                                            0x011b130d
                                                            0x011b1315
                                                            0x011b131a
                                                            0x011b131a
                                                            0x011b131f
                                                            0x011b1324
                                                            0x011b1326
                                                            0x011b132b
                                                            0x011b132b
                                                            0x011b1339
                                                            0x011b133e
                                                            0x00000000
                                                            0x011b133e
                                                            0x011b12bd
                                                            0x011b12bd
                                                            0x011b12c5
                                                            0x011b12ca
                                                            0x011b12ca
                                                            0x011b12cf
                                                            0x011b12d4
                                                            0x011b12d6
                                                            0x011b12db
                                                            0x011b12db
                                                            0x011b12e9
                                                            0x011b12ee
                                                            0x011b1388
                                                            0x011b1388
                                                            0x011b138b
                                                            0x011b1391
                                                            0x011b12bb
                                                            0x011b139d

                                                            APIs
                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,7476F5E0,?,?), ref: 011B12AA
                                                            • GetLastError.KERNEL32 ref: 011B12BD
                                                            • GetExitCodeThread.KERNEL32(011DA488,00000000), ref: 011B12FF
                                                            • GetLastError.KERNEL32 ref: 011B130D
                                                            • ResetEvent.KERNEL32(011DA460), ref: 011B1348
                                                            • GetLastError.KERNEL32 ref: 011B1352
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                            • String ID: @Mqt$Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 2979751695-135959623
                                                            • Opcode ID: f1f1d902a0ae57ed4686676b70b8c48e2e44d93a2a7244844dd8cf10e71332b9
                                                            • Instruction ID: 62f87ea4acad7f6b3510e62e68d062cb393b3f503d1beb20a5a7b9f6d859b91f
                                                            • Opcode Fuzzy Hash: f1f1d902a0ae57ed4686676b70b8c48e2e44d93a2a7244844dd8cf10e71332b9
                                                            • Instruction Fuzzy Hash: BD31F770A0630AFBE718DFA9A854BEE77F8BF10711F114169E911EA160F735C9008B10
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B13A0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 82synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 60%
                                                            			E011B13A0(void* __ebx, intOrPtr _a4) {
				signed short _t29;
				void* _t35;
				intOrPtr _t40;
				signed short _t41;
				signed short _t47;

				_t35 = __ebx;
				_t40 = _a4;
				_t41 = 0;
				if( *(_t40 + 0x20) != 0) {
					 *((intOrPtr*)(_t40 + 0x2c)) = 5;
					if(SetEvent( *(_t40 + 0x24)) != 0) {
						_t29 = WaitForSingleObject( *(_t40 + 0x20), 0xffffffff);
						__eflags = _t29;
						if(_t29 != 0) {
							_t41 = GetLastError();
							__eflags = _t41;
							if(__eflags > 0) {
								_t41 = _t41 & 0x0000ffff | 0x80070000;
								__eflags = _t41;
							}
							if(__eflags >= 0) {
								_t41 = 0x80004005;
							}
							E011938BA(_t30, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x10b, _t41);
							_push("Failed to wait for thread to terminate.");
							goto L13;
						}
					} else {
						_t41 = GetLastError();
						if(_t41 > 0) {
							_t41 = _t41 & 0x0000ffff | 0x80070000;
							_t47 = _t41;
						}
						if(_t47 >= 0) {
							_t41 = 0x80004005;
						}
						E011938BA(_t33, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x105, _t41);
						_push("Failed to set begin operation event.");
						L13:
						_push(_t41);
						E011CFB09();
					}
				}
				_push(_t35);
				if( *(_t40 + 0x20) != 0) {
					CloseHandle( *(_t40 + 0x20));
					 *(_t40 + 0x20) =  *(_t40 + 0x20) & 0x00000000;
				}
				if( *(_t40 + 0x24) != 0) {
					CloseHandle( *(_t40 + 0x24));
					 *(_t40 + 0x24) =  *(_t40 + 0x24) & 0x00000000;
				}
				if( *(_t40 + 0x28) != 0) {
					CloseHandle( *(_t40 + 0x28));
					 *(_t40 + 0x28) =  *(_t40 + 0x28) & 0x00000000;
				}
				if( *((intOrPtr*)(_t40 + 0x4c)) != 0) {
					E01193AA4( *((intOrPtr*)(_t40 + 0x4c)));
				}
				if( *((intOrPtr*)(_t40 + 0x1c)) != 0) {
					E01192762( *((intOrPtr*)(_t40 + 0x1c)));
				}
				return _t41;
			}








                                                            0x011b13a0
                                                            0x011b13a5
                                                            0x011b13a8
                                                            0x011b13ad
                                                            0x011b13b6
                                                            0x011b13c5
                                                            0x011b1401
                                                            0x011b1407
                                                            0x011b1409
                                                            0x011b1411
                                                            0x011b1413
                                                            0x011b1415
                                                            0x011b141a
                                                            0x011b1420
                                                            0x011b1420
                                                            0x011b1422
                                                            0x011b1424
                                                            0x011b1424
                                                            0x011b1434
                                                            0x011b1439
                                                            0x00000000
                                                            0x011b1439
                                                            0x011b13c7
                                                            0x011b13cd
                                                            0x011b13d1
                                                            0x011b13d6
                                                            0x011b13dc
                                                            0x011b13dc
                                                            0x011b13de
                                                            0x011b13e0
                                                            0x011b13e0
                                                            0x011b13f0
                                                            0x011b13f5
                                                            0x011b143e
                                                            0x011b143e
                                                            0x011b143f
                                                            0x011b1445
                                                            0x011b13c5
                                                            0x011b144a
                                                            0x011b1451
                                                            0x011b1456
                                                            0x011b1458
                                                            0x011b1458
                                                            0x011b1460
                                                            0x011b1465
                                                            0x011b1467
                                                            0x011b1467
                                                            0x011b146f
                                                            0x011b1474
                                                            0x011b1476
                                                            0x011b1476
                                                            0x011b147f
                                                            0x011b1484
                                                            0x011b1484
                                                            0x011b148d
                                                            0x011b1492
                                                            0x011b1492
                                                            0x011b149c

                                                            APIs
                                                            • SetEvent.KERNEL32(011DA478,?,00000000,?,0119C198,?,011953FA,00000000,?,011A7740,?,011956AA,011954B6,011954B6,00000000,?), ref: 011B13BD
                                                            • GetLastError.KERNEL32(?,0119C198,?,011953FA,00000000,?,011A7740,?,011956AA,011954B6,011954B6,00000000,?,011954C6,FFF9E89D,011954C6), ref: 011B13C7
                                                            • WaitForSingleObject.KERNEL32(011DA488,000000FF,?,0119C198,?,011953FA,00000000,?,011A7740,?,011956AA,011954B6,011954B6,00000000,?,011954C6), ref: 011B1401
                                                            • GetLastError.KERNEL32(?,0119C198,?,011953FA,00000000,?,011A7740,?,011956AA,011954B6,011954B6,00000000,?,011954C6,FFF9E89D,011954C6), ref: 011B140B
                                                            • CloseHandle.KERNEL32(00000000,011954C6,?,00000000,?,0119C198,?,011953FA,00000000,?,011A7740,?,011956AA,011954B6,011954B6,00000000), ref: 011B1456
                                                            • CloseHandle.KERNEL32(00000000,011954C6,?,00000000,?,0119C198,?,011953FA,00000000,?,011A7740,?,011956AA,011954B6,011954B6,00000000), ref: 011B1465
                                                            • CloseHandle.KERNEL32(00000000,011954C6,?,00000000,?,0119C198,?,011953FA,00000000,?,011A7740,?,011956AA,011954B6,011954B6,00000000), ref: 011B1474
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                            • String ID: @Mqt$Failed to set begin operation event.$Failed to wait for thread to terminate.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 1206859064-2192833479
                                                            • Opcode ID: fe21cf7fdff0d9ef0c01ba89dcb7700bcffdfdb5cb7d57bf7fde261e00d21c6a
                                                            • Instruction ID: a981813000f5bc76dadf85660b50c8680843b8df1164a5b2dbba72670417a2fc
                                                            • Opcode Fuzzy Hash: fe21cf7fdff0d9ef0c01ba89dcb7700bcffdfdb5cb7d57bf7fde261e00d21c6a
                                                            • Instruction Fuzzy Hash: C5214933502A33B7D73D5B6AEC887C6BAA4BF04725F020224EA1466D90D77DE890CBD4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A4177 Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E011A4177(void* __ecx, void* __edx) {
				void* __edi;
				void* _t1;
				int _t6;
				void* _t15;
				signed short _t17;
				signed short _t22;

				_t1 = E011CFDEF(__ecx, __edx, 0, 0, L"Setup", L"_Failed", L"txt", 0, 0, 0);
				if(_t1 < 0) {
					_t15 = OpenEventLogW(0, L"Application");
					if(_t15 != 0) {
						ReportEventW(_t15, 1, 1, 1, 0, 1, 0, 0x11e2c44, 0);
						_t6 = CloseEventLog(_t15);
					} else {
						_t17 = GetLastError();
						if(_t17 > 0) {
							_t17 = _t17 & 0x0000ffff | 0x80070000;
							_t22 = _t17;
						}
						if(_t22 >= 0) {
							_t17 = 0x80004005;
						}
						E011938BA(_t7, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\logging.cpp", 0xb1, _t17);
						_push("Failed to open Application event log");
						_push(_t17);
						_t6 = E011CFB09();
					}
					return _t6;
				}
				return _t1;
			}









                                                            0x011a418d
                                                            0x011a4194
                                                            0x011a41a3
                                                            0x011a41a7
                                                            0x011a41f6
                                                            0x011a41fd
                                                            0x011a41a9
                                                            0x011a41af
                                                            0x011a41b3
                                                            0x011a41b8
                                                            0x011a41be
                                                            0x011a41be
                                                            0x011a41c0
                                                            0x011a41c2
                                                            0x011a41c2
                                                            0x011a41d2
                                                            0x011a41d7
                                                            0x011a41dc
                                                            0x011a41dd
                                                            0x011a41e3
                                                            0x00000000
                                                            0x011a4203
                                                            0x011a4205

                                                            APIs
                                                              • Part of subcall function 011CFDEF: EnterCriticalSection.KERNEL32(011FB5D4,00000000,?,?,?,011A4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,01195537,?), ref: 011CFDFF
                                                              • Part of subcall function 011CFDEF: LeaveCriticalSection.KERNEL32(011FB5D4,?,?,011FB5CC,?,011A4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,01195537,?), ref: 011CFF46
                                                            • OpenEventLogW.ADVAPI32(00000000,Application), ref: 011A419D
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 011A41A9
                                                            • ReportEventW.ADVAPI32(00000000,00000001,00000001,00000001,00000000,00000001,00000000,011E2C44,00000000), ref: 011A41F6
                                                            • CloseEventLog.ADVAPI32(00000000), ref: 011A41FD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Event$CriticalSection$CloseEnterErrorLastLeaveOpenReport
                                                            • String ID: @Mqt$Application$Failed to open Application event log$Setup$_Failed$c:\agent\_work\66\s\src\burn\engine\logging.cpp$txt
                                                            • API String ID: 1844635321-3212701823
                                                            • Opcode ID: c787cc8a1563f283c6c15fefd52704620c6d04804197b6e8d31e295e3ac66c5e
                                                            • Instruction ID: c30125dbdb128dd435542b11f7d7eaad6f578c83a1a552c034a1ee0eeb9cef8d
                                                            • Opcode Fuzzy Hash: c787cc8a1563f283c6c15fefd52704620c6d04804197b6e8d31e295e3ac66c5e
                                                            • Instruction Fuzzy Hash: 59F08676A42A323A933E25A7AC1DE7F1DBCEED2E35741011CBD11F6100DB945C4181B1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01196F94 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 226COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 84%
                                                            			E01196F94(void* __eflags, struct _CRITICAL_SECTION* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20) {
				int _v8;
				char _v12;
				void* _v16;
				void* _v20;
				char _v24;
				int _v28;
				char _v32;
				void* _v40;
				void _v56;
				char* _t69;
				signed int _t77;
				int _t83;
				int _t93;
				char* _t98;
				int _t99;
				char* _t110;
				signed int _t112;
				void* _t114;
				int _t117;
				int _t118;
				int _t123;
				void* _t126;

				_t126 = __eflags;
				_t112 = 6;
				_v16 = 0;
				memset( &_v56, 0, _t112 << 2);
				_v12 = 0;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v32 = 0;
				_v28 = 0;
				EnterCriticalSection(_a4);
				_t122 = _a20;
				_t111 = _a16;
				_t123 = E011CEF4A(0, _t126, _a12, _a16, _a20,  &_v16);
				if(_t123 >= 0) {
					_a20 = _a20 & 0x00000000;
					__eflags = _v16;
					if(__eflags <= 0) {
						L39:
						LeaveCriticalSection(_a4);
						if(_v12 != 0) {
							E01192762(_v12);
						}
						E011B04E3( &_v56);
						_t69 =  &_v32;
						_t114 = 8;
						do {
							 *_t69 = 0;
							_t69 = _t69 + 1;
							_t114 = _t114 - 1;
						} while (_t114 != 0);
						E0119287D(_v8);
						return _t123;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t123 = E011CEF4A(0, __eflags, _a12, _t111, _t122,  &_v20);
						__eflags = _t123;
						if(_t123 < 0) {
							break;
						}
						__eflags = _v20;
						if(__eflags == 0) {
							L27:
							_t77 = _a20 + 1;
							_a20 = _t77;
							__eflags = _t77 - _v16;
							if(__eflags < 0) {
								continue;
							}
							goto L39;
						}
						_t123 = E011CEFA3(0, __eflags, _a12, _t111, _t122,  &_v12);
						__eflags = _t123;
						if(__eflags < 0) {
							_push("Failed to read variable name.");
							L38:
							_push(_t123);
							E011CFB09();
							goto L39;
						}
						_t123 = E011CEF4A(0, __eflags, _a12, _t111, _t122,  &_v40);
						__eflags = _t123;
						if(_t123 < 0) {
							_push("Failed to read variable value type.");
							goto L38;
						}
						_t83 = _v40;
						__eflags = _t83;
						if(__eflags == 0) {
							L24:
							_t123 = E011CEF4A(0, __eflags, _a12, _t111, _t122,  &_v24);
							__eflags = _t123;
							if(_t123 < 0) {
								_push("Failed to read variable literal flag.");
								goto L38;
							}
							asm("sbb eax, eax");
							_t123 = E01196DCB(0, _a4, _v12,  &_v56, _v24,  ~_a8 + 3, 0);
							__eflags = _t123;
							if(_t123 < 0) {
								_push("Failed to set variable.");
								goto L38;
							}
							E011B04E3( &_v56);
							goto L27;
						}
						_t93 = _t83 - 1;
						__eflags = _t93;
						if(__eflags == 0) {
							_t123 = E011CEEEA(0, __eflags, _a12, _t111, _t122,  &_v32);
							__eflags = _t123;
							if(_t123 < 0) {
								L30:
								_push("Failed to read variable value as number.");
								goto L38;
							}
							_t123 = E011B02FB( &_v56, _v32, _v28);
							__eflags = _t123;
							if(_t123 < 0) {
								L29:
								_push("Failed to set variable value.");
								goto L38;
							}
							_t117 = 8;
							_t98 =  &_v32;
							do {
								 *_t98 = 0;
								_t98 = _t98 + 1;
								_t117 = _t117 - 1;
								__eflags = _t117;
							} while (__eflags != 0);
							goto L24;
						}
						_t99 = _t93 - 1;
						__eflags = _t99;
						if(__eflags == 0) {
							_t123 = E011CEFA3(0, __eflags, _a12, _t111, _t122,  &_v8);
							__eflags = _t123;
							if(_t123 < 0) {
								_push("Failed to read variable value as string.");
								goto L38;
							}
							_t123 = E011B033F( &_v56, _v8, 0);
							__eflags = _t123;
							if(_t123 < 0) {
								goto L29;
							}
							__eflags = _v8;
							if(__eflags != 0) {
								E0119287D(_v8);
								_v8 = _v8 & 0x00000000;
							}
							goto L24;
						}
						__eflags = _t99 - 1;
						if(__eflags != 0) {
							_t123 = 0x80070057;
							_push("Unsupported variable type.");
							goto L38;
						}
						_t123 = E011CEEEA(0, __eflags, _a12, _t111, _t122,  &_v32);
						__eflags = _t123;
						if(_t123 < 0) {
							goto L30;
						}
						_t123 = E011B049F( &_v56, _v32, _v28);
						__eflags = _t123;
						if(_t123 < 0) {
							goto L29;
						}
						_t118 = 8;
						_t110 =  &_v32;
						do {
							 *_t110 = 0;
							_t110 = _t110 + 1;
							_t118 = _t118 - 1;
							__eflags = _t118;
						} while (__eflags != 0);
						goto L24;
					}
					_push("Failed to read variable included flag.");
					goto L38;
				}
				_push("Failed to read variable count.");
				goto L38;
			}

























                                                            0x01196f94
                                                            0x01196fa4
                                                            0x01196faa
                                                            0x01196fad
                                                            0x01196faf
                                                            0x01196fb2
                                                            0x01196fb5
                                                            0x01196fb8
                                                            0x01196fbb
                                                            0x01196fbe
                                                            0x01196fc1
                                                            0x01196fc7
                                                            0x01196fcd
                                                            0x01196fdb
                                                            0x01196fdf
                                                            0x01196feb
                                                            0x01196fef
                                                            0x01196ff3
                                                            0x011971ca
                                                            0x011971cd
                                                            0x011971d7
                                                            0x011971dc
                                                            0x011971dc
                                                            0x011971e5
                                                            0x011971ec
                                                            0x011971ef
                                                            0x011971f0
                                                            0x011971f0
                                                            0x011971f3
                                                            0x011971f4
                                                            0x011971f4
                                                            0x011971fc
                                                            0x01197207
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01196ff9
                                                            0x01196ff9
                                                            0x01197007
                                                            0x01197009
                                                            0x0119700b
                                                            0x00000000
                                                            0x00000000
                                                            0x01197011
                                                            0x01197015
                                                            0x0119716e
                                                            0x01197171
                                                            0x01197172
                                                            0x01197175
                                                            0x01197178
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119717e
                                                            0x01197029
                                                            0x0119702b
                                                            0x0119702d
                                                            0x011971b6
                                                            0x011971c2
                                                            0x011971c2
                                                            0x011971c3
                                                            0x00000000
                                                            0x011971c9
                                                            0x01197041
                                                            0x01197043
                                                            0x01197045
                                                            0x011971af
                                                            0x00000000
                                                            0x011971af
                                                            0x0119704e
                                                            0x0119704e
                                                            0x01197051
                                                            0x0119712c
                                                            0x0119713a
                                                            0x0119713c
                                                            0x0119713e
                                                            0x011971a8
                                                            0x00000000
                                                            0x011971a8
                                                            0x01197147
                                                            0x0119715f
                                                            0x01197161
                                                            0x01197163
                                                            0x011971a1
                                                            0x00000000
                                                            0x011971a1
                                                            0x01197169
                                                            0x00000000
                                                            0x01197169
                                                            0x01197057
                                                            0x01197057
                                                            0x0119705a
                                                            0x01197102
                                                            0x01197104
                                                            0x01197106
                                                            0x01197187
                                                            0x01197187
                                                            0x00000000
                                                            0x01197187
                                                            0x01197117
                                                            0x01197119
                                                            0x0119711b
                                                            0x01197180
                                                            0x01197180
                                                            0x00000000
                                                            0x01197180
                                                            0x0119711f
                                                            0x01197120
                                                            0x01197123
                                                            0x01197123
                                                            0x01197126
                                                            0x01197127
                                                            0x01197127
                                                            0x01197127
                                                            0x00000000
                                                            0x01197123
                                                            0x01197060
                                                            0x01197060
                                                            0x01197063
                                                            0x011970be
                                                            0x011970c0
                                                            0x011970c2
                                                            0x0119719a
                                                            0x00000000
                                                            0x0119719a
                                                            0x011970d6
                                                            0x011970d8
                                                            0x011970da
                                                            0x00000000
                                                            0x00000000
                                                            0x011970e0
                                                            0x011970e4
                                                            0x011970e9
                                                            0x011970ee
                                                            0x011970ee
                                                            0x00000000
                                                            0x011970e4
                                                            0x01197065
                                                            0x01197068
                                                            0x0119718e
                                                            0x01197193
                                                            0x00000000
                                                            0x01197193
                                                            0x0119707c
                                                            0x0119707e
                                                            0x01197080
                                                            0x00000000
                                                            0x00000000
                                                            0x01197095
                                                            0x01197097
                                                            0x01197099
                                                            0x00000000
                                                            0x00000000
                                                            0x011970a1
                                                            0x011970a2
                                                            0x011970a5
                                                            0x011970a5
                                                            0x011970a8
                                                            0x011970a9
                                                            0x011970a9
                                                            0x011970a9
                                                            0x00000000
                                                            0x011970ae
                                                            0x011971bd
                                                            0x00000000
                                                            0x011971bd
                                                            0x01196fe1
                                                            0x00000000

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 01196FC1
                                                            • LeaveCriticalSection.KERNEL32(?), ref: 011971CD
                                                            Strings
                                                            • Failed to read variable included flag., xrefs: 011971BD
                                                            • Failed to read variable name., xrefs: 011971B6
                                                            • Unsupported variable type., xrefs: 01197193
                                                            • Failed to read variable value as string., xrefs: 0119719A
                                                            • Failed to read variable value as number., xrefs: 01197187
                                                            • Failed to read variable literal flag., xrefs: 011971A8
                                                            • Failed to set variable., xrefs: 011971A1
                                                            • Failed to read variable value type., xrefs: 011971AF
                                                            • Failed to set variable value., xrefs: 01197180
                                                            • Failed to read variable count., xrefs: 01196FE1
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable literal flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable value.$Failed to set variable.$Unsupported variable type.
                                                            • API String ID: 3168844106-528957463
                                                            • Opcode ID: d80c5aded49dc8d2c25ceb8465cc9981e903fb36a4d60c92a292984e812f0ff0
                                                            • Instruction ID: e730b412d62e569ce15a218cd8b0013a04de04b8e16fb3d599774fe082b15101
                                                            • Opcode Fuzzy Hash: d80c5aded49dc8d2c25ceb8465cc9981e903fb36a4d60c92a292984e812f0ff0
                                                            • Instruction Fuzzy Hash: 24717EB1D1121ABBDF1ADEA4CC44FEEBBBAEF14754F054165FA20A6190D7309E018BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D66D4 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 158COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E011D66D4(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				void* __ebx;
				signed int _t68;
				int _t69;
				int _t70;
				void* _t84;
				intOrPtr _t92;
				intOrPtr* _t95;
				intOrPtr* _t96;
				intOrPtr* _t97;
				intOrPtr* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t110;

				_t99 = _a4;
				_t94 =  &_v20;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t100 =  *((intOrPtr*)( *_t99 + 0x44))(_t99,  &_v20);
				if(_t100 < 0) {
					L26:
					if(_v8 != 0) {
						__imp__#6(_v8);
					}
					_t95 = _v12;
					if(_t95 != 0) {
						 *((intOrPtr*)( *_t95 + 8))(_t95);
					}
					_t96 = _v16;
					if(_t96 != 0) {
						 *((intOrPtr*)( *_t96 + 8))(_t96);
					}
					_t97 = _v20;
					if(_t97 != 0) {
						 *((intOrPtr*)( *_t97 + 8))(_t97);
					}
					return _t100;
				}
				_t68 = E011D305B( &_v20, _v20,  &_v12,  &_v8);
				_t92 = _a8;
				while(1) {
					_t100 = _t68;
					_t102 = _t100;
					if(_t102 != 0) {
						break;
					}
					_t69 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"type", 0xffffffff);
					__eflags = _t69 - 2;
					if(_t69 != 2) {
						_t70 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"url", 0xffffffff);
						__eflags = _t70 - 2;
						if(_t70 != 2) {
							L7:
							__eflags = _v8;
							if(_v8 != 0) {
								__imp__#6(_v8);
								_t19 =  &_v8;
								 *_t19 = _v8 & 0x00000000;
								__eflags =  *_t19;
							}
							_t94 = _v12;
							__eflags = _t94;
							if(_t94 != 0) {
								 *((intOrPtr*)( *_t94 + 8))(_t94);
								_t23 =  &_v12;
								 *_t23 = _v12 & 0x00000000;
								__eflags =  *_t23;
							}
							_t68 = E011D305B(_t94, _v20,  &_v12,  &_v8);
							continue;
						}
						_push(_v12);
						_push(_t92 + 4);
						L6:
						_t100 = E011D60FB(_t94);
						__eflags = _t100;
						if(_t100 < 0) {
							L25:
							goto L26;
						}
						goto L7;
					}
					_push(_v12);
					_push(_t92);
					goto L6;
				}
				if(_t102 < 0) {
					goto L25;
				}
				_t98 =  &_v16;
				_t100 =  *((intOrPtr*)( *_t99 + 0x30))(_t99,  &_v16);
				if(_t100 < 0) {
					goto L25;
				}
				_t100 = E011D30E2( &_v16, _v16,  &_v12,  &_v8);
				_t104 = _t100;
				if(_t100 != 0) {
					L23:
					if(_t110 >= 0) {
						_t100 = E011D60FB(_t98, _t92 + 8, _t99);
					}
					goto L25;
				}
				_t84 = _t92 + 0xc;
				while(1) {
					_t100 = E011D72DE(_t92, _t104, _v12, _t84);
					if(_t100 < 0) {
						goto L25;
					}
					if(_v8 != 0) {
						__imp__#6(_v8);
						_v8 = _v8 & 0x00000000;
					}
					_t98 = _v12;
					if(_t98 != 0) {
						 *((intOrPtr*)( *_t98 + 8))(_t98);
						_v12 = _v12 & 0x00000000;
					}
					_t100 = E011D30E2(_t98, _v16,  &_v12,  &_v8);
					_t84 = _t92 + 0xc;
					_t110 = _t100;
					if(_t110 == 0) {
						continue;
					} else {
						goto L23;
					}
				}
				goto L25;
			}




















                                                            0x011d66dc
                                                            0x011d66df
                                                            0x011d66e4
                                                            0x011d66e7
                                                            0x011d66ea
                                                            0x011d66ed
                                                            0x011d66f7
                                                            0x011d66fb
                                                            0x011d6834
                                                            0x011d6838
                                                            0x011d683d
                                                            0x011d683d
                                                            0x011d6843
                                                            0x011d6848
                                                            0x011d684d
                                                            0x011d684d
                                                            0x011d6850
                                                            0x011d6855
                                                            0x011d685a
                                                            0x011d685a
                                                            0x011d685d
                                                            0x011d6862
                                                            0x011d6867
                                                            0x011d6867
                                                            0x011d686f
                                                            0x011d686f
                                                            0x011d670d
                                                            0x011d6712
                                                            0x011d67a0
                                                            0x011d67a0
                                                            0x011d67a2
                                                            0x011d67a4
                                                            0x00000000
                                                            0x00000000
                                                            0x011d672a
                                                            0x011d6730
                                                            0x011d6733
                                                            0x011d674b
                                                            0x011d6751
                                                            0x011d6754
                                                            0x011d676c
                                                            0x011d676c
                                                            0x011d6770
                                                            0x011d6775
                                                            0x011d677b
                                                            0x011d677b
                                                            0x011d677b
                                                            0x011d677b
                                                            0x011d677f
                                                            0x011d6782
                                                            0x011d6784
                                                            0x011d6789
                                                            0x011d678c
                                                            0x011d678c
                                                            0x011d678c
                                                            0x011d678c
                                                            0x011d679b
                                                            0x00000000
                                                            0x011d679b
                                                            0x011d6756
                                                            0x011d675c
                                                            0x011d675d
                                                            0x011d6762
                                                            0x011d6764
                                                            0x011d6766
                                                            0x011d6833
                                                            0x00000000
                                                            0x011d6833
                                                            0x00000000
                                                            0x011d6766
                                                            0x011d6735
                                                            0x011d6738
                                                            0x00000000
                                                            0x011d6738
                                                            0x011d67aa
                                                            0x00000000
                                                            0x00000000
                                                            0x011d67b2
                                                            0x011d67ba
                                                            0x011d67be
                                                            0x00000000
                                                            0x00000000
                                                            0x011d67d0
                                                            0x011d67d2
                                                            0x011d67d4
                                                            0x011d6825
                                                            0x011d6825
                                                            0x011d6831
                                                            0x011d6831
                                                            0x00000000
                                                            0x011d6825
                                                            0x011d67d6
                                                            0x011d67d9
                                                            0x011d67e2
                                                            0x011d67e6
                                                            0x00000000
                                                            0x00000000
                                                            0x011d67ec
                                                            0x011d67f1
                                                            0x011d67f7
                                                            0x011d67f7
                                                            0x011d67fb
                                                            0x011d6800
                                                            0x011d6805
                                                            0x011d6808
                                                            0x011d6808
                                                            0x011d681c
                                                            0x011d681e
                                                            0x011d6821
                                                            0x011d6823
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d6823
                                                            0x00000000

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,`Aqt,000000FF,type,000000FF,?,?,`Aqt,74714160), ref: 011D672A
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D6775
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D67F1
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D683D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$Free$Compare
                                                            • String ID: `Aqt$crypt32.dll$feclient.dll$type$url
                                                            • API String ID: 1324494773-2366657937
                                                            • Opcode ID: aeb5fbf886f98d37313659ea5b4180f62f0199064e9b857f36c1ade06b89936e
                                                            • Instruction ID: 8c2ba6a69d8bb987046b1960394575c790c3329ba4a278be5b6cebdfe20b161f
                                                            • Opcode Fuzzy Hash: aeb5fbf886f98d37313659ea5b4180f62f0199064e9b857f36c1ade06b89936e
                                                            • Instruction Fuzzy Hash: CA516D71D01219FFDF19DFA8C885EEEBBB8AF04715F1142A9E911EB1A0D731AA40CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C08B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 82%
                                                            			E011C08B0(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t50;
				signed int _t57;
				intOrPtr _t58;
				void* _t59;
				intOrPtr* _t60;
				intOrPtr _t62;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr _t76;
				signed int _t79;
				char _t81;
				intOrPtr _t84;
				intOrPtr _t91;
				intOrPtr _t94;
				intOrPtr* _t96;
				void* _t100;
				void* _t102;
				void* _t110;

				_t87 = __edx;
				_t76 = _a8;
				_push(__edi);
				_v5 = 0;
				_t94 = _t76 + 0x10;
				_v16 = 1;
				_v20 = _t94;
				_v12 =  *(_t76 + 8) ^  *0x11fa008;
				E011C0870(_t76, __edx, __edi, _t94,  *(_t76 + 8) ^  *0x11fa008, _t94);
				E011C0CA7(_a12);
				_t50 = _a4;
				_t102 = _t100 - 0x1c + 0xc;
				_t91 =  *((intOrPtr*)(_t76 + 0xc));
				if(( *(_t50 + 4) & 0x00000066) != 0) {
					__eflags = _t91 - 0xfffffffe;
					if(_t91 != 0xfffffffe) {
						_t87 = 0xfffffffe;
						E011C0C90(_t76, 0xfffffffe, _t94, "Jv_)");
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t50;
					_v28 = _a12;
					 *((intOrPtr*)(_t76 - 4)) =  &_v32;
					if(_t91 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t79 = _v12;
							_t20 = _t91 + 2; // 0x3
							_t57 = _t91 + _t20 * 2;
							_t76 =  *((intOrPtr*)(_t79 + _t57 * 4));
							_t58 = _t79 + _t57 * 4;
							_t80 =  *((intOrPtr*)(_t58 + 4));
							_v24 = _t58;
							if( *((intOrPtr*)(_t58 + 4)) == 0) {
								_t81 = _v5;
								goto L8;
							} else {
								_t87 = _t94;
								_t59 = E011C0C40(_t80, _t94);
								_t81 = 1;
								_v5 = 1;
								_t110 = _t59;
								if(_t110 < 0) {
									_v16 = 0;
									L14:
									E011C0870(_t76, _t87, _t91, _t94, _v12, _t94);
									goto L15;
								} else {
									if(_t110 > 0) {
										_t60 = _a4;
										__eflags =  *_t60 - 0xe06d7363;
										if( *_t60 == 0xe06d7363) {
											__eflags =  *0x11f0c30;
											if(__eflags != 0) {
												_t72 = E011D9370(__eflags, 0x11f0c30);
												_t102 = _t102 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t96 =  *0x11f0c30; // 0x11c11fc
													 *0x11da3e0(_a4, 1);
													 *_t96();
													_t94 = _v20;
													_t102 = _t102 + 8;
												}
												_t60 = _a4;
											}
										}
										_t88 = _t60;
										E011C0C74(_t60, _a8, _t60);
										_t62 = _a8;
										__eflags =  *((intOrPtr*)(_t62 + 0xc)) - _t91;
										if( *((intOrPtr*)(_t62 + 0xc)) != _t91) {
											_t88 = _t91;
											E011C0C90(_t62, _t91, _t94, "Jv_)");
											_t62 = _a8;
										}
										 *((intOrPtr*)(_t62 + 0xc)) = _t76;
										E011C0870(_t76, _t88, _t91, _t94, _v12, _t94);
										_t84 =  *((intOrPtr*)(_v24 + 8));
										E011C0C58();
										asm("int3");
										E011C1062();
										E011C1007();
										__eflags = E011C0D6E();
										if(__eflags != 0) {
											_t67 = E011C0D20(_t84, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E011C0DAA();
												goto L25;
											}
										} else {
											L25:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L8;
									}
								}
							}
							goto L29;
							L8:
							_t91 = _t76;
						} while (_t76 != 0xfffffffe);
						if(_t81 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L29:
			}




























                                                            0x011c08b0
                                                            0x011c08b7
                                                            0x011c08bb
                                                            0x011c08bc
                                                            0x011c08c3
                                                            0x011c08ce
                                                            0x011c08d5
                                                            0x011c08d8
                                                            0x011c08db
                                                            0x011c08e3
                                                            0x011c08e8
                                                            0x011c08eb
                                                            0x011c08ee
                                                            0x011c08f5
                                                            0x011c0956
                                                            0x011c0959
                                                            0x011c0961
                                                            0x011c0968
                                                            0x00000000
                                                            0x011c0968
                                                            0x00000000
                                                            0x011c08f7
                                                            0x011c08f7
                                                            0x011c08fd
                                                            0x011c0903
                                                            0x011c0909
                                                            0x011c0979
                                                            0x011c0982
                                                            0x011c090b
                                                            0x011c0910
                                                            0x011c0910
                                                            0x011c0913
                                                            0x011c0916
                                                            0x011c0919
                                                            0x011c091c
                                                            0x011c091f
                                                            0x011c0922
                                                            0x011c0927
                                                            0x011c093d
                                                            0x00000000
                                                            0x011c0929
                                                            0x011c0929
                                                            0x011c092b
                                                            0x011c0930
                                                            0x011c0932
                                                            0x011c0935
                                                            0x011c0937
                                                            0x011c094d
                                                            0x011c096d
                                                            0x011c0971
                                                            0x00000000
                                                            0x011c0939
                                                            0x011c0939
                                                            0x011c0983
                                                            0x011c0986
                                                            0x011c098c
                                                            0x011c098e
                                                            0x011c0995
                                                            0x011c099c
                                                            0x011c09a1
                                                            0x011c09a4
                                                            0x011c09a6
                                                            0x011c09a8
                                                            0x011c09b5
                                                            0x011c09bb
                                                            0x011c09bd
                                                            0x011c09c0
                                                            0x011c09c0
                                                            0x011c09c3
                                                            0x011c09c3
                                                            0x011c0995
                                                            0x011c09c9
                                                            0x011c09cb
                                                            0x011c09d0
                                                            0x011c09d3
                                                            0x011c09d6
                                                            0x011c09de
                                                            0x011c09e2
                                                            0x011c09e7
                                                            0x011c09e7
                                                            0x011c09ee
                                                            0x011c09f1
                                                            0x011c09fe
                                                            0x011c0a01
                                                            0x011c0a06
                                                            0x011c0a07
                                                            0x011c0a0c
                                                            0x011c0a16
                                                            0x011c0a18
                                                            0x011c0a1d
                                                            0x011c0a22
                                                            0x011c0a24
                                                            0x011c0a2f
                                                            0x011c0a26
                                                            0x011c0a26
                                                            0x00000000
                                                            0x011c0a26
                                                            0x011c0a1a
                                                            0x011c0a1a
                                                            0x011c0a1a
                                                            0x011c0a1c
                                                            0x011c0a1c
                                                            0x011c093b
                                                            0x00000000
                                                            0x011c093b
                                                            0x011c0939
                                                            0x011c0937
                                                            0x00000000
                                                            0x011c0940
                                                            0x011c0940
                                                            0x011c0942
                                                            0x011c0949
                                                            0x00000000
                                                            0x011c094b
                                                            0x00000000
                                                            0x011c0949
                                                            0x011c0909
                                                            0x00000000

                                                            APIs
                                                            • _ValidateLocalCookies.LIBCMT ref: 011C08DB
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 011C08E3
                                                            • _ValidateLocalCookies.LIBCMT ref: 011C0971
                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 011C099C
                                                            • _ValidateLocalCookies.LIBCMT ref: 011C09F1
                                                            • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 011C0A0C
                                                            • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 011C0A11
                                                            • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 011C0A26
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                            • String ID: Jv_)$csm
                                                            • API String ID: 3202733602-1501220323
                                                            • Opcode ID: afda169b6a2f7eb0fce44b24a2c2e86263cab385bc7ccff010fbaadabc5a71ca
                                                            • Instruction ID: e854cd70074e1d4d7c7bec43897e31d2babfdd5e58ea12ca29694fe28461b473
                                                            • Opcode Fuzzy Hash: afda169b6a2f7eb0fce44b24a2c2e86263cab385bc7ccff010fbaadabc5a71ca
                                                            • Instruction Fuzzy Hash: 3A41C738E00209DBDF18DF6CC840BDE7BA5AF69B18F14819DF9185B251D7319A15CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119D679 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 65libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 32%
                                                            			E0119D679(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HINSTANCE__* _t9;
				signed short _t19;
				intOrPtr _t22;
				signed short _t23;
				signed short _t28;

				_t22 = _a4;
				_t2 = _t22 + 4; // 0x69006e
				_t9 = LoadLibraryExW( *( *_t2 + 0x50), 0, 8);
				 *(_t22 + 0xc) = _t9;
				if(_t9 != 0) {
					_t19 = GetProcAddress(_t9, "BootstrapperApplicationCreate");
					__eflags = _t19;
					if(_t19 != 0) {
						_t5 = _t22 + 0x10; // 0x11da4b0
						_t23 =  *_t19(_a8, _a12, _t5);
						__eflags = _t23;
						if(_t23 < 0) {
							_push("Failed to create UX.");
							goto L14;
						}
					} else {
						_t23 = GetLastError();
						__eflags = _t23;
						if(__eflags > 0) {
							_t23 = _t23 & 0x0000ffff | 0x80070000;
							__eflags = _t23;
						}
						if(__eflags >= 0) {
							_t23 = 0x80004005;
						}
						E011938BA(_t15, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\userexperience.cpp", 0x5d, _t23);
						_push("Failed to get BootstrapperApplicationCreate entry-point");
						goto L14;
					}
				} else {
					_t23 = GetLastError();
					if(_t23 > 0) {
						_t23 = _t23 & 0x0000ffff | 0x80070000;
						_t28 = _t23;
					}
					if(_t28 >= 0) {
						_t23 = 0x80004005;
					}
					E011938BA(_t17, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\userexperience.cpp", 0x59, _t23);
					_push("Failed to load UX DLL.");
					L14:
					_push(_t23);
					E011CFB09();
				}
				return _t23;
			}








                                                            0x0119d67d
                                                            0x0119d684
                                                            0x0119d68a
                                                            0x0119d690
                                                            0x0119d695
                                                            0x0119d6d5
                                                            0x0119d6d7
                                                            0x0119d6d9
                                                            0x0119d70d
                                                            0x0119d719
                                                            0x0119d71b
                                                            0x0119d71d
                                                            0x0119d71f
                                                            0x00000000
                                                            0x0119d71f
                                                            0x0119d6db
                                                            0x0119d6e1
                                                            0x0119d6e3
                                                            0x0119d6e5
                                                            0x0119d6ea
                                                            0x0119d6f0
                                                            0x0119d6f0
                                                            0x0119d6f2
                                                            0x0119d6f4
                                                            0x0119d6f4
                                                            0x0119d701
                                                            0x0119d706
                                                            0x00000000
                                                            0x0119d706
                                                            0x0119d697
                                                            0x0119d69d
                                                            0x0119d6a1
                                                            0x0119d6a6
                                                            0x0119d6ac
                                                            0x0119d6ac
                                                            0x0119d6ae
                                                            0x0119d6b0
                                                            0x0119d6b0
                                                            0x0119d6bd
                                                            0x0119d6c2
                                                            0x0119d724
                                                            0x0119d724
                                                            0x0119d725
                                                            0x0119d72b
                                                            0x0119d730

                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000008,00000000,?,01194847,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,011954CB,?), ref: 0119D68A
                                                            • GetLastError.KERNEL32(?,01194847,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,011954CB,?,?), ref: 0119D697
                                                            • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 0119D6CF
                                                            • GetLastError.KERNEL32(?,01194847,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,011954CB,?,?), ref: 0119D6DB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$AddressLibraryLoadProc
                                                            • String ID: @Mqt$BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$c:\agent\_work\66\s\src\burn\engine\userexperience.cpp
                                                            • API String ID: 1866314245-3496617349
                                                            • Opcode ID: 3cb01da8a19b1e5c068abcfb5f056360aaab7b5179a345bb0271dbb3a781b953
                                                            • Instruction ID: 56f849ac94e11d544555eef464116517de36f720e2033475b76c692a2b9277dd
                                                            • Opcode Fuzzy Hash: 3cb01da8a19b1e5c068abcfb5f056360aaab7b5179a345bb0271dbb3a781b953
                                                            • Instruction Fuzzy Hash: E8110437A81B3367DF3D5AE9AC04F5B2A946F11A61F014129FF25FB240DB14DC014AD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01191173 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 52libraryloadermemoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E01191173(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				long _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				intOrPtr _t21;
				void* _t22;
				signed int _t23;

				_t23 = 0;
				_v8 = 0;
				__imp__HeapSetInformation(0, 1, 0, 0, _t18, _t22, _t14, __ecx);
				_t15 = GetModuleHandleW(L"kernel32");
				_t9 = GetProcAddress(_t15, "SetDefaultDllDirectories");
				if(_t9 == 0) {
					L3:
					_t10 = GetProcAddress(_t15, "SetDllDirectoryW");
					if(_t10 == 0) {
						L5:
						_t11 = GetLastError();
					} else {
						_t11 =  *_t10(0x11da534);
						if(_t11 == 0) {
							goto L5;
						}
					}
					if(_a8 > _t23) {
						_t21 = _a4;
						do {
							_t11 = E011938BD( *((intOrPtr*)(_t21 + _t23 * 4)),  &_v8);
							_t23 = _t23 + 1;
						} while (_t23 < _a8);
					}
				} else {
					_t11 =  *_t9(0x800);
					if(_t11 == 0) {
						GetLastError();
						goto L3;
					}
				}
				return _t11;
			}













                                                            0x0119117a
                                                            0x01191181
                                                            0x01191184
                                                            0x01191195
                                                            0x0119119d
                                                            0x011911ab
                                                            0x011911ba
                                                            0x011911c0
                                                            0x011911c8
                                                            0x011911d5
                                                            0x011911d5
                                                            0x011911ca
                                                            0x011911cf
                                                            0x011911d3
                                                            0x00000000
                                                            0x00000000
                                                            0x011911d3
                                                            0x011911da
                                                            0x011911dc
                                                            0x011911df
                                                            0x011911e6
                                                            0x011911eb
                                                            0x011911ec
                                                            0x011911df
                                                            0x011911ad
                                                            0x011911b2
                                                            0x011911b6
                                                            0x011911b8
                                                            0x00000000
                                                            0x011911b8
                                                            0x011911b6
                                                            0x011911f5

                                                            APIs
                                                            • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0119111A,cabinet.dll,00000009,?,?,00000000), ref: 01191184
                                                            • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,0119111A,cabinet.dll,00000009,?,?,00000000), ref: 0119118F
                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0119119D
                                                            • GetLastError.KERNEL32(?,?,?,?,?,0119111A,cabinet.dll,00000009,?,?,00000000), ref: 011911B8
                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 011911C0
                                                            • GetLastError.KERNEL32(?,?,?,?,?,0119111A,cabinet.dll,00000009,?,?,00000000), ref: 011911D5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressErrorLastProc$HandleHeapInformationModule
                                                            • String ID: @Mqt$SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                            • API String ID: 3104334766-3151743093
                                                            • Opcode ID: 074d41310c11c8ee4dafb71428a42c25ae49dfedca0d7266be81c40fcb530a2a
                                                            • Instruction ID: c4e7bf68eff4b4dd462ad3c96d8f1db07b3f0dff6dcbc9d3b4e4169178b3835f
                                                            • Opcode Fuzzy Hash: 074d41310c11c8ee4dafb71428a42c25ae49dfedca0d7266be81c40fcb530a2a
                                                            • Instruction Fuzzy Hash: 590175752412177BDB29ABBAAC05E5B7B6CFF40671B404035B925A3100D770D6858BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D5253 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 195filememoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 64%
                                                            			E011D5253(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, signed short _a24, WCHAR* _a28, signed short _a32, signed short _a36, signed int _a40, signed int _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56) {
				signed int _v8;
				signed short _v12;
				signed int _v16;
				char _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				void* _v28;
				struct _SECURITY_ATTRIBUTES* _v32;
				signed short _v36;
				void* _t67;
				signed short _t68;
				signed short _t69;
				void* _t70;
				void* _t71;
				signed short _t82;
				signed short _t87;
				signed short _t92;
				signed short _t93;
				signed short _t96;
				signed short _t97;
				signed short _t98;
				signed short _t103;

				_v12 = 1;
				_t96 = 0;
				_v24 = 0;
				_t92 = 0;
				_v20 = 0;
				_t98 = 0;
				_v8 = 0;
				_v16 = 0;
				_v36 = 0;
				_v32 = 0;
				_t67 = CreateFileW(_a20, 0xc0000000, 4, 0, 4, 0x80, 0);
				_v28 = _t67;
				if(_t67 != 0xffffffff) {
					_t68 = VirtualAlloc(0, 0x10000, 0x3000, 4);
					_v24 = _t68;
					__eflags = _t68;
					if(_t68 != 0) {
						_t69 = _a36;
						_t93 = _a32;
						_a20 = _t69;
						_a36 = _t93;
						while(1) {
							__eflags = _t93;
							if(_t93 != 0) {
								goto L17;
							}
							__eflags = _t69;
							if(_t69 != 0) {
								goto L17;
							}
							_t93 = _a24;
							_t69 = _a28;
							L20:
							_t98 = E011D51CF(_t93, _a40, _a44, _t93, _t69,  &_v20);
							__eflags = _t98;
							if(_t98 < 0) {
								L38:
								__eflags = _t92;
								if(_t92 != 0) {
									 *0x11fa994(_t92);
								}
								__eflags = _t96;
								if(_t96 != 0) {
									 *0x11fa994(_t96);
								}
								L42:
								if(_v20 != 0) {
									E01192762(_v20);
								}
								_t70 = _v24;
								if(_t70 != 0) {
									VirtualFree(_t70, 0, 0x8000);
								}
								_t71 = _v28;
								if(_t71 != 0xffffffff) {
									CloseHandle(_t71);
								}
								return _t98;
							}
							__eflags = _t96;
							if(_t96 != 0) {
								 *0x11fa994(_t96);
								_t22 =  &_v8;
								 *_t22 = _v8 & 0x00000000;
								__eflags =  *_t22;
							}
							__eflags = _t92;
							if(_t92 != 0) {
								 *0x11fa994(_t92);
								_t24 =  &_v16;
								 *_t24 = _v16 & 0x00000000;
								__eflags =  *_t24;
							}
							_t82 = E011D56B4(_a4, _a8, L"GET", _v20, _a12, _a16, _a56,  &_v8,  &_v16,  &_v12);
							_t92 = _v16;
							_t98 = _t82;
							__eflags = _t98;
							if(_t98 < 0) {
								L37:
								_t96 = _v8;
								goto L38;
							} else {
								_t94 = _a36;
								_t83 = _a20;
								__eflags = _t94;
								if(_t94 != 0) {
									L30:
									_t97 = _v12;
									L31:
									__eflags = _t97;
									if(_t97 == 0) {
										_a40 = _a40 & _t97;
										_t46 =  &_a44;
										 *_t46 = _a44 & _t97;
										__eflags =  *_t46;
									}
									_t98 = E011D5B40(_t94, _t92, _v28,  &_a40, _a48, _t94, _t83, _v24, 0x10000, _a52);
									__eflags = _t98;
									if(_t98 < 0) {
										goto L37;
									} else {
										__eflags = _t97;
										_t96 = _v8;
										if(_t97 == 0) {
											goto L38;
										}
										_t69 = _a20;
										_t93 = _a36;
										continue;
									}
								}
								__eflags = _t83;
								if(_t83 != 0) {
									goto L30;
								}
								_t87 = E011D81BD(_t94, _t92,  &_v36);
								__eflags = _t87;
								if(_t87 < 0) {
									_t94 = _a24;
									_t97 = 0;
									_t83 = _a28;
									_a36 = _a24;
									_a20 = _a28;
									_v12 = 0;
									goto L31;
								}
								_t94 = _v36;
								_t83 = _v32;
								_a36 = _v36;
								_a20 = _v32;
								goto L30;
							}
							L17:
							__eflags = _a44 - _t69;
							if(__eflags > 0) {
								goto L38;
							}
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _a40 - _t93;
							if(_a40 >= _t93) {
								goto L38;
							}
							goto L20;
						}
					}
					_t98 = GetLastError();
					__eflags = _t98;
					if(__eflags > 0) {
						_t98 = _t98 & 0x0000ffff | 0x80070000;
						__eflags = _t98;
					}
					if(__eflags >= 0) {
						_t98 = 0x80004005;
					}
					_push(_t98);
					_push(0x126);
					L6:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp");
					E011938BA(_t90);
					goto L42;
				}
				_t98 = GetLastError();
				if(_t98 > 0) {
					_t98 = _t98 & 0x0000ffff | 0x80070000;
					_t103 = _t98;
				}
				if(_t103 >= 0) {
					_t98 = 0x80004005;
				}
				_push(_t98);
				_push(0x121);
				goto L6;
			}
























                                                            0x011d525d
                                                            0x011d5278
                                                            0x011d527a
                                                            0x011d527d
                                                            0x011d527f
                                                            0x011d5282
                                                            0x011d5284
                                                            0x011d5287
                                                            0x011d528a
                                                            0x011d528d
                                                            0x011d5290
                                                            0x011d5296
                                                            0x011d529c
                                                            0x011d52df
                                                            0x011d52e5
                                                            0x011d52e8
                                                            0x011d52ea
                                                            0x011d5312
                                                            0x011d5315
                                                            0x011d5318
                                                            0x011d531b
                                                            0x011d531e
                                                            0x011d531e
                                                            0x011d5320
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5322
                                                            0x011d5324
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5326
                                                            0x011d5329
                                                            0x011d5342
                                                            0x011d5353
                                                            0x011d5355
                                                            0x011d5357
                                                            0x011d542c
                                                            0x011d542c
                                                            0x011d542e
                                                            0x011d5431
                                                            0x011d5431
                                                            0x011d5437
                                                            0x011d5439
                                                            0x011d543c
                                                            0x011d543c
                                                            0x011d5442
                                                            0x011d5446
                                                            0x011d544b
                                                            0x011d544b
                                                            0x011d5450
                                                            0x011d5455
                                                            0x011d545f
                                                            0x011d545f
                                                            0x011d5465
                                                            0x011d546b
                                                            0x011d546e
                                                            0x011d546e
                                                            0x011d547a
                                                            0x011d547a
                                                            0x011d535d
                                                            0x011d535f
                                                            0x011d5362
                                                            0x011d5368
                                                            0x011d5368
                                                            0x011d5368
                                                            0x011d5368
                                                            0x011d536c
                                                            0x011d536e
                                                            0x011d5371
                                                            0x011d5377
                                                            0x011d5377
                                                            0x011d5377
                                                            0x011d5377
                                                            0x011d539e
                                                            0x011d53a3
                                                            0x011d53a6
                                                            0x011d53a8
                                                            0x011d53aa
                                                            0x011d5429
                                                            0x011d5429
                                                            0x00000000
                                                            0x011d53ac
                                                            0x011d53ac
                                                            0x011d53af
                                                            0x011d53b2
                                                            0x011d53b4
                                                            0x011d53d4
                                                            0x011d53d4
                                                            0x011d53d7
                                                            0x011d53d7
                                                            0x011d53d9
                                                            0x011d53db
                                                            0x011d53de
                                                            0x011d53de
                                                            0x011d53de
                                                            0x011d53de
                                                            0x011d53fe
                                                            0x011d5400
                                                            0x011d5402
                                                            0x00000000
                                                            0x011d5404
                                                            0x011d5404
                                                            0x011d5406
                                                            0x011d5409
                                                            0x00000000
                                                            0x00000000
                                                            0x011d540b
                                                            0x011d540e
                                                            0x00000000
                                                            0x011d540e
                                                            0x011d5402
                                                            0x011d53b6
                                                            0x011d53b8
                                                            0x00000000
                                                            0x00000000
                                                            0x011d53bf
                                                            0x011d53c4
                                                            0x011d53c6
                                                            0x011d5416
                                                            0x011d5419
                                                            0x011d541b
                                                            0x011d541e
                                                            0x011d5421
                                                            0x011d5424
                                                            0x00000000
                                                            0x011d5424
                                                            0x011d53c8
                                                            0x011d53cb
                                                            0x011d53ce
                                                            0x011d53d1
                                                            0x00000000
                                                            0x011d53d1
                                                            0x011d532e
                                                            0x011d532e
                                                            0x011d5331
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5337
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5339
                                                            0x011d533c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d533c
                                                            0x011d531e
                                                            0x011d52f2
                                                            0x011d52f4
                                                            0x011d52f6
                                                            0x011d52fb
                                                            0x011d5301
                                                            0x011d5301
                                                            0x011d5303
                                                            0x011d5305
                                                            0x011d5305
                                                            0x011d530a
                                                            0x011d530b
                                                            0x011d52c2
                                                            0x011d52c2
                                                            0x011d52c7
                                                            0x00000000
                                                            0x011d52c7
                                                            0x011d52a4
                                                            0x011d52a8
                                                            0x011d52ad
                                                            0x011d52b3
                                                            0x011d52b3
                                                            0x011d52b5
                                                            0x011d52b7
                                                            0x011d52b7
                                                            0x011d52bc
                                                            0x011d52bd
                                                            0x00000000

                                                            APIs
                                                            • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,00000410,000000FF,?,00000000,00000000), ref: 011D5290
                                                            • GetLastError.KERNEL32 ref: 011D529E
                                                            • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 011D52DF
                                                            • GetLastError.KERNEL32 ref: 011D52EC
                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 011D545F
                                                            • CloseHandle.KERNEL32(?), ref: 011D546E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                            • String ID: @Mqt$GET$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 2028584396-886008980
                                                            • Opcode ID: b9b4bfd1461d66e0a5eeb87cb9dbab97cfbd9c101068ed501125894ec9e91968
                                                            • Instruction ID: ac07f53a9757dce197ca4d6316e35c6003770c9203eebdf841e32b5481ded83a
                                                            • Opcode Fuzzy Hash: b9b4bfd1461d66e0a5eeb87cb9dbab97cfbd9c101068ed501125894ec9e91968
                                                            • Instruction Fuzzy Hash: 8A619276A0121AABDF69CFA8C840BEE7BB6BF08355F114129FE15B7240E774D940CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A0BE7 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 84%
                                                            			E011A0BE7(void* __ecx, void* __eflags, signed int _a4, intOrPtr* _a8, signed short* _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				void* _t76;
				intOrPtr _t78;
				signed int _t79;
				intOrPtr* _t82;
				signed int _t83;
				intOrPtr* _t87;
				intOrPtr* _t96;
				signed short _t101;
				intOrPtr* _t108;
				int* _t111;
				signed int _t112;
				void* _t113;
				intOrPtr _t121;
				signed short _t126;
				signed int _t128;
				signed int _t129;
				intOrPtr* _t131;
				signed int _t132;
				intOrPtr* _t133;

				_t113 = __ecx;
				_t112 = _a4;
				_t131 = _a8;
				_t126 = 0;
				_v8 = _v8 & 0;
				_t76 = E011A0FB3(_t112,  *_t131, _a12);
				_t135 = _t76;
				if(_t76 == 0) {
					_t78 =  *0x11faa34; // 0x0
					_t79 = _t78 + 1;
					_a4 = _t79;
					 *0x11faa34 = _t79;
					if(E011A1028(_t113, _t135, _t112,  &_v8) >= 0) {
						_t82 = _v8;
						_t114 = _a4;
						_t123 = 1;
						 *_t82 = 1;
						 *((intOrPtr*)(_t82 + 8)) = _a4;
						_t83 =  *((intOrPtr*)(_t131 + 0x60));
						_v12 = _t83;
						__eflags = _t83 - 1;
						if(__eflags != 0) {
							L8:
							_t126 = E011A1028(_t114, __eflags, _t112,  &_v8);
							__eflags = _t126;
							if(_t126 < 0) {
								goto L2;
							} else {
								_t87 = _v8;
								 *_t87 = 3;
								 *((intOrPtr*)(_t87 + 8)) = _t131;
								_t89 =  *((intOrPtr*)(_t112 + 0x50)) - 1;
								__eflags = _v12 - 1;
								_a4 =  *((intOrPtr*)(_t112 + 0x50)) - 1;
								if(__eflags != 0) {
									L12:
									_t128 = 0;
									_v12 = 0;
									__eflags =  *(_t131 + 0x80);
									if(__eflags > 0) {
										while(1) {
											_v16 =  *((intOrPtr*)(_t131 + 0x7c));
											_t126 = E011A106F(_t123, __eflags, _t112, _t131, _t89,  *((intOrPtr*)( *((intOrPtr*)(_t131 + 0x7c)) + _t128 * 8)),  *((intOrPtr*)( *((intOrPtr*)(_t131 + 0x7c)) + 4 + _t128 * 8)), 0);
											__eflags = _t126;
											if(_t126 < 0) {
												break;
											}
											_t132 = _a4 * 0x28;
											_t129 = _v12;
											 *((intOrPtr*)(_t132 +  *((intOrPtr*)(_t112 + 0x4c)) + 0xc)) =  *((intOrPtr*)(_t132 +  *((intOrPtr*)(_t112 + 0x4c)) + 0xc)) + 1;
											_t114 =  *((intOrPtr*)(_v16 + _t129 * 8));
											_t123 =  *((intOrPtr*)(_t112 + 0x4c));
											 *((intOrPtr*)(_t132 +  *((intOrPtr*)(_t112 + 0x4c)) + 0x10)) =  *((intOrPtr*)(_t132 +  *((intOrPtr*)(_t112 + 0x4c)) + 0x10)) +  *((intOrPtr*)( *((intOrPtr*)(_v16 + _t129 * 8)) + 0x10));
											asm("adc [esi+edx+0x14], eax");
											_t128 = _t129 + 1;
											_t131 = _a8;
											_v12 = _t128;
											__eflags = _t128 -  *(_t131 + 0x80);
											if(__eflags < 0) {
												_t89 = _a4;
												continue;
											} else {
												goto L13;
											}
											goto L28;
										}
										_push("Failed to append payload cache action.");
										goto L3;
									} else {
										L13:
										_t126 = E011A1028(_t114, __eflags, _t112,  &_v8);
										__eflags = _t126;
										if(__eflags >= 0) {
											_t96 = _v8;
											 *_t96 = 4;
											 *((intOrPtr*)(_t96 + 8)) = _t131;
											 *((intOrPtr*)(_a4 * 0x28 +  *((intOrPtr*)(_t112 + 0x4c)) + 0x18)) =  *((intOrPtr*)(_t112 + 0x50)) - 1;
											_t126 = E011A1028(_a4 * 0x28, __eflags, _t112,  &_v8);
											__eflags = _t126;
											if(_t126 < 0) {
												goto L14;
											} else {
												_t133 = _v8;
												 *_t133 = 6;
												_t101 = CreateEventW(0, 1, 0, 0);
												 *(_t133 + 8) = _t101;
												__eflags = _t101;
												if(_t101 != 0) {
													 *_a12 = _t101;
													_t121 = _a8;
													 *((intOrPtr*)(_t112 + 0x34)) =  *((intOrPtr*)(_t112 + 0x34)) + 1;
													__eflags =  *((intOrPtr*)(_t121 + 0x44)) - 2;
													_t74 =  *((intOrPtr*)(_t121 + 0x44)) != 2;
													__eflags = _t74;
													 *(_t121 + 0x54) = 0 | _t74;
												} else {
													_t126 = GetLastError();
													__eflags = _t126;
													if(__eflags > 0) {
														_t126 = _t126 & 0x0000ffff | 0x80070000;
														__eflags = _t126;
													}
													if(__eflags >= 0) {
														_t126 = 0x80004005;
													}
													E011938BA(_t104, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\plan.cpp", 0x852, _t126);
													_push("Failed to create syncpoint event.");
													goto L3;
												}
											}
										} else {
											L14:
											_push("Failed to append cache action.");
											goto L3;
										}
									}
								} else {
									_t126 = E011A13F0(_t114, __eflags, _t112,  &_v8);
									__eflags = _t126;
									if(_t126 < 0) {
										goto L6;
									} else {
										_t108 = _v8;
										 *_t108 = 5;
										 *((intOrPtr*)(_t108 + 8)) = _t131;
										_t89 = _a4;
										goto L12;
									}
								}
							}
						} else {
							_t126 = E011A13F0(_t114, __eflags, _t112,  &_v8);
							__eflags = _t126;
							if(__eflags >= 0) {
								_t111 = _v8;
								_t114 = _a4;
								 *_t111 = 1;
								_t111[2] = _a4;
								goto L8;
							} else {
								L6:
								_push("Failed to append rollback cache action.");
								goto L3;
							}
						}
					} else {
						L2:
						_push("Failed to append package start action.");
						L3:
						_push(_t126);
						E011CFB09();
					}
				}
				L28:
				return _t126;
			}

























                                                            0x011a0be7
                                                            0x011a0bee
                                                            0x011a0bf2
                                                            0x011a0bf9
                                                            0x011a0bfd
                                                            0x011a0c01
                                                            0x011a0c06
                                                            0x011a0c08
                                                            0x011a0c0e
                                                            0x011a0c13
                                                            0x011a0c14
                                                            0x011a0c17
                                                            0x011a0c2a
                                                            0x011a0c3e
                                                            0x011a0c43
                                                            0x011a0c46
                                                            0x011a0c47
                                                            0x011a0c49
                                                            0x011a0c4c
                                                            0x011a0c4f
                                                            0x011a0c52
                                                            0x011a0c54
                                                            0x011a0c7c
                                                            0x011a0c86
                                                            0x011a0c88
                                                            0x011a0c8a
                                                            0x00000000
                                                            0x011a0c8c
                                                            0x011a0c8c
                                                            0x011a0c8f
                                                            0x011a0c95
                                                            0x011a0c9b
                                                            0x011a0c9c
                                                            0x011a0ca0
                                                            0x011a0ca3
                                                            0x011a0cc4
                                                            0x011a0cc4
                                                            0x011a0cc6
                                                            0x011a0cc9
                                                            0x011a0ccf
                                                            0x011a0cee
                                                            0x011a0cf3
                                                            0x011a0d05
                                                            0x011a0d07
                                                            0x011a0d09
                                                            0x00000000
                                                            0x00000000
                                                            0x011a0d0b
                                                            0x011a0d12
                                                            0x011a0d18
                                                            0x011a0d1c
                                                            0x011a0d1f
                                                            0x011a0d25
                                                            0x011a0d2c
                                                            0x011a0d30
                                                            0x011a0d31
                                                            0x011a0d34
                                                            0x011a0d37
                                                            0x011a0d3d
                                                            0x011a0ceb
                                                            0x00000000
                                                            0x011a0d3f
                                                            0x00000000
                                                            0x011a0d3f
                                                            0x00000000
                                                            0x011a0d3d
                                                            0x011a0d41
                                                            0x00000000
                                                            0x011a0cd1
                                                            0x011a0cd1
                                                            0x011a0cdb
                                                            0x011a0cdd
                                                            0x011a0cdf
                                                            0x011a0d4b
                                                            0x011a0d52
                                                            0x011a0d58
                                                            0x011a0d62
                                                            0x011a0d70
                                                            0x011a0d72
                                                            0x011a0d74
                                                            0x00000000
                                                            0x011a0d7a
                                                            0x011a0d7a
                                                            0x011a0d84
                                                            0x011a0d8a
                                                            0x011a0d90
                                                            0x011a0d93
                                                            0x011a0d95
                                                            0x011a0dd2
                                                            0x011a0dd6
                                                            0x011a0dd9
                                                            0x011a0ddc
                                                            0x011a0de0
                                                            0x011a0de0
                                                            0x011a0de3
                                                            0x011a0d97
                                                            0x011a0d9d
                                                            0x011a0d9f
                                                            0x011a0da1
                                                            0x011a0da6
                                                            0x011a0dac
                                                            0x011a0dac
                                                            0x011a0dae
                                                            0x011a0db0
                                                            0x011a0db0
                                                            0x011a0dc0
                                                            0x011a0dc5
                                                            0x00000000
                                                            0x011a0dc5
                                                            0x011a0d95
                                                            0x011a0ce1
                                                            0x011a0ce1
                                                            0x011a0ce1
                                                            0x00000000
                                                            0x011a0ce1
                                                            0x011a0cdf
                                                            0x011a0ca5
                                                            0x011a0caf
                                                            0x011a0cb1
                                                            0x011a0cb3
                                                            0x00000000
                                                            0x011a0cb5
                                                            0x011a0cb5
                                                            0x011a0cb8
                                                            0x011a0cbe
                                                            0x011a0cc1
                                                            0x00000000
                                                            0x011a0cc1
                                                            0x011a0cb3
                                                            0x011a0ca3
                                                            0x011a0c56
                                                            0x011a0c60
                                                            0x011a0c62
                                                            0x011a0c64
                                                            0x011a0c6d
                                                            0x011a0c70
                                                            0x011a0c73
                                                            0x011a0c79
                                                            0x00000000
                                                            0x011a0c66
                                                            0x011a0c66
                                                            0x011a0c66
                                                            0x00000000
                                                            0x011a0c66
                                                            0x011a0c64
                                                            0x011a0c2c
                                                            0x011a0c2c
                                                            0x011a0c2c
                                                            0x011a0c31
                                                            0x011a0c31
                                                            0x011a0c32
                                                            0x011a0c38
                                                            0x011a0c2a
                                                            0x011a0de6
                                                            0x011a0dec

                                                            APIs
                                                              • Part of subcall function 011A0FB3: CompareStringW.KERNEL32(00000000,00000000,feclient.dll,000000FF,00000000,000000FF,00000000,00000000,?,?,011A0C06,?,00000000,?,00000000,00000000), ref: 011A0FE2
                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,00000000,?,00000000,00000001,?,?,00000000,?,00000000), ref: 011A0D8A
                                                            • GetLastError.KERNEL32 ref: 011A0D97
                                                            Strings
                                                            • Failed to append package start action., xrefs: 011A0C2C
                                                            • Failed to append cache action., xrefs: 011A0CE1
                                                            • Failed to append payload cache action., xrefs: 011A0D41
                                                            • c:\agent\_work\66\s\src\burn\engine\plan.cpp, xrefs: 011A0DBB
                                                            • Failed to append rollback cache action., xrefs: 011A0C66
                                                            • @Mqt, xrefs: 011A0D97
                                                            • Failed to create syncpoint event., xrefs: 011A0DC5
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareCreateErrorEventLastString
                                                            • String ID: @Mqt$Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$c:\agent\_work\66\s\src\burn\engine\plan.cpp
                                                            • API String ID: 801187047-4234984586
                                                            • Opcode ID: b2453125ddfdf652fb8cfbb04662e6da43405d9cb0f77773ce6e042927339b61
                                                            • Instruction ID: 6f8c42e13a71d80e11de796ca21aa68ce87b71bb75bfca035053d4ed44d52876
                                                            • Opcode Fuzzy Hash: b2453125ddfdf652fb8cfbb04662e6da43405d9cb0f77773ce6e042927339b61
                                                            • Instruction Fuzzy Hash: C8617E7A500705EFCB19DF58C980AAEBBF9FF88310F618499E9159B205EB71EE41CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D6527 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 164COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 69%
                                                            			E011D6527(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				void* __ebx;
				signed int _t67;
				int _t68;
				int _t69;
				int _t70;
				void* _t75;
				intOrPtr _t89;
				intOrPtr* _t93;
				intOrPtr* _t94;
				intOrPtr* _t95;
				intOrPtr* _t97;
				intOrPtr* _t98;
				signed int _t99;
				signed int _t101;
				void* _t104;
				signed int _t110;

				_t98 = _a4;
				_t92 =  &_v20;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t99 =  *((intOrPtr*)( *_t98 + 0x44))(_t98,  &_v20);
				if(_t99 < 0) {
					L29:
					if(_v8 != 0) {
						__imp__#6(_v8);
					}
					_t93 = _v12;
					if(_t93 != 0) {
						 *((intOrPtr*)( *_t93 + 8))(_t93);
					}
					_t94 = _v16;
					if(_t94 != 0) {
						 *((intOrPtr*)( *_t94 + 8))(_t94);
					}
					_t95 = _v20;
					if(_t95 != 0) {
						 *((intOrPtr*)( *_t95 + 8))(_t95);
					}
					return _t99;
				}
				_t67 = E011D305B( &_v20, _v20,  &_v12,  &_v8);
				_t89 = _a8;
				while(1) {
					_t99 = _t67;
					_t101 = _t99;
					if(_t101 != 0) {
						break;
					}
					_t68 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"label", 0xffffffff);
					__eflags = _t68 - 2;
					if(_t68 != 2) {
						_t69 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"scheme", 0xffffffff);
						__eflags = _t69 - 2;
						if(_t69 != 2) {
							_t70 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"term", 0xffffffff);
							__eflags = _t70 - 2;
							if(_t70 != 2) {
								L10:
								__eflags = _v8;
								if(_v8 != 0) {
									__imp__#6(_v8);
									_t21 =  &_v8;
									 *_t21 = _v8 & 0x00000000;
									__eflags =  *_t21;
								}
								_t92 = _v12;
								__eflags = _t92;
								if(_t92 != 0) {
									 *((intOrPtr*)( *_t92 + 8))(_t92);
									_t25 =  &_v12;
									 *_t25 = _v12 & 0x00000000;
									__eflags =  *_t25;
								}
								_t67 = E011D305B(_t92, _v20,  &_v12,  &_v8);
								continue;
							}
							_t17 = _t89 + 8; // 0x11d6aa1
							_t75 = _t17;
							L8:
							_push(_v12);
							_push(_t75);
							L9:
							_t99 = E011D60FB(_t92);
							__eflags = _t99;
							if(_t99 < 0) {
								L28:
								goto L29;
							}
							goto L10;
						}
						_t15 = _t89 + 4; // 0x11d6a9d
						_t75 = _t15;
						goto L8;
					}
					_push(_v12);
					_push(_t89);
					goto L9;
				}
				if(_t101 < 0) {
					goto L28;
				}
				_t99 =  *((intOrPtr*)( *_t98 + 0x30))(_t98,  &_v16);
				if(_t99 < 0) {
					goto L28;
				}
				_t99 = E011D30E2( &_v16, _v16,  &_v12,  &_v8);
				if(_t99 != 0) {
					L26:
					if(_t110 >= 0) {
						_t99 = 0;
					}
					goto L28;
				}
				_t91 = _t89 + 0xc;
				_t104 = _t89 + 0xc;
				while(1) {
					_t99 = E011D72DE(_t91, _t104, _v12, _t91);
					if(_t99 < 0) {
						goto L28;
					}
					if(_v8 != 0) {
						__imp__#6(_v8);
						_v8 = _v8 & 0x00000000;
					}
					_t97 = _v12;
					if(_t97 != 0) {
						 *((intOrPtr*)( *_t97 + 8))(_t97);
						_v12 = _v12 & 0x00000000;
					}
					_t99 = E011D30E2(_t97, _v16,  &_v12,  &_v8);
					_t110 = _t99;
					if(_t110 == 0) {
						continue;
					} else {
						goto L26;
					}
				}
				goto L28;
			}























                                                            0x011d652f
                                                            0x011d6532
                                                            0x011d6537
                                                            0x011d653a
                                                            0x011d653d
                                                            0x011d6540
                                                            0x011d654a
                                                            0x011d654e
                                                            0x011d6696
                                                            0x011d669a
                                                            0x011d669f
                                                            0x011d669f
                                                            0x011d66a5
                                                            0x011d66aa
                                                            0x011d66af
                                                            0x011d66af
                                                            0x011d66b2
                                                            0x011d66b7
                                                            0x011d66bc
                                                            0x011d66bc
                                                            0x011d66bf
                                                            0x011d66c4
                                                            0x011d66c9
                                                            0x011d66c9
                                                            0x011d66d1
                                                            0x011d66d1
                                                            0x011d6560
                                                            0x011d6565
                                                            0x011d6613
                                                            0x011d6613
                                                            0x011d6615
                                                            0x011d6617
                                                            0x00000000
                                                            0x00000000
                                                            0x011d657d
                                                            0x011d6583
                                                            0x011d6586
                                                            0x011d659e
                                                            0x011d65a4
                                                            0x011d65a7
                                                            0x011d65be
                                                            0x011d65c4
                                                            0x011d65c7
                                                            0x011d65df
                                                            0x011d65df
                                                            0x011d65e3
                                                            0x011d65e8
                                                            0x011d65ee
                                                            0x011d65ee
                                                            0x011d65ee
                                                            0x011d65ee
                                                            0x011d65f2
                                                            0x011d65f5
                                                            0x011d65f7
                                                            0x011d65fc
                                                            0x011d65ff
                                                            0x011d65ff
                                                            0x011d65ff
                                                            0x011d65ff
                                                            0x011d660e
                                                            0x00000000
                                                            0x011d660e
                                                            0x011d65c9
                                                            0x011d65c9
                                                            0x011d65cc
                                                            0x011d65cc
                                                            0x011d65cf
                                                            0x011d65d0
                                                            0x011d65d5
                                                            0x011d65d7
                                                            0x011d65d9
                                                            0x011d6695
                                                            0x00000000
                                                            0x011d6695
                                                            0x00000000
                                                            0x011d65d9
                                                            0x011d65a9
                                                            0x011d65a9
                                                            0x00000000
                                                            0x011d65a9
                                                            0x011d6588
                                                            0x011d658b
                                                            0x00000000
                                                            0x011d658b
                                                            0x011d661d
                                                            0x00000000
                                                            0x00000000
                                                            0x011d6629
                                                            0x011d662d
                                                            0x00000000
                                                            0x00000000
                                                            0x011d663f
                                                            0x011d6643
                                                            0x011d6691
                                                            0x011d6691
                                                            0x011d6693
                                                            0x011d6693
                                                            0x00000000
                                                            0x011d6691
                                                            0x011d6645
                                                            0x011d6645
                                                            0x011d6648
                                                            0x011d6651
                                                            0x011d6655
                                                            0x00000000
                                                            0x00000000
                                                            0x011d665b
                                                            0x011d6660
                                                            0x011d6666
                                                            0x011d6666
                                                            0x011d666a
                                                            0x011d666f
                                                            0x011d6674
                                                            0x011d6677
                                                            0x011d6677
                                                            0x011d668b
                                                            0x011d668d
                                                            0x011d668f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d668f
                                                            0x00000000

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,label,000000FF,?,?,?,74714160,?,011D6A99,?,?), ref: 011D657D
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D65E8
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D6660
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D669F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$Free$Compare
                                                            • String ID: label$scheme$term
                                                            • API String ID: 1324494773-4117840027
                                                            • Opcode ID: 3a5032bb947a8dc054a3d169fb4ae8add952cfe3fdfbabf57a7a5bc890dcbb5e
                                                            • Instruction ID: 7493810f25c677812251fa6bbb3eac46a1fe06f554f5c0e30378d9eacbef09d8
                                                            • Opcode Fuzzy Hash: 3a5032bb947a8dc054a3d169fb4ae8add952cfe3fdfbabf57a7a5bc890dcbb5e
                                                            • Instruction Fuzzy Hash: 8C516131901219FFDF19DF98C844FEEBBB9AF04715F1042A9E521AB1A4DB31AE40DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CC3AD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 152fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 79%
                                                            			E011CC3AD(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t115;
				signed int _t117;
				signed char _t122;
				signed char _t127;
				signed int _t128;
				signed char* _t129;
				intOrPtr* _t130;
				signed int _t131;
				void* _t132;

				_t78 =  *0x11fa008; // 0x295f764a
				_v8 = _t78 ^ _t131;
				_t80 = _a8;
				_t117 = _t80 >> 6;
				_t115 = (_t80 & 0x0000003f) * 0x30;
				_t129 = _a12;
				_v52 = _t129;
				_v48 = _t117;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x11fb118 + _t117 * 4)) + _t115 + 0x18));
				_v40 = _a16 + _t129;
				_t86 = GetConsoleCP();
				_t130 = _a4;
				_v60 = _t86;
				 *_t130 = 0;
				 *((intOrPtr*)(_t130 + 4)) = 0;
				 *((intOrPtr*)(_t130 + 8)) = 0;
				while(_t129 < _v40) {
					_v28 = 0;
					_v31 =  *_t129;
					_t128 =  *(0x11fb118 + _v48 * 4);
					_t122 =  *(_t128 + _t115 + 0x2d);
					if((_t122 & 0x00000004) == 0) {
						_t92 = E011C87E6(_t115, _t128);
						_t128 = 0x8000;
						if(( *(_t92 + ( *_t129 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t129);
							goto L8;
						} else {
							if(_t129 >= _v40) {
								_t128 = _v48;
								 *((char*)( *((intOrPtr*)(0x11fb118 + _t128 * 4)) + _t115 + 0x2e)) =  *_t129;
								 *( *((intOrPtr*)(0x11fb118 + _t128 * 4)) + _t115 + 0x2d) =  *( *((intOrPtr*)(0x11fb118 + _t128 * 4)) + _t115 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 4)) + 1;
							} else {
								_t112 = E011C5F09( &_v28, _t129, 2);
								_t132 = _t132 + 0xc;
								if(_t112 != 0xffffffff) {
									_t129 =  &(_t129[1]);
									goto L9;
								}
							}
						}
					} else {
						_t127 = _t122 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t128 + _t115 + 0x2e));
						_push(2);
						_v15 = _t127;
						 *(_t128 + _t115 + 0x2d) = _t127;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E011C5F09();
						_t132 = _t132 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t129 =  &(_t129[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t130 = GetLastError();
								} else {
									_t48 = _t130 + 8; // 0xff76e900
									 *((intOrPtr*)(_t130 + 4)) =  *_t48 - _v52 + _t129;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t130 + 8)) =  *((intOrPtr*)(_t130 + 8)) + 1;
													 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E011BDD1F(_t115, _v8 ^ _t131, _t128, _t129, _t130);
			}





































                                                            0x011cc3b5
                                                            0x011cc3bc
                                                            0x011cc3bf
                                                            0x011cc3c7
                                                            0x011cc3cb
                                                            0x011cc3d7
                                                            0x011cc3da
                                                            0x011cc3dd
                                                            0x011cc3e4
                                                            0x011cc3ec
                                                            0x011cc3ef
                                                            0x011cc3f5
                                                            0x011cc3fb
                                                            0x011cc400
                                                            0x011cc402
                                                            0x011cc405
                                                            0x011cc40a
                                                            0x011cc414
                                                            0x011cc41b
                                                            0x011cc41e
                                                            0x011cc425
                                                            0x011cc42c
                                                            0x011cc447
                                                            0x011cc44f
                                                            0x011cc458
                                                            0x011cc47e
                                                            0x011cc480
                                                            0x00000000
                                                            0x011cc45a
                                                            0x011cc45d
                                                            0x011cc524
                                                            0x011cc530
                                                            0x011cc53b
                                                            0x011cc540
                                                            0x011cc463
                                                            0x011cc46a
                                                            0x011cc46f
                                                            0x011cc475
                                                            0x011cc47b
                                                            0x00000000
                                                            0x011cc47b
                                                            0x011cc475
                                                            0x011cc45d
                                                            0x011cc42e
                                                            0x011cc432
                                                            0x011cc435
                                                            0x011cc43b
                                                            0x011cc43d
                                                            0x011cc440
                                                            0x011cc444
                                                            0x011cc481
                                                            0x011cc484
                                                            0x011cc485
                                                            0x011cc48a
                                                            0x011cc490
                                                            0x011cc496
                                                            0x011cc4a5
                                                            0x011cc4ab
                                                            0x011cc4b1
                                                            0x011cc4b6
                                                            0x011cc4d2
                                                            0x011cc545
                                                            0x011cc54b
                                                            0x011cc4d4
                                                            0x011cc4d4
                                                            0x011cc4dc
                                                            0x011cc4e5
                                                            0x011cc4eb
                                                            0x00000000
                                                            0x011cc4ed
                                                            0x011cc4ef
                                                            0x011cc4f2
                                                            0x011cc50b
                                                            0x00000000
                                                            0x011cc50d
                                                            0x011cc511
                                                            0x011cc513
                                                            0x011cc516
                                                            0x00000000
                                                            0x011cc516
                                                            0x011cc511
                                                            0x011cc50b
                                                            0x011cc4eb
                                                            0x011cc4e5
                                                            0x011cc4d2
                                                            0x011cc4b6
                                                            0x011cc490
                                                            0x00000000
                                                            0x011cc519
                                                            0x011cc519
                                                            0x011cc54d
                                                            0x011cc55f

                                                            APIs
                                                            • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,011CCB22,00000000,00000000,00000000,00000000,00000000,011C2718), ref: 011CC3EF
                                                            • __fassign.LIBCMT ref: 011CC46A
                                                            • __fassign.LIBCMT ref: 011CC485
                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 011CC4AB
                                                            • WriteFile.KERNEL32(?,00000000,00000000,011CCB22,00000000,?,?,?,?,?,?,?,?,?,011CCB22,00000000), ref: 011CC4CA
                                                            • WriteFile.KERNEL32(?,00000000,00000001,011CCB22,00000000,?,?,?,?,?,?,?,?,?,011CCB22,00000000), ref: 011CC503
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                            • String ID: @Mqt$Jv_)
                                                            • API String ID: 1324828854-3215632469
                                                            • Opcode ID: 6a399d04b0f475af878bbbfcd792f1fd32bd5a215aa6524506767da456c3a80d
                                                            • Instruction ID: d3f8e4b6a5d8f97090f91989a407e94c4e9bfa930cf03229b270ad41ac4dd0d2
                                                            • Opcode Fuzzy Hash: 6a399d04b0f475af878bbbfcd792f1fd32bd5a215aa6524506767da456c3a80d
                                                            • Instruction Fuzzy Hash: 9851B5B1A002459FDB18CFA8D885BEEFBF8EF29710F14416EE555E7281E7309941CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119CB82 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E0119CB82(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				short* _v8;
				char _v12;
				int _v16;
				int _v20;
				short* _v24;
				short* _t47;
				intOrPtr* _t56;
				void* _t59;
				intOrPtr* _t60;
				int _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				int _t66;
				int _t67;
				int _t68;
				intOrPtr* _t69;

				_t67 = 0;
				_v8 = 0;
				_v12 = 0;
				while(1) {
					L18:
					_t68 = E0119C231(_a12,  &_v8);
					if(_t68 == 0x80070103) {
						break;
					}
					if(_t68 < 0) {
						_push("Failed to get next stream.");
						goto L31;
					} else {
						_t69 = _a4;
						_t63 = _t67;
						_t47 = _v8;
						_v24 = _t47;
						_v16 = _t63;
						if( *((intOrPtr*)(_t69 + 4)) <= _t67) {
							L12:
							_push(_t47);
							_t68 = 0x80070490;
							_push("Failed to find embedded payload: %ls");
							L33:
							_push(_t68);
							E011CFB09();
						} else {
							_t66 = _t67;
							_v20 = _t67;
							do {
								_t59 =  *_t69 + _t66;
								if( *((intOrPtr*)(_t59 + 4)) != 2) {
									goto L10;
								} else {
									_t64 = _a8;
									if(_t64 == 0 ||  *((intOrPtr*)(_t59 + 0x3c)) == _t64) {
										_t12 = _t59 + 0x38; // 0xfffeb88d
										if(CompareStringW(0x7f, _t67,  *_t12, 0xffffffff, _t47, 0xffffffff) == 2) {
											_t20 = _t59 + 0x50; // 0x1195516
											_t21 = _t59 + 0x18; // 0x50fffff9
											_t68 = E01192E55(_t64, _a16,  *_t21, _t20);
											if(_t68 < 0) {
												_push("Failed to concat file paths.");
												goto L31;
											} else {
												_t24 = _t59 + 0x50; // 0xb7400ff
												_t68 = E01193533(_t64,  *_t24,  &_v12);
												if(_t68 < 0) {
													_push("Failed to get directory portion of local file path");
													goto L31;
												} else {
													_t68 = E0119415F(_v12, _t67);
													if(_t68 < 0) {
														_push("Failed to ensure directory exists");
														goto L31;
													} else {
														_t26 = _t59 + 0x50; // 0xb7400ff
														_t68 = E0119C4AD(_a12,  *_t26);
														if(_t68 < 0) {
															_push("Failed to extract file.");
															L31:
															_push(_t68);
															E011CFB09();
														} else {
															 *((intOrPtr*)(_t59 + 0x4c)) = 1;
															goto L18;
														}
													}
												}
											}
										} else {
											_t47 = _v24;
											_t66 = _v20;
											goto L9;
										}
									} else {
										L9:
										_t63 = _v16;
										goto L10;
									}
								}
								goto L34;
								L10:
								_t63 = _t63 + 1;
								_t66 = _t66 + 0x58;
								_v16 = _t63;
								_v20 = _t66;
							} while (_t63 <  *((intOrPtr*)(_t69 + 4)));
							_t47 = _v8;
							goto L12;
						}
					}
					L34:
					if(_v8 != 0) {
						E01192762(_v8);
					}
					if(_v12 != 0) {
						E01192762(_v12);
					}
					return _t68;
				}
				_t56 = _a4;
				_t68 = _t67;
				if( *((intOrPtr*)(_t56 + 4)) > _t68) {
					_t60 =  *_t56;
					_t65 = _a8;
					do {
						if(_t65 == 0 ||  *((intOrPtr*)(_t60 + 0x3c)) == _t65) {
							if( *((intOrPtr*)(_t60 + 0x4c)) < 1) {
								_t68 = 0x8007000d;
								E011938BA(_t56, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\payload.cpp", 0x10e, 0x8007000d);
								_push( *_t60);
								_push("Payload was not found in container: %ls");
								goto L33;
							} else {
								goto L24;
							}
						} else {
							goto L24;
						}
						goto L34;
						L24:
						_t67 = _t67 + 1;
						_t60 = _t60 + 0x58;
					} while (_t67 <  *((intOrPtr*)(_t56 + 4)));
				}
				goto L34;
			}



















                                                            0x0119cb8b
                                                            0x0119cb8d
                                                            0x0119cb90
                                                            0x0119cc61
                                                            0x0119cc61
                                                            0x0119cc6d
                                                            0x0119cc75
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cb9a
                                                            0x0119ccc0
                                                            0x00000000
                                                            0x0119cba0
                                                            0x0119cba0
                                                            0x0119cba3
                                                            0x0119cba5
                                                            0x0119cba8
                                                            0x0119cbab
                                                            0x0119cbb1
                                                            0x0119cbff
                                                            0x0119cbff
                                                            0x0119cc00
                                                            0x0119cc05
                                                            0x0119cceb
                                                            0x0119cceb
                                                            0x0119ccec
                                                            0x0119cbb3
                                                            0x0119cbb3
                                                            0x0119cbb5
                                                            0x0119cbb8
                                                            0x0119cbba
                                                            0x0119cbc0
                                                            0x00000000
                                                            0x0119cbc2
                                                            0x0119cbc2
                                                            0x0119cbc7
                                                            0x0119cbd3
                                                            0x0119cbe2
                                                            0x0119cc0f
                                                            0x0119cc13
                                                            0x0119cc1e
                                                            0x0119cc22
                                                            0x0119ccb9
                                                            0x00000000
                                                            0x0119cc28
                                                            0x0119cc2c
                                                            0x0119cc34
                                                            0x0119cc38
                                                            0x0119ccb2
                                                            0x00000000
                                                            0x0119cc3a
                                                            0x0119cc43
                                                            0x0119cc47
                                                            0x0119ccab
                                                            0x00000000
                                                            0x0119cc49
                                                            0x0119cc49
                                                            0x0119cc54
                                                            0x0119cc58
                                                            0x0119cca4
                                                            0x0119ccc5
                                                            0x0119ccc5
                                                            0x0119ccc6
                                                            0x0119cc5a
                                                            0x0119cc5a
                                                            0x00000000
                                                            0x0119cc5a
                                                            0x0119cc58
                                                            0x0119cc47
                                                            0x0119cc38
                                                            0x0119cbe4
                                                            0x0119cbe4
                                                            0x0119cbe7
                                                            0x00000000
                                                            0x0119cbe7
                                                            0x0119cbea
                                                            0x0119cbea
                                                            0x0119cbea
                                                            0x00000000
                                                            0x0119cbea
                                                            0x0119cbc7
                                                            0x00000000
                                                            0x0119cbed
                                                            0x0119cbed
                                                            0x0119cbee
                                                            0x0119cbf1
                                                            0x0119cbf4
                                                            0x0119cbf7
                                                            0x0119cbfc
                                                            0x00000000
                                                            0x0119cbfc
                                                            0x0119cbb1
                                                            0x0119ccf4
                                                            0x0119ccf8
                                                            0x0119ccfd
                                                            0x0119ccfd
                                                            0x0119cd06
                                                            0x0119cd0b
                                                            0x0119cd0b
                                                            0x0119cd16
                                                            0x0119cd16
                                                            0x0119cc7b
                                                            0x0119cc7e
                                                            0x0119cc83
                                                            0x0119cc85
                                                            0x0119cc87
                                                            0x0119cc8a
                                                            0x0119cc8c
                                                            0x0119cc97
                                                            0x0119cccf
                                                            0x0119ccdf
                                                            0x0119cce4
                                                            0x0119cce6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119cc99
                                                            0x0119cc99
                                                            0x0119cc9a
                                                            0x0119cc9d
                                                            0x0119cca2
                                                            0x00000000

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,00000001,000000FF,?,00000001,011953FA,00000000,011954C6,01195482,WixBundleUILevel,840F01E8,?,00000001), ref: 0119CBD9
                                                            Strings
                                                            • Failed to find embedded payload: %ls, xrefs: 0119CC05
                                                            • Failed to concat file paths., xrefs: 0119CCB9
                                                            • Failed to extract file., xrefs: 0119CCA4
                                                            • Failed to get next stream., xrefs: 0119CCC0
                                                            • Failed to get directory portion of local file path, xrefs: 0119CCB2
                                                            • c:\agent\_work\66\s\src\burn\engine\payload.cpp, xrefs: 0119CCDA
                                                            • Payload was not found in container: %ls, xrefs: 0119CCE6
                                                            • Failed to ensure directory exists, xrefs: 0119CCAB
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$c:\agent\_work\66\s\src\burn\engine\payload.cpp
                                                            • API String ID: 1825529933-3317369491
                                                            • Opcode ID: 084019c34438bf01c20befca58a265b7f0b0a47192acf336edafc2beb5b13e04
                                                            • Instruction ID: 396913d20a9a84395e43e73fe4e82f5ee96e7a622a2b9910bcef5d6b86f825f1
                                                            • Opcode Fuzzy Hash: 084019c34438bf01c20befca58a265b7f0b0a47192acf336edafc2beb5b13e04
                                                            • Instruction Fuzzy Hash: 1341BE31901256EBCF2DDF59C980BAEBFA5BF40710B158169E9A2AB250C370AE41DBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A9158 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 46%
                                                            			E011A9158(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v28;
				signed int _v32;
				char _v36;
				char _v40;
				signed int _v44;
				intOrPtr _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				intOrPtr _t44;
				void* _t63;
				void* _t70;
				signed short _t71;
				signed int _t72;
				intOrPtr _t78;
				char* _t79;
				signed short _t81;
				signed int _t84;
				void* _t85;

				_t40 =  *0x11fa008; // 0x295f764a
				_v8 = _t40 ^ _t84;
				_t78 = _a8;
				_t79 =  &_v28;
				_v36 = 0x14;
				asm("stosd");
				_v32 = 0;
				_t71 = 0x80070490;
				_v40 = 0;
				_t72 = 0;
				_v48 = _t78;
				asm("stosd");
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t9 = _t78 + 0x10; // 0xfe60858b
				_t44 =  *((intOrPtr*)( *_t9));
				if( *((intOrPtr*)(_t44 + 0xc)) <= 0) {
					L12:
					_t81 = _t71;
					if(_t71 >= 0) {
						L15:
						_t45 = _v32;
						if(_v32 != 0) {
							E01193AA4(_t45);
						}
						return E011BDD1F(_t71, _v8 ^ _t84, _t78, _t79, _t81);
					}
					_push("Failed to find expected public key in certificate chain.");
					_push(_t71);
					L14:
					E011CFB09();
					goto L15;
				}
				_t79 = _a4;
				while(1) {
					_t82 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x10)) + _t72 * 4)) + 4));
					_push( &_v36);
					_push( &_v28);
					_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x10)) + _t72 * 4)) + 4)) + 0xc)) + 0x38);
					_push(1);
					_push(0);
					_push(0x8004);
					_push(0);
					if( *0x11fa93c() == 0) {
						break;
					}
					_t59 = _v36;
					if( *((intOrPtr*)(_t79 + 0x24)) != _v36) {
						L11:
						_t72 = _v44 + 1;
						_v44 = _t72;
						_t44 =  *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x10))));
						if(_t72 <  *((intOrPtr*)(_t44 + 0xc))) {
							continue;
						}
						goto L12;
					}
					_t63 = E011BF8C3( *((intOrPtr*)(_t79 + 0x20)),  &_v28, _t59);
					_t85 = _t85 + 0xc;
					if(_t63 != 0) {
						goto L11;
					}
					if( *((intOrPtr*)(_t79 + 0x28)) == _t63) {
						_t71 = 0;
						goto L12;
					}
					_t81 = E011D4ED0(_t72, _t82, 3,  &_v32,  &_v40);
					if(_t81 < 0) {
						_push("Failed to read certificate thumbprint.");
						L20:
						_push(_t81);
						goto L14;
					}
					_t67 = _v40;
					if( *((intOrPtr*)(_t79 + 0x2c)) != _v40) {
						L9:
						_t68 = _v32;
						if(_v32 != 0) {
							E01193AA4(_t68);
							_v32 = _v32 & 0x00000000;
						}
						goto L11;
					}
					_t70 = E011BF8C3( *((intOrPtr*)(_t79 + 0x28)), _v32, _t67);
					_t85 = _t85 + 0xc;
					if(_t70 == 0) {
						_t81 = 0;
						goto L15;
					}
					goto L9;
				}
				_t81 = GetLastError();
				__eflags = _t81;
				if(__eflags > 0) {
					_t81 = _t81 & 0x0000ffff | 0x80070000;
					__eflags = _t81;
				}
				if(__eflags >= 0) {
					_t81 = 0x80004005;
				}
				E011938BA(_t57, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x7c4, _t81);
				_push("Failed to get certificate public key identifier.");
				goto L20;
			}
























                                                            0x011a915e
                                                            0x011a9165
                                                            0x011a9168
                                                            0x011a9170
                                                            0x011a9173
                                                            0x011a917a
                                                            0x011a917d
                                                            0x011a9180
                                                            0x011a9185
                                                            0x011a9188
                                                            0x011a918a
                                                            0x011a918d
                                                            0x011a918e
                                                            0x011a9191
                                                            0x011a9192
                                                            0x011a9193
                                                            0x011a9194
                                                            0x011a9197
                                                            0x011a919c
                                                            0x011a9255
                                                            0x011a9255
                                                            0x011a9259
                                                            0x011a9268
                                                            0x011a9268
                                                            0x011a926d
                                                            0x011a9270
                                                            0x011a9270
                                                            0x011a9285
                                                            0x011a9285
                                                            0x011a925b
                                                            0x011a9260
                                                            0x011a9261
                                                            0x011a9261
                                                            0x00000000
                                                            0x011a9267
                                                            0x011a91a2
                                                            0x011a91a5
                                                            0x011a91ab
                                                            0x011a91b1
                                                            0x011a91b5
                                                            0x011a91bc
                                                            0x011a91bd
                                                            0x011a91bf
                                                            0x011a91c1
                                                            0x011a91c6
                                                            0x011a91d0
                                                            0x00000000
                                                            0x00000000
                                                            0x011a91d6
                                                            0x011a91dc
                                                            0x011a923d
                                                            0x011a9243
                                                            0x011a9244
                                                            0x011a924a
                                                            0x011a924f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011a924f
                                                            0x011a91e6
                                                            0x011a91eb
                                                            0x011a91f0
                                                            0x00000000
                                                            0x00000000
                                                            0x011a91f5
                                                            0x011a9294
                                                            0x00000000
                                                            0x011a9294
                                                            0x011a920b
                                                            0x011a920f
                                                            0x011a928c
                                                            0x011a9291
                                                            0x011a9291
                                                            0x00000000
                                                            0x011a9291
                                                            0x011a9211
                                                            0x011a9217
                                                            0x011a922c
                                                            0x011a922c
                                                            0x011a9231
                                                            0x011a9234
                                                            0x011a9239
                                                            0x011a9239
                                                            0x00000000
                                                            0x011a9231
                                                            0x011a9220
                                                            0x011a9225
                                                            0x011a922a
                                                            0x011a9288
                                                            0x00000000
                                                            0x011a9288
                                                            0x00000000
                                                            0x011a922a
                                                            0x011a929e
                                                            0x011a92a0
                                                            0x011a92a2
                                                            0x011a92a7
                                                            0x011a92ad
                                                            0x011a92ad
                                                            0x011a92af
                                                            0x011a92b1
                                                            0x011a92b1
                                                            0x011a92c1
                                                            0x011a92c6
                                                            0x00000000

                                                            APIs
                                                            • _memcmp.LIBVCRUNTIME ref: 011A91E6
                                                              • Part of subcall function 011D4ED0: GetLastError.KERNEL32(?,?,011A920B,?,00000003,011954C6,?), ref: 011D4EEF
                                                            • _memcmp.LIBVCRUNTIME ref: 011A9220
                                                            • GetLastError.KERNEL32 ref: 011A9298
                                                            Strings
                                                            • Failed to read certificate thumbprint., xrefs: 011A928C
                                                            • Failed to get certificate public key identifier., xrefs: 011A92C6
                                                            • Failed to find expected public key in certificate chain., xrefs: 011A925B
                                                            • c:\agent\_work\66\s\src\burn\engine\cache.cpp, xrefs: 011A92BC
                                                            • Jv_), xrefs: 011A915E
                                                            • @Mqt, xrefs: 011A9298
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast_memcmp
                                                            • String ID: @Mqt$Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$Jv_)$c:\agent\_work\66\s\src\burn\engine\cache.cpp
                                                            • API String ID: 3428363238-3811017303
                                                            • Opcode ID: 440b11d598a3864bf6227a46a4a304c41e431739c20f658120d4b68198428f74
                                                            • Instruction ID: 5c44b9eaff3ff858edd430a09823d8573c32e2fe9b86c525b04bf46914166e3a
                                                            • Opcode Fuzzy Hash: 440b11d598a3864bf6227a46a4a304c41e431739c20f658120d4b68198428f74
                                                            • Instruction Fuzzy Hash: 6D416C75E0021AABDB19DBA9C840EDEBBF9BF18714F454126EA15F7240D734DC40CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A48B9 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 116fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 55%
                                                            			E011A48B9(void* _a4, signed int* _a8) {
				long _v8;
				signed int _v12;
				signed int _v16;
				void* _t26;
				int _t30;
				long _t31;
				void* _t34;
				signed short _t35;
				void* _t42;
				signed int _t43;
				signed int* _t47;
				signed short _t49;

				_v16 = _v16 & 0;
				_v12 = _v12 & 0;
				_v8 = _v8 & 0;
				_t42 = 0;
				do {
					_push(0);
					_push( &_v8);
					_t26 = 8;
					_t30 = ReadFile(_a4,  &_v16 + _t42, _t26 - _t42, ??, ??);
					_t47 = _a8;
					if(_t30 != 0) {
						goto L8;
					} else {
						_t49 = GetLastError();
						if(_t49 != 0xea) {
							__eflags = _t49 - 0x6d;
							if(_t49 == 0x6d) {
								_t43 = 0;
								_t31 = 0;
								_v16 = 0;
								_v12 = 0;
								_t49 = 1;
								L10:
								 *_t47 = _t43;
								_t47[1] = _t31;
								if(_t31 != 0) {
									_t34 = E011939DF(_t31, 0);
									_t47[3] = _t34;
									if(_t34 != 0) {
										_t35 = ReadFile(_a4, _t34, _t47[1],  &_v8, 0);
										__eflags = _t35;
										if(_t35 != 0) {
											_t47[2] = 1;
										} else {
											_t49 = GetLastError();
											__eflags = _t49;
											if(__eflags > 0) {
												_t49 = _t49 & 0x0000ffff | 0x80070000;
												__eflags = _t49;
											}
											if(__eflags >= 0) {
												_t49 = 0x80004005;
											}
											E011938BA(_t36, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x327, _t49);
											_push("Failed to read data for message.");
											goto L14;
										}
									} else {
										_t49 = 0x8007000e;
										E011938BA(_t34, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x323, 0x8007000e);
										_push("Failed to allocate data for message.");
										goto L14;
									}
								}
							} else {
								__eflags = _t49;
								if(__eflags > 0) {
									_t49 = _t49 & 0x0000ffff | 0x80070000;
									__eflags = _t49;
								}
								if(__eflags < 0) {
									E011938BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x318, _t49);
									_push("Failed to read message from pipe.");
									L14:
									_push(_t49);
									E011CFB09();
								} else {
									goto L8;
								}
							}
						} else {
							_t49 = 0;
							goto L8;
						}
					}
					if(_t47[2] == 0 && _t47[3] != 0) {
						E01193AA4(_t47[3]);
					}
					return _t49;
					L8:
					_t42 = _t42 + _v8;
				} while (_t42 < 8);
				_t31 = _v12;
				_t43 = _v16;
				goto L10;
			}















                                                            0x011a48c3
                                                            0x011a48c6
                                                            0x011a48c9
                                                            0x011a48cc
                                                            0x011a48cf
                                                            0x011a48cf
                                                            0x011a48d4
                                                            0x011a48d7
                                                            0x011a48e4
                                                            0x011a48ea
                                                            0x011a48ef
                                                            0x00000000
                                                            0x011a48f1
                                                            0x011a48f7
                                                            0x011a48ff
                                                            0x011a4905
                                                            0x011a4908
                                                            0x011a4980
                                                            0x011a4982
                                                            0x011a4986
                                                            0x011a4989
                                                            0x011a498c
                                                            0x011a4929
                                                            0x011a4929
                                                            0x011a492b
                                                            0x011a4930
                                                            0x011a4939
                                                            0x011a493e
                                                            0x011a4943
                                                            0x011a499c
                                                            0x011a49a2
                                                            0x011a49a4
                                                            0x011a49db
                                                            0x011a49a6
                                                            0x011a49ac
                                                            0x011a49ae
                                                            0x011a49b0
                                                            0x011a49b5
                                                            0x011a49bb
                                                            0x011a49bb
                                                            0x011a49bd
                                                            0x011a49bf
                                                            0x011a49bf
                                                            0x011a49cf
                                                            0x011a49d4
                                                            0x00000000
                                                            0x011a49d4
                                                            0x011a4945
                                                            0x011a4945
                                                            0x011a4955
                                                            0x011a495a
                                                            0x00000000
                                                            0x011a495a
                                                            0x011a4943
                                                            0x011a490a
                                                            0x011a490a
                                                            0x011a490c
                                                            0x011a4911
                                                            0x011a4917
                                                            0x011a4917
                                                            0x011a4919
                                                            0x011a496c
                                                            0x011a4971
                                                            0x011a4976
                                                            0x011a4976
                                                            0x011a4977
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011a4919
                                                            0x011a4901
                                                            0x011a4901
                                                            0x00000000
                                                            0x011a4901
                                                            0x011a48ff
                                                            0x011a49e6
                                                            0x011a49f1
                                                            0x011a49f1
                                                            0x011a49fc
                                                            0x011a491b
                                                            0x011a491b
                                                            0x011a491e
                                                            0x011a4923
                                                            0x011a4926
                                                            0x00000000

                                                            APIs
                                                            • ReadFile.KERNEL32(00000000,00000001,00000008,?,00000000,?,00000000,00000000,00000001,00000000,?,?,?,00000000,crypt32.dll,00000000), ref: 011A48E4
                                                            • GetLastError.KERNEL32 ref: 011A48F1
                                                            • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 011A499C
                                                            • GetLastError.KERNEL32 ref: 011A49A6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastRead
                                                            • String ID: @Mqt$Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$c:\agent\_work\66\s\src\burn\engine\pipe.cpp
                                                            • API String ID: 1948546556-2224230783
                                                            • Opcode ID: 0b564f9c4e613c0c2afa567cfa725bd212ce7f137597282bd60e4aec81b2357f
                                                            • Instruction ID: 885c1ad602c424c601607edca941bf781787dc6e8a63aebcf86dec6f716a095a
                                                            • Opcode Fuzzy Hash: 0b564f9c4e613c0c2afa567cfa725bd212ce7f137597282bd60e4aec81b2357f
                                                            • Instruction Fuzzy Hash: 4E318A3BD10226BBE72CCAA9CC04BAAFE68BF08711F448129AD10F7240F7B49D5087D0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A5053 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 66%
                                                            			E011A5053(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				void* __ebx;
				long _t26;
				char* _t32;
				void* _t43;
				intOrPtr* _t46;
				void* _t47;

				_t26 = GetCurrentProcessId();
				_t46 = _a8;
				_push(_t26);
				_v12 = 0;
				_v16 = 0;
				_push( *((intOrPtr*)(_t46 + 4)));
				_v20 = 0;
				_push( *_t46);
				_v8 = 0;
				_t47 = E01192022( &_v12, L"-q -%ls %ls %ls %u", L"burn.elevated");
				if(_t47 >= 0) {
					E011D3349(0,  &_v16,  &_v20);
					if(_v16 < 5) {
						L5:
						_t32 = L"open";
					} else {
						_t32 = L"runas";
						if(_a12 == 0) {
							goto L5;
						}
					}
					_t47 = E011D34C7(_a4, _v12, _t32, 0, 0, _a16,  &_v8);
					if(_t47 >= 0) {
						 *((intOrPtr*)(_t46 + 8)) = GetProcessId(_v8);
						_t43 = 0;
						 *((intOrPtr*)(_t46 + 0xc)) = _v8;
						_v8 = 0;
					} else {
						E011CFB09(_t47, "Failed to launch elevated child process: %ls", _a4);
						goto L2;
					}
				} else {
					_push("Failed to allocate parameters for elevated process.");
					_push(_t47);
					E011CFB09();
					L2:
					_t43 = _v8;
				}
				if(_t43 != 0) {
					CloseHandle(_t43);
					_v8 = 0;
				}
				if(_v12 != 0) {
					E01192762(_v12);
				}
				return _t47;
			}













                                                            0x011a505c
                                                            0x011a5062
                                                            0x011a5067
                                                            0x011a506b
                                                            0x011a506e
                                                            0x011a5071
                                                            0x011a5074
                                                            0x011a5077
                                                            0x011a5079
                                                            0x011a508c
                                                            0x011a5093
                                                            0x011a50af
                                                            0x011a50b8
                                                            0x011a50c4
                                                            0x011a50c4
                                                            0x011a50ba
                                                            0x011a50ba
                                                            0x011a50c2
                                                            0x00000000
                                                            0x00000000
                                                            0x011a50c2
                                                            0x011a50de
                                                            0x011a50e2
                                                            0x011a5100
                                                            0x011a5103
                                                            0x011a5108
                                                            0x011a510b
                                                            0x011a50e4
                                                            0x011a50ed
                                                            0x00000000
                                                            0x011a50f2
                                                            0x011a5095
                                                            0x011a5095
                                                            0x011a509a
                                                            0x011a509b
                                                            0x011a50a2
                                                            0x011a50a2
                                                            0x011a50a2
                                                            0x011a5110
                                                            0x011a5113
                                                            0x011a5119
                                                            0x011a5119
                                                            0x011a511f
                                                            0x011a5124
                                                            0x011a5124
                                                            0x011a512f

                                                            APIs
                                                            • GetCurrentProcessId.KERNEL32(?,00000000,?,?,011DA500), ref: 011A505C
                                                            • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 011A50FA
                                                            • CloseHandle.KERNEL32(00000000), ref: 011A5113
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Process$CloseCurrentHandle
                                                            • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                            • API String ID: 2815245435-1352204306
                                                            • Opcode ID: fd7ea94aeb539bbf5dc29c81cef6cae26764251a9cdd3e7408a3de6f41d0c64f
                                                            • Instruction ID: 4798fccd8fb9ac32010704e9178e29c950b6a9d98892af06f7bb60b349b01301
                                                            • Opcode Fuzzy Hash: fd7ea94aeb539bbf5dc29c81cef6cae26764251a9cdd3e7408a3de6f41d0c64f
                                                            • Instruction Fuzzy Hash: DF217AB9D0160AFFCF199F95D9848AEBFB9FF14254B40816AE911A3200D7319E50DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01199C2D Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 72%
                                                            			E01199C2D(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed short _t18;
				signed short _t28;
				signed int _t31;
				signed short _t36;

				_v8 = _v8 & 0x00000000;
				_t33 = _a4;
				_t36 = E01197303(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0);
				if(_t36 >= 0) {
					_t31 = GetFileAttributesW(_v8);
					__eflags = _t31 - 0xffffffff;
					if(_t31 != 0xffffffff) {
						_t18 = 0;
						_t28 = 0;
						__eflags = _t31 & 0x00000010;
						if((_t31 & 0x00000010) == 0) {
							_t18 = 1;
							__eflags = 1;
							goto L15;
						}
						goto L16;
					} else {
						_t36 = GetLastError();
						__eflags = _t36 - 2;
						if(_t36 == 2) {
							L11:
							_push(_v8);
							E011CFFF0(2, "File search: %ls, did not find path: %ls",  *_t33);
							goto L12;
						} else {
							__eflags = _t36 - 3;
							if(_t36 == 3) {
								goto L11;
							} else {
								__eflags = _t36;
								if(__eflags == 0) {
									L12:
									_t18 = 0;
									L15:
									_t28 = 0;
									__eflags = 0;
									L16:
									_t36 = E01198274(_a8,  *((intOrPtr*)(_t33 + 4)), _t18, _t28, 0);
									__eflags = _t36;
									if(_t36 < 0) {
										_push("Failed to set variable.");
										goto L18;
									}
								} else {
									if(__eflags > 0) {
										_t36 = _t36 & 0x0000ffff | 0x80070000;
										__eflags = _t36;
									}
									if(__eflags >= 0) {
										_t36 = 0x80004005;
									}
									E011938BA(_t23, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x28b, _t36);
									E011CFB09(_t36, "Failed get to file attributes. \'%ls\'",  *((intOrPtr*)(_t33 + 0x14)));
								}
							}
						}
					}
				} else {
					_push("Failed to format variable string.");
					L18:
					_push(_t36);
					E011CFB09();
				}
				E0119287D(_v8);
				return _t36;
			}








                                                            0x01199c31
                                                            0x01199c3a
                                                            0x01199c4b
                                                            0x01199c4f
                                                            0x01199c64
                                                            0x01199c66
                                                            0x01199c69
                                                            0x01199cd0
                                                            0x01199cd2
                                                            0x01199cd4
                                                            0x01199cda
                                                            0x01199cdc
                                                            0x01199cdc
                                                            0x00000000
                                                            0x01199cdc
                                                            0x00000000
                                                            0x01199c6b
                                                            0x01199c71
                                                            0x01199c73
                                                            0x01199c76
                                                            0x01199cb8
                                                            0x01199cb8
                                                            0x01199cc4
                                                            0x00000000
                                                            0x01199c78
                                                            0x01199c78
                                                            0x01199c7b
                                                            0x00000000
                                                            0x01199c7d
                                                            0x01199c7d
                                                            0x01199c7f
                                                            0x01199ccc
                                                            0x01199ccc
                                                            0x01199cdd
                                                            0x01199cdd
                                                            0x01199cdd
                                                            0x01199cdf
                                                            0x01199cee
                                                            0x01199cf0
                                                            0x01199cf2
                                                            0x01199cf4
                                                            0x00000000
                                                            0x01199cf4
                                                            0x01199c81
                                                            0x01199c81
                                                            0x01199c86
                                                            0x01199c8c
                                                            0x01199c8c
                                                            0x01199c8e
                                                            0x01199c90
                                                            0x01199c90
                                                            0x01199ca0
                                                            0x01199cae
                                                            0x01199cb3
                                                            0x01199c7f
                                                            0x01199c7b
                                                            0x01199c76
                                                            0x01199c51
                                                            0x01199c51
                                                            0x01199cf9
                                                            0x01199cf9
                                                            0x01199cfa
                                                            0x01199d00
                                                            0x01199d04
                                                            0x01199d0e

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 01199C46
                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,?,0119A86A,00000100,000002C0,000002C0,?,000002C0,00000100), ref: 01199C5E
                                                            • GetLastError.KERNEL32(?,0119A86A,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 01199C6B
                                                            Strings
                                                            • Failed get to file attributes. '%ls', xrefs: 01199CA8
                                                            • File search: %ls, did not find path: %ls, xrefs: 01199CBD
                                                            • Failed to format variable string., xrefs: 01199C51
                                                            • c:\agent\_work\66\s\src\burn\engine\search.cpp, xrefs: 01199C9B
                                                            • Failed to set variable., xrefs: 01199CF4
                                                            • @Mqt, xrefs: 01199C6B
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesErrorFileLastOpen@16
                                                            • String ID: @Mqt$Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$c:\agent\_work\66\s\src\burn\engine\search.cpp
                                                            • API String ID: 1811509786-2951974597
                                                            • Opcode ID: a39fe65ded376b87b6a8e912fd2c480f109978bbaa56a4abb99f6d5eb4729c09
                                                            • Instruction ID: c9fd75b20f4b878bda8956cf2524118f72e745bc15a1b3db61647215ab39c989
                                                            • Opcode Fuzzy Hash: a39fe65ded376b87b6a8e912fd2c480f109978bbaa56a4abb99f6d5eb4729c09
                                                            • Instruction Fuzzy Hash: 70218B33D0016ABBDF1E66A8DC06FAEBAA5AF10628F11422CFD30B7190E7719D00D2D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011AAA79 Relevance: 15.1, APIs: 2, Strings: 8, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 55%
                                                            			E011AAA79(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				char _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed short _t40;
				intOrPtr _t52;
				void* _t60;
				signed short _t62;
				signed int _t66;
				signed short _t70;
				signed short _t71;

				_t60 = __edx;
				_t35 =  *0x11fa008; // 0x295f764a
				_v8 = _t35 ^ _t66;
				_t52 = _a4;
				_v80 = _a12;
				_t61 = _a8;
				_v48 =  &_v88;
				_push( &_v72);
				_t40 =  &_v24;
				_v76 = 0;
				_v68 = 0;
				_v64 = 0;
				_v56 = 0;
				_v40 = 0;
				_v36 = 0;
				_v28 = 0;
				_push(_t40);
				_push(0xffffffff);
				_v24 = 0xaac56b;
				_v20 = 0x11d0cd44;
				_v16 = 0xc000c28c;
				_v12 = 0xee95c24f;
				_v88 = 0x10;
				_v84 = _a8;
				_v72 = 0x30;
				_v52 = 1;
				_v44 = 1;
				_v32 = 0x80;
				_v60 = 2;
				L011CEE0B();
				if(_t40 == 0) {
					L7:
					_push(_v40);
					L011CEE3C();
					__eflags = _t40;
					if(_t40 != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t40);
						L011CEE2C();
						__eflags = _t40;
						if(_t40 != 0) {
							_t62 = E011A9158(_t52,  *((intOrPtr*)(_t40 + 0x28)));
							__eflags = _t62;
							if(_t62 < 0) {
								_push("Failed to verify expected payload against actual certificate chain.");
								goto L21;
							}
						} else {
							_t62 = GetLastError();
							__eflags = _t62;
							if(__eflags > 0) {
								_t62 = _t62 & 0x0000ffff | 0x80070000;
								__eflags = _t62;
							}
							if(__eflags >= 0) {
								_t62 = 0x80004005;
							}
							E011938BA(_t45, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x3f0, _t62);
							_push("Failed to get signer chain from authenticode certificate.");
							goto L21;
						}
					} else {
						_t62 = GetLastError();
						__eflags = _t62;
						if(__eflags > 0) {
							_t62 = _t62 & 0x0000ffff | 0x80070000;
							__eflags = _t62;
						}
						if(__eflags >= 0) {
							_t62 = 0x80004005;
						}
						E011938BA(_t47, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x3ed, _t62);
						_push("Failed to get provider state from authenticode certificate.");
						L21:
						_push(_t62);
						E011CFB09();
					}
				} else {
					_v32 = _v32 | 0x00001000;
					_push( &_v72);
					_t40 =  &_v24;
					_push(_t40);
					_push(0xffffffff);
					L011CEE0B();
					_t62 = _t40;
					_t70 = _t62;
					if(_t70 == 0) {
						goto L7;
					} else {
						if(_t70 > 0) {
							_t71 = _t62;
						}
						if(_t71 >= 0) {
							_t62 = 0x80004005;
						}
						E011938BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x3e9, _t62);
						E011CFB09(_t62, "Failed authenticode verification of payload: %ls", _t61);
					}
				}
				return E011BDD1F(_t52, _v8 ^ _t66, _t60, _t61, _t62);
			}



































                                                            0x011aaa79
                                                            0x011aaa7f
                                                            0x011aaa86
                                                            0x011aaa8f
                                                            0x011aaa92
                                                            0x011aaa9a
                                                            0x011aaa9d
                                                            0x011aaaa3
                                                            0x011aaaa4
                                                            0x011aaaa7
                                                            0x011aaaaa
                                                            0x011aaaad
                                                            0x011aaab0
                                                            0x011aaab3
                                                            0x011aaab6
                                                            0x011aaab9
                                                            0x011aaabd
                                                            0x011aaabe
                                                            0x011aaac0
                                                            0x011aaac7
                                                            0x011aaace
                                                            0x011aaad5
                                                            0x011aaadc
                                                            0x011aaae3
                                                            0x011aaae6
                                                            0x011aaaed
                                                            0x011aaaf0
                                                            0x011aaaf3
                                                            0x011aaafa
                                                            0x011aab01
                                                            0x011aab08
                                                            0x011aab5e
                                                            0x011aab5e
                                                            0x011aab61
                                                            0x011aab66
                                                            0x011aab68
                                                            0x011aaba1
                                                            0x011aaba2
                                                            0x011aaba3
                                                            0x011aaba4
                                                            0x011aaba5
                                                            0x011aabaa
                                                            0x011aabac
                                                            0x011aabec
                                                            0x011aabee
                                                            0x011aabf0
                                                            0x011aabf2
                                                            0x00000000
                                                            0x011aabf2
                                                            0x011aabae
                                                            0x011aabb4
                                                            0x011aabb6
                                                            0x011aabb8
                                                            0x011aabbd
                                                            0x011aabc3
                                                            0x011aabc3
                                                            0x011aabc5
                                                            0x011aabc7
                                                            0x011aabc7
                                                            0x011aabd7
                                                            0x011aabdc
                                                            0x00000000
                                                            0x011aabdc
                                                            0x011aab6a
                                                            0x011aab70
                                                            0x011aab72
                                                            0x011aab74
                                                            0x011aab79
                                                            0x011aab7f
                                                            0x011aab7f
                                                            0x011aab81
                                                            0x011aab83
                                                            0x011aab83
                                                            0x011aab93
                                                            0x011aab98
                                                            0x011aabf7
                                                            0x011aabf7
                                                            0x011aabf8
                                                            0x011aabfe
                                                            0x011aab0a
                                                            0x011aab0a
                                                            0x011aab14
                                                            0x011aab15
                                                            0x011aab18
                                                            0x011aab19
                                                            0x011aab1b
                                                            0x011aab20
                                                            0x011aab22
                                                            0x011aab24
                                                            0x00000000
                                                            0x011aab26
                                                            0x011aab26
                                                            0x011aab31
                                                            0x011aab31
                                                            0x011aab33
                                                            0x011aab35
                                                            0x011aab35
                                                            0x011aab45
                                                            0x011aab51
                                                            0x011aab56
                                                            0x011aab24
                                                            0x011aac0f

                                                            APIs
                                                            • GetLastError.KERNEL32(011954C6,000000FF,01195482,011A76FC,011953FA,00000000,?), ref: 011AAB6A
                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,011954C6,000000FF,01195482,011A76FC,011953FA,00000000,?), ref: 011AABAE
                                                              • Part of subcall function 011A9158: _memcmp.LIBVCRUNTIME ref: 011A91E6
                                                              • Part of subcall function 011A9158: _memcmp.LIBVCRUNTIME ref: 011A9220
                                                            Strings
                                                            • Failed to verify expected payload against actual certificate chain., xrefs: 011AABF2
                                                            • Failed to get signer chain from authenticode certificate., xrefs: 011AABDC
                                                            • Failed authenticode verification of payload: %ls, xrefs: 011AAB4B
                                                            • 0, xrefs: 011AAAE6
                                                            • Failed to get provider state from authenticode certificate., xrefs: 011AAB98
                                                            • c:\agent\_work\66\s\src\burn\engine\cache.cpp, xrefs: 011AAB40, 011AAB8E, 011AABD2
                                                            • Jv_), xrefs: 011AAA7F
                                                            • @Mqt, xrefs: 011AAB6A, 011AABAE
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast_memcmp
                                                            • String ID: 0$@Mqt$Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$Jv_)$c:\agent\_work\66\s\src\burn\engine\cache.cpp
                                                            • API String ID: 3428363238-3842666743
                                                            • Opcode ID: 17d2a20cd76e0f042d2677b097f58e2a1b849299f534a2d9f4b31c89c66d1221
                                                            • Instruction ID: 5916ef0f1da8f10c2fbbd9b87698c18420557ccf859ea41626392cdafdc98db5
                                                            • Opcode Fuzzy Hash: 17d2a20cd76e0f042d2677b097f58e2a1b849299f534a2d9f4b31c89c66d1221
                                                            • Instruction Fuzzy Hash: 8B41C6B6C01226ABDB1DDFE9D804ADEBFB9AF14714F51012DE911BB240D7749900CBE4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D5C9E Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 153fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 50%
                                                            			E011D5C9E(void* __ecx, intOrPtr* _a4, signed short _a8, WCHAR* _a12, WCHAR* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				char _v12;
				signed int _v16;
				WCHAR* _v20;
				signed int _v24;
				void* _v28;
				signed short _v32;
				void* _v36;
				WCHAR* _v40;
				char _v44;
				signed int _t61;
				WCHAR* _t73;
				WCHAR* _t87;
				signed short _t88;
				intOrPtr* _t89;
				signed short _t94;

				_t85 = __ecx;
				_v16 = _v16 | 0xffffffff;
				_t84 = _a4;
				_v12 = 0;
				_t87 = 0;
				_v8 = 0;
				_v20 = 0;
				_v28 = 0;
				_v24 = 0;
				_v36 = 0;
				_v32 = 0;
				_v44 = 0;
				_v40 = 0;
				_t88 = E0119229E( &_v12,  *_a4, 0);
				if(_t88 >= 0) {
					 *0x11fa96c(L"Burn", 0, 0, 0, 0);
					_t87 = 0;
					if(0 != 0) {
						E011D4FF7(__ecx, L"WiX\\Burn", L"DownloadTimeout", 0x78,  &_v8);
						_t61 = _v8;
						if(_t61 != 0) {
							_t89 =  *0x11fa970; // 0x11d9fbb
							_v8 = _t61 * 0x3e8;
							 *_t89(0, 2,  &_v8, 4);
							 *_t89(0, 6,  &_v8, 4);
							 *_t89(0, 5,  &_v8, 4);
						}
						_t88 = E011D54F6(_t85, _t87,  &_v12,  *((intOrPtr*)(_t84 + 4)),  *((intOrPtr*)(_t84 + 8)), _a24,  &_v36,  &_v44);
						if(_t88 >= 0) {
							E011D559F(_t85, _a16,  &_v20,  &_v16,  &_v28);
							_t88 = E011D5253(_t87,  &_v12,  *((intOrPtr*)(_t84 + 4)),  *((intOrPtr*)(_t84 + 8)), _a16, _a8, _a12, _v36, _v32, _v28, _v24, _v16, _a20, _a24);
							if(_t88 >= 0) {
								_t73 = _v20;
								if(_t73 != 0 &&  *_t73 != 0) {
									DeleteFileW(_t73);
								}
							}
							if(_v16 != 0xffffffff) {
								CloseHandle(_v16);
							}
						}
					} else {
						_t88 = GetLastError();
						if(_t88 > 0) {
							_t88 = _t88 & 0x0000ffff | 0x80070000;
							_t94 = _t88;
						}
						if(_t94 >= 0) {
							_t88 = 0x80004005;
						}
						E011938BA(_t82, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0x84, _t88);
					}
				}
				_t52 = _v20;
				if(_v20 != 0) {
					E01192762(_t52);
				}
				if(_t87 != 0) {
					 *0x11fa994(_t87);
				}
				if(_v12 != 0) {
					E01192762(_v12);
				}
				return _t88;
			}



















                                                            0x011d5c9e
                                                            0x011d5ca4
                                                            0x011d5cab
                                                            0x011d5cb3
                                                            0x011d5cb6
                                                            0x011d5cb8
                                                            0x011d5cbb
                                                            0x011d5cbe
                                                            0x011d5cc1
                                                            0x011d5cc4
                                                            0x011d5cc7
                                                            0x011d5cca
                                                            0x011d5ccd
                                                            0x011d5cd9
                                                            0x011d5cdd
                                                            0x011d5cee
                                                            0x011d5cf4
                                                            0x011d5cf8
                                                            0x011d5d3d
                                                            0x011d5d42
                                                            0x011d5d47
                                                            0x011d5d49
                                                            0x011d5d57
                                                            0x011d5d61
                                                            0x011d5d6c
                                                            0x011d5d77
                                                            0x011d5d77
                                                            0x011d5d94
                                                            0x011d5d98
                                                            0x011d5da9
                                                            0x011d5ddc
                                                            0x011d5de0
                                                            0x011d5de2
                                                            0x011d5de7
                                                            0x011d5df1
                                                            0x011d5df1
                                                            0x011d5de7
                                                            0x011d5dfb
                                                            0x011d5e00
                                                            0x011d5e00
                                                            0x011d5dfb
                                                            0x011d5cfa
                                                            0x011d5d00
                                                            0x011d5d04
                                                            0x011d5d09
                                                            0x011d5d0f
                                                            0x011d5d0f
                                                            0x011d5d11
                                                            0x011d5d13
                                                            0x011d5d13
                                                            0x011d5d23
                                                            0x011d5d23
                                                            0x011d5cf8
                                                            0x011d5e06
                                                            0x011d5e0b
                                                            0x011d5e0e
                                                            0x011d5e0e
                                                            0x011d5e15
                                                            0x011d5e18
                                                            0x011d5e18
                                                            0x011d5e22
                                                            0x011d5e27
                                                            0x011d5e27
                                                            0x011d5e32

                                                            APIs
                                                            • GetLastError.KERNEL32 ref: 011D5CFA
                                                            • DeleteFileW.KERNEL32(00000410,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 011D5DF1
                                                            • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 011D5E00
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseDeleteErrorFileHandleLast
                                                            • String ID: @Mqt$Burn$DownloadTimeout$WiX\Burn$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 3522763407-3489524469
                                                            • Opcode ID: f365d2924ae39e99eeb60d8a97398438b124a21e87cb821135dfd6b5dc19bb6f
                                                            • Instruction ID: d378cf210a6fc7149b64fd45c4d7901ad3f4be61f714fc7c5238ee2e6dea64cf
                                                            • Opcode Fuzzy Hash: f365d2924ae39e99eeb60d8a97398438b124a21e87cb821135dfd6b5dc19bb6f
                                                            • Instruction Fuzzy Hash: CA512B76D0061ABBDF56DFA8CC44EEEBFBAEF08750F004165EA14E6150E7348A51DBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01199E89 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 52%
                                                            			E01199E89(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t34;
				intOrPtr _t35;
				void* _t36;
				void* _t43;
				void* _t48;
				void* _t50;
				void* _t53;
				intOrPtr _t58;
				intOrPtr* _t59;
				void* _t61;
				void* _t62;

				_t47 = _a8;
				_t59 = _a4;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v8 = 0;
				if(E01197303(_a8,  *((intOrPtr*)(_t59 + 0x18)),  &_v16, 0) >= 0) {
					if( *((intOrPtr*)(_t59 + 0x14)) == 0) {
						L5:
						_push( &_v8);
						_push( &_v12);
						_push(_v16);
						if(_v20 == 0) {
							_t34 = E011D25CD(_t48);
						} else {
							_push(_v20);
							_t34 = E011D20A4(_t48);
						}
						_t61 = _t34;
						_t35 = _v12;
						_t58 = 4;
						if(_t35 != 0xfffffffc) {
							if(_t35 == 0xffffffff || _t35 == 0xfffffff9) {
								_t35 = 2;
								goto L17;
							} else {
								if(_t35 == 2 || _t35 == 3 || _t35 == _t58) {
									goto L18;
								} else {
									_t61 = 0x80070057;
									E011CFB09(0x80070057, "Failed to get component path: %d", _t35);
									_t62 = _t62 + 0xc;
									goto L35;
								}
							}
						} else {
							_t35 = _t58;
							L17:
							_v12 = _t35;
							L18:
							_t50 =  *((intOrPtr*)(_t59 + 0x10)) - 1;
							if(_t50 == 0) {
								if(_t35 == 2 || _t35 == 3 || _t35 == _t58) {
									L30:
									_t36 = E0119821A(_t47,  *((intOrPtr*)(_t59 + 4)), _v8, 0);
									L31:
									_t61 = _t36;
									goto L32;
								} else {
									L32:
									if(_t61 >= 0) {
										L36:
										E0119287D(_v16);
										E0119287D(_v20);
										if(_v8 != 0) {
											E01192762(_v8);
										}
										return _t61;
									}
									_push("Failed to set variable.");
									L34:
									_push(_t61);
									E011CFB09();
									L35:
									_push(_t61);
									E011CFFF0(2, "MsiComponentSearch failed: ID \'%ls\', HRESULT 0x%x",  *_t59);
									goto L36;
								}
							}
							_t53 = _t50 - 1;
							if(_t53 == 0) {
								asm("cdq");
								_t36 = E01198274(_t47,  *((intOrPtr*)(_t59 + 4)), _t35, _t58, 0);
								goto L31;
							}
							if(_t53 != 1 || _t35 != 2 && _t35 != 3 && _t35 != _t58) {
								goto L32;
							} else {
								_t43 = E011BF821(_v8, 0x5c);
								if(_t43 != 0) {
									 *((short*)(_t43 + 2)) = 0;
								}
								goto L30;
							}
						}
					}
					_t61 = E01197303(_t47,  *((intOrPtr*)(_t59 + 0x14)),  &_v20, 0);
					if(_t61 >= 0) {
						goto L5;
					}
					_push("Failed to format product code string.");
					goto L34;
				}
				_push("Failed to format component id string.");
				goto L34;
			}


















                                                            0x01199e90
                                                            0x01199e97
                                                            0x01199e9b
                                                            0x01199e9e
                                                            0x01199ea1
                                                            0x01199ea4
                                                            0x01199eb8
                                                            0x01199ec8
                                                            0x01199ee9
                                                            0x01199ef0
                                                            0x01199ef4
                                                            0x01199ef5
                                                            0x01199ef8
                                                            0x01199f04
                                                            0x01199efa
                                                            0x01199efa
                                                            0x01199efd
                                                            0x01199efd
                                                            0x01199f09
                                                            0x01199f0b
                                                            0x01199f10
                                                            0x01199f14
                                                            0x01199f1d
                                                            0x01199f4a
                                                            0x00000000
                                                            0x01199f24
                                                            0x01199f27
                                                            0x00000000
                                                            0x01199f32
                                                            0x01199f33
                                                            0x01199f3e
                                                            0x01199f43
                                                            0x00000000
                                                            0x01199f43
                                                            0x01199f27
                                                            0x01199f16
                                                            0x01199f16
                                                            0x01199f4b
                                                            0x01199f4b
                                                            0x01199f4e
                                                            0x01199f51
                                                            0x01199f54
                                                            0x01199f99
                                                            0x01199fa4
                                                            0x01199fad
                                                            0x01199fb2
                                                            0x01199fb2
                                                            0x00000000
                                                            0x01199fb4
                                                            0x01199fb4
                                                            0x01199fb6
                                                            0x01199fd7
                                                            0x01199fda
                                                            0x01199fe2
                                                            0x01199feb
                                                            0x01199ff0
                                                            0x01199ff0
                                                            0x01199ffb
                                                            0x01199ffb
                                                            0x01199fb8
                                                            0x01199fbd
                                                            0x01199fbd
                                                            0x01199fbe
                                                            0x01199fc5
                                                            0x01199fc5
                                                            0x01199fcf
                                                            0x00000000
                                                            0x01199fd4
                                                            0x01199f99
                                                            0x01199f56
                                                            0x01199f59
                                                            0x01199f88
                                                            0x01199f8f
                                                            0x00000000
                                                            0x01199f8f
                                                            0x01199f5e
                                                            0x00000000
                                                            0x01199f6e
                                                            0x01199f73
                                                            0x01199f7c
                                                            0x01199f80
                                                            0x01199f80
                                                            0x00000000
                                                            0x01199f7c
                                                            0x01199f5e
                                                            0x01199f14
                                                            0x01199ed9
                                                            0x01199edd
                                                            0x00000000
                                                            0x00000000
                                                            0x01199edf
                                                            0x00000000
                                                            0x01199edf
                                                            0x01199eba
                                                            0x00000000

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 01199EAF
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 01199ED4
                                                            Strings
                                                            • MsiComponentSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 01199FC8
                                                            • Failed to get component path: %d, xrefs: 01199F38
                                                            • Failed to format product code string., xrefs: 01199EDF
                                                            • Failed to set variable., xrefs: 01199FB8
                                                            • Failed to format component id string., xrefs: 01199EBA
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Open@16
                                                            • String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
                                                            • API String ID: 3613110473-1671347822
                                                            • Opcode ID: dc6e80b998a5669c7f720f0514ca1ebbfdd7c4e85c58a2af28eb89c65ae82b3f
                                                            • Instruction ID: 0d3c2c37c2932c405c06b5b543f23b3fa74014a2694c5217ea02af622c39148f
                                                            • Opcode Fuzzy Hash: dc6e80b998a5669c7f720f0514ca1ebbfdd7c4e85c58a2af28eb89c65ae82b3f
                                                            • Instruction Fuzzy Hash: 9E41157290410EBADF2E9AAC8C45BBEFF69EF14618F24461EE230E1190E3319950C783
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CFDEF Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 116fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 98%
                                                            			E011CFDEF(void* __ecx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, signed short _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				void* __ebx;
				void* __esi;
				intOrPtr* _t21;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t35;
				void* _t46;
				void* _t47;
				signed short _t49;

				_t47 = __edi;
				_t46 = __edx;
				_t45 = __ecx;
				_push(__ecx);
				_v8 = 0;
				EnterCriticalSection(0x11fb5d4);
				_t21 = _a16;
				if(_t21 == 0 ||  *_t21 == 0) {
					_t49 = E01192E55(_t45, _a4, _a8, 0x11fb5cc);
					__eflags = _t49;
					if(_t49 < 0) {
						goto L23;
					}
					_t49 = E01193533(_t45,  *0x11fb5cc,  &_v8);
					__eflags = _t49;
					if(_t49 < 0) {
						goto L23;
					}
					_t49 = E0119415F(_v8, 0);
					__eflags = _t49;
					if(_t49 < 0) {
						goto L23;
					}
					__eflags = _a20;
					_t31 = CreateFileW( *0x11fb5cc, 0x40000000, 1, 0, 2 + (0 | _a20 != 0x00000000) * 2, 0x80, 0);
					 *0x11fa774 = _t31;
					__eflags = _t31 - 0xffffffff;
					if(_t31 != 0xffffffff) {
						L13:
						__eflags = _a20;
						if(_a20 != 0) {
							SetFilePointer(_t31, 0, 0, 2);
						}
						goto L15;
					}
					_t49 = GetLastError();
					__eflags = _t49;
					if(__eflags > 0) {
						_t49 = _t49 & 0x0000ffff | 0x80070000;
						__eflags = _t49;
					}
					if(__eflags >= 0) {
						_t31 =  *0x11fa774; // 0xffffffff
						goto L13;
					} else {
						E011938BA(_t39, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\logutil.cpp", 0x81, _t49);
						goto L23;
					}
				} else {
					_t49 = E01192EBC(_t46, _a4, _a8, _a12, _t21, 0x11fb5cc, 0x11fa774);
					if(_t49 < 0) {
						L23:
						LeaveCriticalSection(0x11fb5d4);
						if(_v8 != 0) {
							E01192762(_v8);
						}
						return _t49;
					} else {
						L15:
						if(_a24 != 0) {
							E011CFBC6(0, _t46, _t47, _t49);
						}
						_t32 =  *0x11fb5d0; // 0x6f2c60
						if(_t32 != 0) {
							E011D002E(_t45, _t32);
							_t35 =  *0x11fb5d0; // 0x6f2c60
							if(_t35 != 0) {
								E01192762(_t35);
								 *0x11fb5d0 = 0;
							}
						}
						if(_a28 == 0) {
							L22:
							 *0x11fb5c8 = 0;
							goto L23;
						} else {
							_t49 = E0119229E(_a28,  *0x11fb5cc, 0);
							if(_t49 < 0) {
								goto L23;
							}
							goto L22;
						}
					}
				}
			}













                                                            0x011cfdef
                                                            0x011cfdef
                                                            0x011cfdef
                                                            0x011cfdf2
                                                            0x011cfdfc
                                                            0x011cfdff
                                                            0x011cfe05
                                                            0x011cfe0a
                                                            0x011cfe49
                                                            0x011cfe4b
                                                            0x011cfe4d
                                                            0x00000000
                                                            0x00000000
                                                            0x011cfe62
                                                            0x011cfe64
                                                            0x011cfe66
                                                            0x00000000
                                                            0x00000000
                                                            0x011cfe75
                                                            0x011cfe77
                                                            0x011cfe79
                                                            0x00000000
                                                            0x00000000
                                                            0x011cfe81
                                                            0x011cfea3
                                                            0x011cfea9
                                                            0x011cfeae
                                                            0x011cfeb1
                                                            0x011cfee3
                                                            0x011cfee3
                                                            0x011cfee6
                                                            0x011cfeed
                                                            0x011cfeed
                                                            0x00000000
                                                            0x011cfee6
                                                            0x011cfeb9
                                                            0x011cfebb
                                                            0x011cfebd
                                                            0x011cfec2
                                                            0x011cfec8
                                                            0x011cfec8
                                                            0x011cfeca
                                                            0x011cfede
                                                            0x00000000
                                                            0x011cfecc
                                                            0x011cfed7
                                                            0x00000000
                                                            0x011cfed7
                                                            0x011cfe11
                                                            0x011cfe2a
                                                            0x011cfe2e
                                                            0x011cff41
                                                            0x011cff46
                                                            0x011cff4f
                                                            0x011cff54
                                                            0x011cff54
                                                            0x011cff5e
                                                            0x011cfe34
                                                            0x011cfef3
                                                            0x011cfef6
                                                            0x011cfef8
                                                            0x011cfef8
                                                            0x011cfefd
                                                            0x011cff04
                                                            0x011cff07
                                                            0x011cff0c
                                                            0x011cff13
                                                            0x011cff16
                                                            0x011cff1b
                                                            0x011cff1b
                                                            0x011cff13
                                                            0x011cff24
                                                            0x011cff3b
                                                            0x011cff3b
                                                            0x00000000
                                                            0x011cff26
                                                            0x011cff35
                                                            0x011cff39
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011cff39
                                                            0x011cff24
                                                            0x011cfe2e

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(011FB5D4,00000000,?,?,?,011A4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,01195537,?), ref: 011CFDFF
                                                            • CreateFileW.KERNEL32(40000000,00000001,00000000,00000000,00000080,00000000,?,00000000,?,?,?,011FB5CC,?,011A4192,00000000,Setup), ref: 011CFEA3
                                                            • GetLastError.KERNEL32(?,011A4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,01195537,?,?,?), ref: 011CFEB3
                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,011A4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,01195537,?), ref: 011CFEED
                                                              • Part of subcall function 01192EBC: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 01193006
                                                            • LeaveCriticalSection.KERNEL32(011FB5D4,?,?,011FB5CC,?,011A4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,01195537,?), ref: 011CFF46
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                            • String ID: @Mqt$`,o$c:\agent\_work\66\s\src\libs\dutil\logutil.cpp
                                                            • API String ID: 4111229724-302545055
                                                            • Opcode ID: 24b4449eec35883b0a55357f0c0af8108b7c5fe8d3e7a2ced64a89bd5ff1a9bb
                                                            • Instruction ID: 71667dace9ec6ae40327f5c76c6b59d1272c405b18d1a7e755840670d5f0db94
                                                            • Opcode Fuzzy Hash: 24b4449eec35883b0a55357f0c0af8108b7c5fe8d3e7a2ced64a89bd5ff1a9bb
                                                            • Instruction Fuzzy Hash: CC31C27290522BABDF2D9F74EC44A5E3E6AEF20F44B01422CFA10A7150C735CD429BE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D6402 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 61%
                                                            			E011D6402(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _t38;
				void* _t56;
				intOrPtr _t60;
				intOrPtr* _t62;
				intOrPtr* _t63;
				void* _t68;
				void* _t77;

				_t38 = _a4;
				_v16 = _v16 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t61 =  *_t38;
				_t68 =  *((intOrPtr*)( *_t38 + 0x30))(_t38,  &_v16);
				if(_t68 < 0) {
					L19:
					if(_v8 != 0) {
						__imp__#6(_v8);
					}
					_t62 = _v12;
					if(_t62 != 0) {
						 *((intOrPtr*)( *_t62 + 8))(_t62);
					}
					_t63 = _v16;
					if(_t63 != 0) {
						 *((intOrPtr*)( *_t63 + 8))(_t63);
					}
					return _t68;
				}
				_t68 = E011D30E2(_t61, _v16,  &_v12,  &_v8);
				if(_t68 != 0) {
					L16:
					if(_t77 >= 0) {
						_t68 = 0;
					}
					L18:
					goto L19;
				}
				_t60 = _a8;
				do {
					if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"name", 0xffffffff) != 2) {
						if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"email", 0xffffffff) != 2) {
							if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"uri", 0xffffffff) != 2) {
								goto L11;
							}
							_t19 = _t60 + 8; // 0x8
							_t56 = _t19;
							L9:
							_push(_v12);
							_push(_t56);
							L10:
							_t68 = E011D60FB(_t61);
							if(_t68 < 0) {
								goto L18;
							}
							goto L11;
						}
						_t17 = _t60 + 4; // 0x4
						_t56 = _t17;
						goto L9;
					}
					_push(_v12);
					_push(_t60);
					goto L10;
					L11:
					if(_v8 != 0) {
						__imp__#6(_v8);
						_v8 = _v8 & 0x00000000;
					}
					_t61 = _v12;
					if(_t61 != 0) {
						 *((intOrPtr*)( *_t61 + 8))(_t61);
						_v12 = _v12 & 0x00000000;
					}
					_t68 = E011D30E2(_t61, _v16,  &_v12,  &_v8);
					_t77 = _t68;
				} while (_t77 == 0);
				goto L16;
			}













                                                            0x011d6408
                                                            0x011d640e
                                                            0x011d6412
                                                            0x011d6416
                                                            0x011d641a
                                                            0x011d6422
                                                            0x011d6426
                                                            0x011d64f7
                                                            0x011d64fb
                                                            0x011d6500
                                                            0x011d6500
                                                            0x011d6506
                                                            0x011d650b
                                                            0x011d6510
                                                            0x011d6510
                                                            0x011d6513
                                                            0x011d6518
                                                            0x011d651d
                                                            0x011d651d
                                                            0x011d6524
                                                            0x011d6524
                                                            0x011d643e
                                                            0x011d6442
                                                            0x011d64f1
                                                            0x011d64f1
                                                            0x011d64f3
                                                            0x011d64f3
                                                            0x011d64f5
                                                            0x00000000
                                                            0x011d64f6
                                                            0x011d6448
                                                            0x011d6451
                                                            0x011d6466
                                                            0x011d6483
                                                            0x011d649f
                                                            0x00000000
                                                            0x00000000
                                                            0x011d64a1
                                                            0x011d64a1
                                                            0x011d64a4
                                                            0x011d64a4
                                                            0x011d64a7
                                                            0x011d64a8
                                                            0x011d64ad
                                                            0x011d64b1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d64b1
                                                            0x011d6485
                                                            0x011d6485
                                                            0x00000000
                                                            0x011d6485
                                                            0x011d6468
                                                            0x011d646b
                                                            0x00000000
                                                            0x011d64b3
                                                            0x011d64b7
                                                            0x011d64bc
                                                            0x011d64c2
                                                            0x011d64c2
                                                            0x011d64c6
                                                            0x011d64cb
                                                            0x011d64d0
                                                            0x011d64d3
                                                            0x011d64d3
                                                            0x011d64e7
                                                            0x011d64e9
                                                            0x011d64e9
                                                            0x00000000

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,name,000000FF,00000000,00000000,00000000,?,74714160), ref: 011D6461
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,email,000000FF), ref: 011D647E
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D64BC
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D6500
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$CompareFree
                                                            • String ID: email$name$uri
                                                            • API String ID: 3589242889-1168628755
                                                            • Opcode ID: 4f55a6618e2faa13c71c82d1e938c55939b38715ddbb031f178ec193e6bb517d
                                                            • Instruction ID: 2582bab011b947d012f1fd2545d2f6aed77a956343d444dde1b30026788f82bb
                                                            • Opcode Fuzzy Hash: 4f55a6618e2faa13c71c82d1e938c55939b38715ddbb031f178ec193e6bb517d
                                                            • Instruction Fuzzy Hash: B2419532D05219FBDF19DB98CC44F9EBB75AF00725F2082A4E620AB1D4C775DA44DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D559F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 99fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 81%
                                                            			E011D559F(void* __ecx, intOrPtr _a4, WCHAR** _a8, void** _a12, signed int* _a16) {
				signed int _v8;
				signed short _v12;
				void* _t22;
				signed short _t25;
				signed int* _t33;
				intOrPtr _t36;
				WCHAR** _t39;
				void* _t41;
				signed short _t43;
				signed short _t52;

				_t33 = _a16;
				_v8 = 0;
				_v12 = 0;
				 *_t33 = 0;
				_t33[1] = 0;
				_t39 = _a8;
				_t43 = E01192022(_t39, L"%ls.R", _a4);
				if(_t43 < 0) {
					L21:
					return _t43;
				}
				_t41 = CreateFileW( *_t39, 0xc0000000, 4, 0, 4, 0x80, 0);
				if(_t41 != 0xffffffff) {
					_t36 = _v8;
					while(1) {
						_push(0);
						_push( &_v12);
						_t22 = 8;
						_t25 = ReadFile(_t41, _t36 + _t33, _t22 - _t36, ??, ??);
						__eflags = _t25;
						if(_t25 == 0) {
							break;
						}
						_t36 = _v8 + _v12;
						__eflags = _v12;
						_v8 = _t36;
						if(_v12 == 0) {
							L11:
							__eflags = _t36 - 8;
							if(_t36 != 8) {
								 *_t33 =  *_t33 & 0x00000000;
								_t14 =  &(_t33[1]);
								 *_t14 = _t33[1] & 0x00000000;
								__eflags =  *_t14;
							}
							 *_a12 = _t41;
							_t41 = _t41 | 0xffffffff;
							L19:
							__eflags = _t41 - 0xffffffff;
							if(_t41 != 0xffffffff) {
								CloseHandle(_t41);
							}
							goto L21;
						}
						__eflags = _t36 - 8;
						if(_t36 < 8) {
							continue;
						}
						goto L11;
					}
					_t43 = GetLastError();
					__eflags = _t43;
					if(__eflags > 0) {
						_t43 = _t43 & 0x0000ffff | 0x80070000;
						__eflags = _t43;
					}
					if(__eflags >= 0) {
						_t43 = 0x80004005;
					}
					E011938BA(_t26, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0xc8, _t43);
					goto L19;
				}
				_t43 = GetLastError();
				if(_t43 > 0) {
					_t43 = _t43 & 0x0000ffff | 0x80070000;
					_t52 = _t43;
				}
				if(_t52 >= 0) {
					_t43 = 0x80004005;
				}
				E011938BA(_t30, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0xc1, _t43);
				goto L21;
			}













                                                            0x011d55a5
                                                            0x011d55ac
                                                            0x011d55af
                                                            0x011d55b2
                                                            0x011d55b4
                                                            0x011d55ba
                                                            0x011d55c8
                                                            0x011d55cf
                                                            0x011d56ab
                                                            0x011d56b1
                                                            0x011d56b1
                                                            0x011d55ef
                                                            0x011d55f4
                                                            0x011d5629
                                                            0x011d562c
                                                            0x011d562c
                                                            0x011d5631
                                                            0x011d5634
                                                            0x011d563d
                                                            0x011d5643
                                                            0x011d5645
                                                            0x00000000
                                                            0x00000000
                                                            0x011d564a
                                                            0x011d564d
                                                            0x011d5651
                                                            0x011d5654
                                                            0x011d565b
                                                            0x011d565b
                                                            0x011d565e
                                                            0x011d5660
                                                            0x011d5663
                                                            0x011d5663
                                                            0x011d5663
                                                            0x011d5663
                                                            0x011d566a
                                                            0x011d566c
                                                            0x011d569f
                                                            0x011d569f
                                                            0x011d56a2
                                                            0x011d56a5
                                                            0x011d56a5
                                                            0x00000000
                                                            0x011d56a2
                                                            0x011d5656
                                                            0x011d5659
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5659
                                                            0x011d5677
                                                            0x011d5679
                                                            0x011d567b
                                                            0x011d5680
                                                            0x011d5686
                                                            0x011d5686
                                                            0x011d5688
                                                            0x011d568a
                                                            0x011d568a
                                                            0x011d569a
                                                            0x00000000
                                                            0x011d569a
                                                            0x011d55fc
                                                            0x011d5600
                                                            0x011d5605
                                                            0x011d560b
                                                            0x011d560b
                                                            0x011d560d
                                                            0x011d560f
                                                            0x011d560f
                                                            0x011d561f
                                                            0x00000000

                                                            APIs
                                                            • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 011D55E9
                                                            • GetLastError.KERNEL32 ref: 011D55F6
                                                            • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 011D563D
                                                            • GetLastError.KERNEL32 ref: 011D5671
                                                            • CloseHandle.KERNEL32(00000000,c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp,000000C8,00000000), ref: 011D56A5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLast$CloseCreateHandleRead
                                                            • String ID: %ls.R$@Mqt$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 3160720760-3279515078
                                                            • Opcode ID: 537feb29e3c77c5b1577b1e415b576e5320bd7d590a11f7427d4c41aed708891
                                                            • Instruction ID: 266617c967e7c86fd3e9ae7f9f4b08e00be34d40cfaafb7ba4af7678aed825c9
                                                            • Opcode Fuzzy Hash: 537feb29e3c77c5b1577b1e415b576e5320bd7d590a11f7427d4c41aed708891
                                                            • Instruction Fuzzy Hash: B831FB76941111BBEB388B68DD44BAE7EB5AF01760F114215EF11EF1C0D77498408BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119C8A5 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 97fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 50%
                                                            			E0119C8A5(void* __edx, signed short _a4, intOrPtr _a8) {
				char _v8;
				signed short _v12;
				void* __ecx;
				void* _t30;
				intOrPtr _t36;
				intOrPtr* _t38;
				signed short _t41;
				void* _t46;
				void* _t49;
				signed short _t52;

				_t46 = __edx;
				_push(_t40);
				_t38 = _a4;
				_t52 = 0;
				_v8 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(_t38 + 4)) > 0) {
					_t41 = 0;
					_a4 = 0;
					while(1) {
						_t49 =  *_t38 + _t41;
						_t7 = _t49 + 4; // 0xe0680a79
						_t52 = E0119CD19(_t41, _a8,  *_t7,  &_v8);
						if(_t52 < 0) {
							break;
						}
						_t10 = _t49 + 8; // 0x1195402
						_t52 = E0119229E(_t10,  *((intOrPtr*)(_v8 + 0x50)), 0);
						if(_t52 < 0) {
							_push("Failed to get catalog local file path");
							L17:
							_push(_t52);
							E011CFB09();
						} else {
							_t12 = _t49 + 8; // 0xe9011daa
							_t30 = CreateFileW( *_t12, 0x80000000, 5, 0, 3, 0x8000000, 0);
							 *(_t49 + 0xc) = _t30;
							if(_t30 == 0xffffffff) {
								_t52 = GetLastError();
								__eflags = _t52;
								if(__eflags > 0) {
									_t52 = _t52 & 0x0000ffff | 0x80070000;
									__eflags = _t52;
								}
								if(__eflags >= 0) {
									_t52 = 0x80004005;
								}
								E011938BA(_t31, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\catalog.cpp", 0x76, _t52);
								_t22 = _t49 + 8; // 0xe9011daa
								_push( *_t22);
								_push("Failed to open catalog in working path: %ls");
								goto L14;
							} else {
								_t14 = _t49 + 8; // 0xe9011daa
								_t52 = E011AAA79(_t46, _v8,  *_t14, _t30);
								if(_t52 < 0) {
									_t21 = _t49 + 8; // 0xe9011daa
									_push( *_t21);
									_push("Failed to verify catalog signature: %ls");
									L14:
									_push(_t52);
									E011CFB09();
								} else {
									_t36 = _v12 + 1;
									_t41 = _a4 + 0x10;
									_v12 = _t36;
									_a4 = _t41;
									if(_t36 <  *((intOrPtr*)(_t38 + 4))) {
										continue;
									} else {
									}
								}
							}
						}
						goto L19;
					}
					_push("Failed to find payload for catalog file.");
					goto L17;
				}
				L19:
				return _t52;
			}













                                                            0x0119c8a5
                                                            0x0119c8a9
                                                            0x0119c8ab
                                                            0x0119c8b1
                                                            0x0119c8b3
                                                            0x0119c8b6
                                                            0x0119c8bc
                                                            0x0119c8c2
                                                            0x0119c8c4
                                                            0x0119c8c8
                                                            0x0119c8cd
                                                            0x0119c8d0
                                                            0x0119c8db
                                                            0x0119c8df
                                                            0x00000000
                                                            0x00000000
                                                            0x0119c8e8
                                                            0x0119c8f6
                                                            0x0119c8fa
                                                            0x0119c998
                                                            0x0119c9a4
                                                            0x0119c9a4
                                                            0x0119c9a5
                                                            0x0119c900
                                                            0x0119c912
                                                            0x0119c915
                                                            0x0119c91b
                                                            0x0119c921
                                                            0x0119c960
                                                            0x0119c962
                                                            0x0119c964
                                                            0x0119c969
                                                            0x0119c96f
                                                            0x0119c96f
                                                            0x0119c971
                                                            0x0119c973
                                                            0x0119c973
                                                            0x0119c980
                                                            0x0119c985
                                                            0x0119c985
                                                            0x0119c988
                                                            0x00000000
                                                            0x0119c923
                                                            0x0119c924
                                                            0x0119c92f
                                                            0x0119c933
                                                            0x0119c950
                                                            0x0119c950
                                                            0x0119c953
                                                            0x0119c98d
                                                            0x0119c98d
                                                            0x0119c98e
                                                            0x0119c935
                                                            0x0119c93b
                                                            0x0119c93c
                                                            0x0119c93f
                                                            0x0119c942
                                                            0x0119c948
                                                            0x00000000
                                                            0x00000000
                                                            0x0119c94e
                                                            0x0119c948
                                                            0x0119c933
                                                            0x0119c921
                                                            0x00000000
                                                            0x0119c9ac
                                                            0x0119c99f
                                                            0x00000000
                                                            0x0119c99f
                                                            0x0119c9ad
                                                            0x0119c9b2

                                                            APIs
                                                              • Part of subcall function 0119CD19: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,0119E3ED,000000FF,00000000,00000000,0119E3ED,?,?,0119DB97,?,?,?,?), ref: 0119CD44
                                                            • CreateFileW.KERNEL32(E9011DAA,80000000,00000005,00000000,00000003,08000000,00000000,01195402,?,00000000,840F01E8,E0680A79,00000001,011953FA,00000000,011954C6), ref: 0119C915
                                                            • GetLastError.KERNEL32(?,?,?,011A76FC,011956AA,011954B6,011954B6,00000000,?,011954C6,FFF9E89D,011954C6,011954FA,01195482,?,01195482), ref: 0119C95A
                                                            Strings
                                                            • Failed to open catalog in working path: %ls, xrefs: 0119C988
                                                            • c:\agent\_work\66\s\src\burn\engine\catalog.cpp, xrefs: 0119C97B
                                                            • Failed to verify catalog signature: %ls, xrefs: 0119C953
                                                            • @Mqt, xrefs: 0119C95A
                                                            • Failed to find payload for catalog file., xrefs: 0119C99F
                                                            • Failed to get catalog local file path, xrefs: 0119C998
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareCreateErrorFileLastString
                                                            • String ID: @Mqt$Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$c:\agent\_work\66\s\src\burn\engine\catalog.cpp
                                                            • API String ID: 1774366664-1087030872
                                                            • Opcode ID: de4b3892782e3bbf025d21af7c9e9484b52fbd4fc6c69d67c1b88dc050badf5e
                                                            • Instruction ID: f5649f63405038fdffdcf8b904194b09a4a64fdb693a00c873f0f76288f627b7
                                                            • Opcode Fuzzy Hash: de4b3892782e3bbf025d21af7c9e9484b52fbd4fc6c69d67c1b88dc050badf5e
                                                            • Instruction Fuzzy Hash: FD31E232901612BFDB1D9B68CC01F9EBFA4AF04750F11812AFA65BF240E771E9508BD5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01199B5C Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 57%
                                                            			E01199B5C(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed char _t18;
				signed short _t34;

				_v8 = _v8 & 0x00000000;
				_t30 = _a4;
				if(E01197303(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0) >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						if((_t18 & 0x00000010) == 0) {
							_t34 = 0x80070003;
							goto L10;
						}
						_t34 = E0119821A(_a8,  *((intOrPtr*)(_t30 + 4)), _v8, 0);
						if(_t34 >= 0) {
							goto L10;
						}
						_push("Failed to set directory search path variable.");
						goto L2;
					} else {
						_t34 = GetLastError();
						if(_t34 > 0) {
							_t34 = _t34 & 0x0000ffff | 0x80070000;
						}
						L10:
						if(_t34 == 0x80070002 || _t34 == 0x80070003) {
							_push(_t34);
							_push(_v8);
							E011CFFF0(2, "Directory search: %ls, did not find path: %ls, reason: 0x%x",  *_t30);
							_t34 = 0;
						} else {
							if(_t34 < 0) {
								_push(_v8);
								E011CFB09(_t34, "Failed while searching directory search: %ls, for path: %ls",  *_t30);
							}
						}
						goto L15;
					}
				} else {
					_push("Failed to format variable string.");
					L2:
					_push(_t34);
					E011CFB09();
					L15:
					E0119287D(_v8);
					return _t34;
				}
			}






                                                            0x01199b60
                                                            0x01199b69
                                                            0x01199b7e
                                                            0x01199b95
                                                            0x01199b9e
                                                            0x01199bb9
                                                            0x01199bd8
                                                            0x00000000
                                                            0x01199bd8
                                                            0x01199bcb
                                                            0x01199bcf
                                                            0x00000000
                                                            0x00000000
                                                            0x01199bd1
                                                            0x00000000
                                                            0x01199ba0
                                                            0x01199ba6
                                                            0x01199baa
                                                            0x01199baf
                                                            0x01199baf
                                                            0x01199bdd
                                                            0x01199be3
                                                            0x01199c06
                                                            0x01199c07
                                                            0x01199c13
                                                            0x01199c1b
                                                            0x01199bed
                                                            0x01199bef
                                                            0x01199bf1
                                                            0x01199bfc
                                                            0x01199c01
                                                            0x01199bef
                                                            0x00000000
                                                            0x01199be3
                                                            0x01199b80
                                                            0x01199b80
                                                            0x01199b85
                                                            0x01199b85
                                                            0x01199b86
                                                            0x01199c1d
                                                            0x01199c20
                                                            0x01199c2a
                                                            0x01199c2a

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 01199B75
                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,0119A880,00000100,000002C0,000002C0,00000100), ref: 01199B95
                                                            • GetLastError.KERNEL32(?,0119A880,00000100,000002C0,000002C0,00000100), ref: 01199BA0
                                                            Strings
                                                            • Failed while searching directory search: %ls, for path: %ls, xrefs: 01199BF6
                                                            • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 01199C0C
                                                            • Failed to format variable string., xrefs: 01199B80
                                                            • @Mqt, xrefs: 01199BA0
                                                            • Failed to set directory search path variable., xrefs: 01199BD1
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesErrorFileLastOpen@16
                                                            • String ID: @Mqt$Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                            • API String ID: 1811509786-1251989916
                                                            • Opcode ID: f155cd0c5a60e1b78b70ad77a66071b07fab99600640f7f97f8aa7ada36ba4b1
                                                            • Instruction ID: 58fc8ba793191eb539de5c878939c8570aeb9f6722a5c31f42670b816c200a58
                                                            • Opcode Fuzzy Hash: f155cd0c5a60e1b78b70ad77a66071b07fab99600640f7f97f8aa7ada36ba4b1
                                                            • Instruction Fuzzy Hash: A011577384012AFBDF2F1A98DD02F9DBA69AF10728F610219FC2576190D3398E50D6C2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01199D11 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 61%
                                                            			E01199D11(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed char _t18;
				signed short _t34;

				_v8 = _v8 & 0x00000000;
				_t30 = _a4;
				if(E01197303(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0) >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						if((_t18 & 0x00000010) != 0) {
							L13:
							_push(_v8);
							E011CFFF0(2, "File search: %ls, did not find path: %ls",  *_t30);
							_t34 = 0;
							goto L14;
						}
						_t34 = E0119821A(_a8,  *((intOrPtr*)(_t30 + 4)), _v8, 0);
						if(_t34 >= 0) {
							L6:
							if(_t34 == 0x80070002 || _t34 == 0x80070003) {
								goto L13;
							} else {
								if(_t34 < 0) {
									_push(_v8);
									E011CFB09(_t34, "Failed while searching file search: %ls, for path: %ls",  *_t30);
								}
								goto L14;
							}
						}
						_push("Failed to set variable to file search path.");
						goto L2;
					}
					_t34 = GetLastError();
					if(_t34 > 0) {
						_t34 = _t34 & 0x0000ffff | 0x80070000;
					}
					goto L6;
				} else {
					_push("Failed to format variable string.");
					L2:
					_push(_t34);
					E011CFB09();
					L14:
					E0119287D(_v8);
					return _t34;
				}
			}






                                                            0x01199d15
                                                            0x01199d1e
                                                            0x01199d33
                                                            0x01199d4a
                                                            0x01199d53
                                                            0x01199d95
                                                            0x01199db4
                                                            0x01199db4
                                                            0x01199dc0
                                                            0x01199dc8
                                                            0x00000000
                                                            0x01199dc8
                                                            0x01199da7
                                                            0x01199dab
                                                            0x01199d6a
                                                            0x01199d70
                                                            0x00000000
                                                            0x01199d7a
                                                            0x01199d7c
                                                            0x01199d7e
                                                            0x01199d89
                                                            0x01199d8e
                                                            0x00000000
                                                            0x01199d7c
                                                            0x01199d70
                                                            0x01199dad
                                                            0x00000000
                                                            0x01199dad
                                                            0x01199d5b
                                                            0x01199d5f
                                                            0x01199d64
                                                            0x01199d64
                                                            0x00000000
                                                            0x01199d35
                                                            0x01199d35
                                                            0x01199d3a
                                                            0x01199d3a
                                                            0x01199d3b
                                                            0x01199dca
                                                            0x01199dcd
                                                            0x01199dd7
                                                            0x01199dd7

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 01199D2A
                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,?,0119A858,00000100,000002C0,000002C0,?,000002C0,00000100), ref: 01199D4A
                                                            • GetLastError.KERNEL32(?,0119A858,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 01199D55
                                                            Strings
                                                            • File search: %ls, did not find path: %ls, xrefs: 01199DB9
                                                            • Failed to set variable to file search path., xrefs: 01199DAD
                                                            • Failed to format variable string., xrefs: 01199D35
                                                            • @Mqt, xrefs: 01199D55
                                                            • Failed while searching file search: %ls, for path: %ls, xrefs: 01199D83
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesErrorFileLastOpen@16
                                                            • String ID: @Mqt$Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
                                                            • API String ID: 1811509786-3855224779
                                                            • Opcode ID: 7c30b8f61a055880062cc1ecec7b3b0985712e5bb4d6b618082ddc53325ccc04
                                                            • Instruction ID: 28b5591911a373fa93d6579c6406f792ba4f5208fa4e734da03388196dea8299
                                                            • Opcode Fuzzy Hash: 7c30b8f61a055880062cc1ecec7b3b0985712e5bb4d6b618082ddc53325ccc04
                                                            • Instruction Fuzzy Hash: 2D112933D4012AFBDF2F6A98DC42F9DBAA9AF21628F210119FD2076190E3319E50D7C1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A68AE Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53synchronizationthreadCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 43%
                                                            			E011A68AE(void* __ecx, void* _a4) {
				long _v8;
				signed short _t16;
				signed short _t20;

				_v8 = _v8 & 0x00000000;
				if(WaitForSingleObject(_a4, 0xffffffff) == 0) {
					if(GetExitCodeThread(_a4,  &_v8) == 0) {
						_t16 = GetLastError();
						if(_t16 > 0) {
							_t16 = _t16 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t16;
						if(_t16 >= 0) {
							_t16 = 0x80004005;
							_v8 = 0x80004005;
						}
						E011938BA(_t16, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\core.cpp", 0x633, _t16);
						_push("Failed to get cache thread exit code.");
						goto L12;
					}
				} else {
					_t20 = GetLastError();
					if(_t20 > 0) {
						_t20 = _t20 & 0x0000ffff | 0x80070000;
					}
					_v8 = _t20;
					if(_t20 >= 0) {
						_t20 = 0x80004005;
						_v8 = 0x80004005;
					}
					E011938BA(_t20, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\core.cpp", 0x62e, _t20);
					_push("Failed to wait for cache thread to terminate.");
					L12:
					_push(_v8);
					E011CFB09();
				}
				return _v8;
			}






                                                            0x011a68b2
                                                            0x011a68c3
                                                            0x011a690c
                                                            0x011a690e
                                                            0x011a6916
                                                            0x011a691b
                                                            0x011a691b
                                                            0x011a6920
                                                            0x011a6925
                                                            0x011a6927
                                                            0x011a692c
                                                            0x011a692c
                                                            0x011a693a
                                                            0x011a693f
                                                            0x00000000
                                                            0x011a693f
                                                            0x011a68c5
                                                            0x011a68c5
                                                            0x011a68cd
                                                            0x011a68d2
                                                            0x011a68d2
                                                            0x011a68d7
                                                            0x011a68dc
                                                            0x011a68de
                                                            0x011a68e3
                                                            0x011a68e3
                                                            0x011a68f1
                                                            0x011a68f6
                                                            0x011a6944
                                                            0x011a6944
                                                            0x011a6947
                                                            0x011a694d
                                                            0x011a6952

                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,011A6DE9,?,?,00000000,crypt32.dll,00000000,00000001), ref: 011A68BB
                                                            • GetLastError.KERNEL32(?,011A6DE9,?,?,00000000,crypt32.dll,00000000,00000001), ref: 011A68C5
                                                            • GetExitCodeThread.KERNEL32(00000001,00000000,?,011A6DE9,?,?,00000000,crypt32.dll,00000000,00000001), ref: 011A6904
                                                            • GetLastError.KERNEL32(?,011A6DE9,?,?,00000000,crypt32.dll,00000000,00000001), ref: 011A690E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                            • String ID: @Mqt$Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$c:\agent\_work\66\s\src\burn\engine\core.cpp
                                                            • API String ID: 3686190907-1949184541
                                                            • Opcode ID: a1c4f19780bee6e759d73065aa9121f1794928336343d4e0209a7fa5cdb375ee
                                                            • Instruction ID: 95cdbbc9156b4140d0853752bb0f9259d78d364f4cf34baffc9d9f366a2f98ca
                                                            • Opcode Fuzzy Hash: a1c4f19780bee6e759d73065aa9121f1794928336343d4e0209a7fa5cdb375ee
                                                            • Instruction Fuzzy Hash: 5C11A5B4741207FFEB18DFB59D05BAA3EEDAF10614F504169B910EA150EB3ACA40D724
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C9A87 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 216COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E011C9A87(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				void* _t80;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				void* _t98;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x11fa008; // 0x295f764a
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E011CC065(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t98);
					_pop(_t103);
					_pop(_t80);
					return E011BDD1F(_t80, _v8 ^ _t105, _t95, _t98, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E011C8BF5(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E011C8397(_t81, _t85, _v12, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E011C8BF5(_t100);
									goto L36;
								}
								_t62 = E011C8397(_t81, _t87, _t100, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E011C8BF5(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E011C5D22(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E011D9650();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E011C8397(_t81, 0, _t99, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E011C5D22(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E011D9650();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}































                                                            0x011c9a8c
                                                            0x011c9a8d
                                                            0x011c9a8e
                                                            0x011c9a95
                                                            0x011c9a9a
                                                            0x011c9aa0
                                                            0x011c9aa6
                                                            0x011c9aac
                                                            0x011c9aaf
                                                            0x011c9aaf
                                                            0x011c9ab2
                                                            0x011c9ab4
                                                            0x011c9ab4
                                                            0x011c9ab2
                                                            0x011c9ab6
                                                            0x011c9abb
                                                            0x011c9ac2
                                                            0x011c9ac5
                                                            0x011c9ac5
                                                            0x011c9ae1
                                                            0x011c9ae7
                                                            0x011c9aec
                                                            0x011c9c7f
                                                            0x011c9c82
                                                            0x011c9c83
                                                            0x011c9c84
                                                            0x011c9c92
                                                            0x011c9af2
                                                            0x011c9af2
                                                            0x011c9af5
                                                            0x011c9afa
                                                            0x011c9afe
                                                            0x011c9b52
                                                            0x011c9b52
                                                            0x011c9b54
                                                            0x011c9b56
                                                            0x011c9c74
                                                            0x011c9c74
                                                            0x011c9c76
                                                            0x011c9c77
                                                            0x00000000
                                                            0x011c9c7d
                                                            0x011c9b67
                                                            0x011c9b6d
                                                            0x011c9b6f
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9b75
                                                            0x011c9b87
                                                            0x011c9b8c
                                                            0x011c9b90
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9b9d
                                                            0x011c9bd7
                                                            0x011c9bda
                                                            0x011c9bdd
                                                            0x011c9bdf
                                                            0x011c9be1
                                                            0x011c9be3
                                                            0x011c9c2f
                                                            0x011c9c2f
                                                            0x011c9c31
                                                            0x011c9c31
                                                            0x011c9c33
                                                            0x011c9c6d
                                                            0x011c9c6e
                                                            0x00000000
                                                            0x011c9c73
                                                            0x011c9c47
                                                            0x011c9c4c
                                                            0x011c9c4e
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9c52
                                                            0x011c9c53
                                                            0x011c9c54
                                                            0x011c9c57
                                                            0x011c9c93
                                                            0x011c9c96
                                                            0x011c9c59
                                                            0x011c9c59
                                                            0x011c9c5a
                                                            0x011c9c5a
                                                            0x011c9c67
                                                            0x011c9c69
                                                            0x011c9c6b
                                                            0x011c9c9c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9c6b
                                                            0x011c9be5
                                                            0x011c9be8
                                                            0x011c9bea
                                                            0x011c9bec
                                                            0x011c9bee
                                                            0x011c9bf1
                                                            0x011c9bf6
                                                            0x011c9c11
                                                            0x011c9c13
                                                            0x011c9c1d
                                                            0x011c9c1f
                                                            0x011c9c20
                                                            0x011c9c22
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9c24
                                                            0x011c9c2a
                                                            0x011c9c2a
                                                            0x00000000
                                                            0x011c9c2a
                                                            0x011c9bf8
                                                            0x011c9bfa
                                                            0x011c9bfe
                                                            0x011c9c03
                                                            0x011c9c05
                                                            0x011c9c07
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9c09
                                                            0x00000000
                                                            0x011c9c09
                                                            0x011c9b9f
                                                            0x011c9ba4
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9baa
                                                            0x011c9bac
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9bc3
                                                            0x011c9bc8
                                                            0x011c9bcc
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9bd2
                                                            0x011c9b05
                                                            0x011c9b07
                                                            0x011c9b09
                                                            0x011c9b11
                                                            0x011c9b30
                                                            0x011c9b32
                                                            0x011c9b3c
                                                            0x011c9b3e
                                                            0x011c9b3f
                                                            0x011c9b41
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9b47
                                                            0x011c9b4d
                                                            0x011c9b4d
                                                            0x00000000
                                                            0x011c9b4d
                                                            0x011c9b15
                                                            0x011c9b19
                                                            0x011c9b1e
                                                            0x011c9b22
                                                            0x00000000
                                                            0x00000000
                                                            0x011c9b28
                                                            0x00000000
                                                            0x011c9b28

                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,011C2C74,011C2C74,?,?,?,011C9CD8,00000001,00000001,BCE85006), ref: 011C9AE1
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,011C9CD8,00000001,00000001,BCE85006,?,?,?), ref: 011C9B67
                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,BCE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 011C9C61
                                                            • __freea.LIBCMT ref: 011C9C6E
                                                              • Part of subcall function 011C5D22: RtlAllocateHeap.NTDLL(00000000,?,?,?,011C1782,?,0000015D,?,?,?,?,011C2BDB,000000FF,00000000,?,?), ref: 011C5D54
                                                            • __freea.LIBCMT ref: 011C9C77
                                                            • __freea.LIBCMT ref: 011C9C9C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                            • String ID: Jv_)
                                                            • API String ID: 1414292761-4194347600
                                                            • Opcode ID: eabfcf3642e37abc06ee59525a22d07465b4645c0c665117f6d4b287e0211035
                                                            • Instruction ID: 19db6aed03ed3ceef2c8205c1beeb6d13fbd22a71a8afbf0a31044baae51f7fe
                                                            • Opcode Fuzzy Hash: eabfcf3642e37abc06ee59525a22d07465b4645c0c665117f6d4b287e0211035
                                                            • Instruction Fuzzy Hash: 6951C37260061AABEB2D8E68DC81EAF7BAAEF60F58F15462CFD15D6140DB34DC40C694
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D7C88 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 157COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 92%
                                                            			E011D7C88(void* __ecx, void* __eflags, signed int _a4, intOrPtr* _a8) {
				short* _v8;
				void* __ebx;
				void* __edi;
				signed int _t44;
				signed int _t50;
				short* _t51;
				signed int _t53;
				signed int _t62;
				short* _t65;
				short** _t73;
				signed int _t76;
				short* _t81;
				intOrPtr* _t84;

				_t81 = 0;
				_t84 = E011939DF(0x10, 1);
				_t73 =  *(_a4 + 0x44);
				while(_t73 != 0) {
					if(CompareStringW(0x7f, 0,  *_t73, 0xffffffff, L"http://appsyndication.org/2006/appsyn", 0xffffffff) != 2 || CompareStringW(0x7f, 0, _t73[1], 0xffffffff, L"application", 0xffffffff) != 2) {
						L9:
						_t73 = _t73[4];
						continue;
					} else {
						_t81 = E0119229E(_t84, _t73[2], 0);
						if(_t81 < 0) {
							L30:
							if(_t84 != 0) {
								E011D7E3A(_t73, _t81, _t84);
							}
							return _t81;
						}
						_t65 = _t73[3];
						while(1) {
							_v8 = _t65;
							if(_t65 == 0) {
								goto L9;
							}
							_t6 =  &(_t65[2]); // 0x700079
							if(CompareStringW(0x7f, 0,  *_t6, 0xffffffff, L"type", 0xffffffff) != 2) {
								L7:
								_t65 = _v8[6];
								continue;
							}
							_t9 = _t84 + 4; // 0x4
							_t81 = E0119229E(_t9, _v8[4], 0);
							if(_t81 < 0) {
								goto L30;
							}
							goto L7;
						}
						goto L9;
					}
				}
				_t73 = _a4;
				_t76 = _t73[0xc];
				if(_t76 == 0) {
					L23:
					_t44 =  *(_t84 + 8);
					if(_t44 == _t76) {
						L29:
						 *_a8 = _t84;
						_t84 = 0;
						goto L30;
					}
					if(_t44 == 0) {
						if( *(_t84 + 0xc) != 0) {
							E01193AA4( *(_t84 + 0xc));
							 *(_t84 + 0xc) =  *(_t84 + 0xc) & 0x00000000;
						}
						goto L29;
					}
					_t50 = E01193B7C( *(_t84 + 0xc), _t44 << 6, 0);
					 *(_t84 + 0xc) = _t50;
					if(_t50 != 0) {
						goto L29;
					}
					_t51 = 0x8007000e;
					_push(0x8007000e);
					_push(0x6c);
					L14:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\apuputil.cpp");
					_t81 = _t51;
					E011938BA(_t51);
					goto L30;
				}
				_t53 = E011939DF(_t76 << 6, 1);
				 *(_t84 + 0xc) = _t53;
				if(_t53 != 0) {
					_a4 = _a4 & 0x00000000;
					if(_t73[0xc] <= 0) {
						L22:
						E011D9AA0(_t53,  *(_t84 + 8), 0x40, 0x11d7615, 0);
						_t76 = _t73[0xc];
						goto L23;
					}
					_t78 = 0;
					_v8 = 0;
					while(1) {
						_t81 = E011D78F7(_t73[0xd] + _t78,  *_t84, ( *(_t84 + 8) << 6) +  *(_t84 + 0xc));
						if(_t81 < 0) {
							goto L30;
						}
						if(_t81 != 1) {
							 *(_t84 + 8) =  *(_t84 + 8) + 1;
						}
						_t62 = _a4 + 1;
						_t78 =  &(_v8[0x20]);
						_a4 = _t62;
						_v8 =  &(_v8[0x20]);
						if(_t62 < _t73[0xc]) {
							continue;
						} else {
							_t53 =  *(_t84 + 0xc);
							goto L22;
						}
					}
					goto L30;
				}
				_t51 = 0x8007000e;
				_push(0x8007000e);
				_push(0x54);
				goto L14;
			}
















                                                            0x011d7c93
                                                            0x011d7c9d
                                                            0x011d7c9f
                                                            0x011d7d3c
                                                            0x011d7cbf
                                                            0x011d7d39
                                                            0x011d7d39
                                                            0x00000000
                                                            0x011d7cdc
                                                            0x011d7ce7
                                                            0x011d7ceb
                                                            0x011d7e27
                                                            0x011d7e29
                                                            0x011d7e2c
                                                            0x011d7e2c
                                                            0x011d7e37
                                                            0x011d7e37
                                                            0x011d7cf1
                                                            0x011d7d32
                                                            0x011d7d32
                                                            0x011d7d37
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7cff
                                                            0x011d7d0f
                                                            0x011d7d2c
                                                            0x011d7d2f
                                                            0x00000000
                                                            0x011d7d2f
                                                            0x011d7d19
                                                            0x011d7d22
                                                            0x011d7d26
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7d26
                                                            0x00000000
                                                            0x011d7d32
                                                            0x011d7cbf
                                                            0x011d7d44
                                                            0x011d7d47
                                                            0x011d7d4c
                                                            0x011d7de1
                                                            0x011d7de1
                                                            0x011d7de6
                                                            0x011d7e20
                                                            0x011d7e23
                                                            0x011d7e25
                                                            0x00000000
                                                            0x011d7e25
                                                            0x011d7dea
                                                            0x011d7e12
                                                            0x011d7e17
                                                            0x011d7e1c
                                                            0x011d7e1c
                                                            0x00000000
                                                            0x011d7e12
                                                            0x011d7df5
                                                            0x011d7dfa
                                                            0x011d7dff
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7e01
                                                            0x011d7e06
                                                            0x011d7e07
                                                            0x011d7d6c
                                                            0x011d7d6c
                                                            0x011d7d71
                                                            0x011d7d73
                                                            0x00000000
                                                            0x011d7d73
                                                            0x011d7d58
                                                            0x011d7d5d
                                                            0x011d7d62
                                                            0x011d7d7d
                                                            0x011d7d85
                                                            0x011d7dc9
                                                            0x011d7dd6
                                                            0x011d7ddb
                                                            0x00000000
                                                            0x011d7dde
                                                            0x011d7d87
                                                            0x011d7d89
                                                            0x011d7d8c
                                                            0x011d7da3
                                                            0x011d7da7
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7dac
                                                            0x011d7dae
                                                            0x011d7dae
                                                            0x011d7db7
                                                            0x011d7db8
                                                            0x011d7dbb
                                                            0x011d7dbe
                                                            0x011d7dc4
                                                            0x00000000
                                                            0x011d7dc6
                                                            0x011d7dc6
                                                            0x00000000
                                                            0x011d7dc6
                                                            0x011d7dc4
                                                            0x00000000
                                                            0x011d7d8c
                                                            0x011d7d64
                                                            0x011d7d69
                                                            0x011d7d6a
                                                            0x00000000

                                                            APIs
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000410,?,?,011B8D9E,000002C0,00000100), ref: 011D7CB6
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,011B8D9E,000002C0,00000100,000002C0,000002C0,00000100,000002C0,00000410), ref: 011D7CD1
                                                            Strings
                                                            • application, xrefs: 011D7CC3
                                                            • type, xrefs: 011D7CF8
                                                            • http://appsyndication.org/2006/appsyn, xrefs: 011D7CA9
                                                            • c:\agent\_work\66\s\src\libs\dutil\apuputil.cpp, xrefs: 011D7D6C
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareHeapString$AllocateProcess
                                                            • String ID: application$c:\agent\_work\66\s\src\libs\dutil\apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                            • API String ID: 2664528157-536847345
                                                            • Opcode ID: 7f6464b29c83d05a9d26d00aad40b89637692e0293f70dc9e3c9e7140db405cc
                                                            • Instruction ID: 7745c4bdc96a7737b8c5da6467228e5442668af8120e2ec98ec92845b1cdbd52
                                                            • Opcode Fuzzy Hash: 7f6464b29c83d05a9d26d00aad40b89637692e0293f70dc9e3c9e7140db405cc
                                                            • Instruction Fuzzy Hash: 2251B431600712AFEB299F58CC85F6A7BA5EF00768F208518FA29EB2D5D774E940CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A0539 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 132registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 70%
                                                            			E011A0539(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _t65;
				void* _t72;
				void* _t74;
				intOrPtr* _t75;
				void* _t77;
				void* _t78;

				_t72 = __edx;
				_t68 = __ecx;
				_t75 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_push(E011A3D0C( *((intOrPtr*)(_t75 + 8))));
				_push(E011A4391(_a16));
				_push(E011A43C4(_a12));
				E0119563D(2, 0x20000174,  *((intOrPtr*)(_t75 + 0x50)));
				_t78 = _t77 + 0x18;
				if(_a16 != 0) {
					_t65 = E01192022( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_t75 + 0x50)));
					_t78 = _t78 + 0xc;
					if(_t65 < 0) {
						L3:
						_push("Failed to write volatile reboot required registry key.");
						E011CFB09();
						_t68 = _t65;
					} else {
						_t65 = E011D04A5(__ecx,  *((intOrPtr*)(_t75 + 0x4c)), _v16, 0x20006, 1, 0,  &_v12, 0);
						if(_t65 < 0) {
							goto L3;
						}
					}
				}
				if(_a12 != 0) {
					_t74 = E011D0823( *((intOrPtr*)(_t75 + 0x4c)),  *((intOrPtr*)(_t75 + 0x50)), 0x20006,  &_v8);
					__eflags = _t74;
					if(_t74 >= 0) {
						goto L14;
					} else {
						_push("Failed to open registration key.");
						goto L16;
					}
				} else {
					if(_a20 == 1 || _a20 == 2) {
						E011B839A(_t68, _t75);
					}
					if( *((intOrPtr*)(_t75 + 0x9c)) != 0) {
						E0119EFB7(_t68, _t75);
					}
					_t19 = _t75 + 0x94; // 0x95
					E0119EECF(_a8, _t19);
					_t74 = E011D0517(_t68,  *((intOrPtr*)(_t75 + 0x4c)),  *((intOrPtr*)(_t75 + 0x50)), 0, 0);
					if(_t74 == 0x80070002 || _t74 >= 0) {
						E011AA751(_t68, _t72,  *_t75,  *((intOrPtr*)(_t75 + 0x10)));
						L14:
						__eflags = _a16 - 2;
						_t74 = E0119F1BA(_a16 - 2, _t75, _v8, _a12, 0 | _a16 == 0x00000002);
						__eflags = _t74;
						if(_t74 < 0) {
							_push("Failed to update resume mode.");
							L16:
							_push(_t74);
							E011CFB09();
						}
					} else {
						E011CFB09(_t74, "Failed to delete registration key: %ls",  *((intOrPtr*)(_t75 + 0x50)));
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = _v12 & 0x00000000;
				}
				if(_v16 != 0) {
					E01192762(_v16);
				}
				return _t74;
			}












                                                            0x011a0539
                                                            0x011a0539
                                                            0x011a0540
                                                            0x011a0546
                                                            0x011a054c
                                                            0x011a054f
                                                            0x011a0557
                                                            0x011a0560
                                                            0x011a0569
                                                            0x011a0574
                                                            0x011a0579
                                                            0x011a057f
                                                            0x011a058d
                                                            0x011a0592
                                                            0x011a0597
                                                            0x011a05b5
                                                            0x011a05b5
                                                            0x011a05bb
                                                            0x011a05c1
                                                            0x011a0599
                                                            0x011a05ac
                                                            0x011a05b3
                                                            0x00000000
                                                            0x00000000
                                                            0x011a05b3
                                                            0x011a0597
                                                            0x011a05c5
                                                            0x011a06a9
                                                            0x011a06ab
                                                            0x011a06ad
                                                            0x00000000
                                                            0x011a06af
                                                            0x011a06af
                                                            0x00000000
                                                            0x011a06af
                                                            0x011a05cb
                                                            0x011a05cf
                                                            0x011a05d8
                                                            0x011a05d8
                                                            0x011a05e3
                                                            0x011a05e6
                                                            0x011a05e6
                                                            0x011a05eb
                                                            0x011a05f5
                                                            0x011a0607
                                                            0x011a060f
                                                            0x011a062d
                                                            0x011a0632
                                                            0x011a0634
                                                            0x011a0648
                                                            0x011a064a
                                                            0x011a064c
                                                            0x011a064e
                                                            0x011a0653
                                                            0x011a0653
                                                            0x011a0654
                                                            0x011a065a
                                                            0x011a0615
                                                            0x011a061e
                                                            0x011a0623
                                                            0x011a060f
                                                            0x011a0665
                                                            0x011a066a
                                                            0x011a066c
                                                            0x011a066c
                                                            0x011a0674
                                                            0x011a0679
                                                            0x011a067b
                                                            0x011a067b
                                                            0x011a0683
                                                            0x011a0688
                                                            0x011a0688
                                                            0x011a0692

                                                            APIs
                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,00000001,00000000,?), ref: 011A066A
                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,00000001,00000000,?), ref: 011A0679
                                                              • Part of subcall function 011D04A5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,011A05B1,?,00000000,00020006), ref: 011D04CA
                                                            Strings
                                                            • Failed to open registration key., xrefs: 011A06AF
                                                            • %ls.RebootRequired, xrefs: 011A0587
                                                            • Failed to delete registration key: %ls, xrefs: 011A0618
                                                            • Failed to write volatile reboot required registry key., xrefs: 011A05B5
                                                            • Failed to update resume mode., xrefs: 011A064E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Close$Create
                                                            • String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.
                                                            • API String ID: 359002179-2517785395
                                                            • Opcode ID: aa5cb8d58ddd1ce2a563f36f54345a8f5d3ded585d6744e0ffb77b0de1a9df2c
                                                            • Instruction ID: cff7e1794df306bc340199eb610e11997c5560b9c057741a59574577c4d61bf5
                                                            • Opcode Fuzzy Hash: aa5cb8d58ddd1ce2a563f36f54345a8f5d3ded585d6744e0ffb77b0de1a9df2c
                                                            • Instruction Fuzzy Hash: 5A41E339900706FFDF2AAFA4DC05FAF7FBAAF98218F604019F54562010E771AA50DB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CFBC6 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 63%
                                                            			E011CFBC6(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				short _v528;
				short _v1048;
				char _v1052;
				struct HINSTANCE__* _v1056;
				struct HINSTANCE__* _v1060;
				long _v1064;
				signed int _t25;
				long _t29;
				intOrPtr _t46;
				intOrPtr _t47;
				void* _t52;
				void* _t53;
				void* _t54;
				char* _t56;
				void* _t61;
				unsigned int _t62;
				unsigned int _t64;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t72;
				intOrPtr _t74;
				void* _t75;
				signed int _t76;
				void* _t77;

				_t68 = __edx;
				_t25 =  *0x11fa008; // 0x295f764a
				_v8 = _t25 ^ _t76;
				_push(__ebx);
				_push(__esi);
				_t74 =  *0x11fa77c; // 0x11f5ac8
				_push(__edi);
				_v1064 = 0x104;
				_v1060 = 0;
				_v1056 = 0;
				_v1052 = 0;
				_t29 = GetModuleFileNameW(0,  &_v528, 0x104);
				_t70 = 0x208;
				if(_t29 == 0) {
					E011BF600(0x208,  &_v528, 0, 0x208);
					_t77 = _t77 + 0xc;
				}
				if(E011D4289( &_v528,  &_v1060,  &_v1056) < 0) {
					_v1060 = 0;
					_v1056 = 0;
				}
				if(GetComputerNameW( &_v1048,  &_v1064) != 0) {
					L7:
					E011D7E99(_t70, _t83,  &_v1052, 0);
					_push(_v1052);
					_push("=== Logging started: %ls ===");
					_t71 = 2;
					_push(_t71);
					E011CFFF0();
					_t62 = _v1056;
					_push(_t62 & 0x0000ffff);
					_push(_t62 >> 0x10);
					_t64 = _v1060;
					_push(_t64 & 0x0000ffff);
					_push(_t64 >> 0x10);
					E011CFFF0(_t71, "Executable: %ls v%d.%d.%d.%d",  &_v528);
					E011CFFF0(_t71, "Computer  : %ls",  &_v1048);
					_t46 =  *0x11fa778; // 0x3
					_t47 = _t46;
					if(_t47 == 0) {
						_t74 =  *0x11fa790; // 0x11f5af4
					} else {
						_t52 = _t47 - 1;
						if(_t52 == 0) {
							_t74 =  *0x11fa780; // 0x11f5ad0
						} else {
							_t53 = _t52 - 1;
							if(_t53 == 0) {
								_t74 =  *0x11fa784; // 0x11f5ad8
							} else {
								_t54 = _t53 - 1;
								if(_t54 == 0) {
									_t74 =  *0x11fa788; // 0x11f5ae4
								} else {
									if(_t54 == 1) {
										_t74 =  *0x11fa78c; // 0x11f5aec
									}
								}
							}
						}
					}
					E011CFFF0(_t71, "--- logging level: %hs ---", _t74);
					_pop(_t72);
					_pop(_t75);
					_pop(_t61);
					if(_v1052 != 0) {
						E01192762(_v1052);
					}
					return E011BDD1F(_t61, _v8 ^ _t76, _t68, _t72, _t75);
				} else {
					_t56 =  &_v1048;
					do {
						 *_t56 = 0;
						_t56 = _t56 + 1;
						_t70 = _t70 - 1;
						_t83 = _t70;
					} while (_t70 != 0);
					goto L7;
				}
			}





























                                                            0x011cfbc6
                                                            0x011cfbcf
                                                            0x011cfbd6
                                                            0x011cfbd9
                                                            0x011cfbda
                                                            0x011cfbdb
                                                            0x011cfbe6
                                                            0x011cfbe8
                                                            0x011cfbf6
                                                            0x011cfbfe
                                                            0x011cfc04
                                                            0x011cfc0a
                                                            0x011cfc10
                                                            0x011cfc17
                                                            0x011cfc22
                                                            0x011cfc27
                                                            0x011cfc27
                                                            0x011cfc46
                                                            0x011cfc48
                                                            0x011cfc4e
                                                            0x011cfc4e
                                                            0x011cfc6a
                                                            0x011cfc7a
                                                            0x011cfc82
                                                            0x011cfc87
                                                            0x011cfc8d
                                                            0x011cfc94
                                                            0x011cfc95
                                                            0x011cfc96
                                                            0x011cfc9b
                                                            0x011cfca4
                                                            0x011cfca8
                                                            0x011cfca9
                                                            0x011cfcb2
                                                            0x011cfcbc
                                                            0x011cfcc4
                                                            0x011cfcd6
                                                            0x011cfcdb
                                                            0x011cfce3
                                                            0x011cfce5
                                                            0x011cfd1b
                                                            0x011cfce7
                                                            0x011cfce7
                                                            0x011cfcea
                                                            0x011cfd13
                                                            0x011cfcec
                                                            0x011cfcec
                                                            0x011cfcef
                                                            0x011cfd0b
                                                            0x011cfcf1
                                                            0x011cfcf1
                                                            0x011cfcf4
                                                            0x011cfd03
                                                            0x011cfcf6
                                                            0x011cfcf9
                                                            0x011cfcfb
                                                            0x011cfcfb
                                                            0x011cfcf9
                                                            0x011cfcf4
                                                            0x011cfcef
                                                            0x011cfcea
                                                            0x011cfd28
                                                            0x011cfd37
                                                            0x011cfd38
                                                            0x011cfd39
                                                            0x011cfd3a
                                                            0x011cfd42
                                                            0x011cfd42
                                                            0x011cfd54
                                                            0x011cfc6c
                                                            0x011cfc6c
                                                            0x011cfc72
                                                            0x011cfc72
                                                            0x011cfc74
                                                            0x011cfc75
                                                            0x011cfc75
                                                            0x011cfc75
                                                            0x00000000
                                                            0x011cfc72

                                                            APIs
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 011CFC0A
                                                            • GetComputerNameW.KERNEL32 ref: 011CFC62
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Name$ComputerFileModule
                                                            • String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d$Jv_)
                                                            • API String ID: 2577110986-2080530996
                                                            • Opcode ID: 5a2bd501909d19f2e51217e26dec35297b01543135c3288bdde7222038f60846
                                                            • Instruction ID: 0a408a2b004e48163c1d099be7520347938a2dd14c3471a65a57057b9c4bc24b
                                                            • Opcode Fuzzy Hash: 5a2bd501909d19f2e51217e26dec35297b01543135c3288bdde7222038f60846
                                                            • Instruction Fuzzy Hash: 2A4199F290011D5BCB29DF64DC44EEE77BDEB54604F0141BDEA19A3101D7349E858FA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119F7B4 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 72%
                                                            			E0119F7B4(intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				void* _t46;
				void* _t48;
				void* _t50;
				intOrPtr* _t53;
				void* _t58;
				void* _t65;
				void* _t66;

				_t61 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				if(E01192022( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_a4 + 0x50))) >= 0) {
					if(E011D0823( *((intOrPtr*)(_t61 + 0x4c)), _v16, 1,  &_v12) < 0) {
						_t65 = E011D0823( *((intOrPtr*)(_t61 + 0x4c)),  *((intOrPtr*)(_t61 + 0x50)), 1,  &_v8);
						if(_t65 == 0x80070002 || _t65 == 0x80070003) {
							 *_a8 = 0;
							goto L23;
						} else {
							if(_t65 >= 0) {
								_t66 = E011D08D7(_t58, _v8, L"Resume",  &_v20);
								if(_t66 != 0x80070002) {
									if(_t66 >= 0) {
										_t46 = _v20 - 1;
										if(_t46 == 0) {
											 *_a8 = 2;
										} else {
											_t48 = _t46 - 1;
											if(_t48 == 0) {
												 *_a8 = 5;
											} else {
												_t50 = _t48 - 1;
												if(_t50 == 0) {
													 *_a8 = 6;
												} else {
													_t53 = _a8;
													if(_t50 == 1) {
														 *_t53 = 4;
													} else {
														 *_t53 = 1;
													}
												}
											}
										}
										goto L24;
									}
									_push("Failed to read Resume value.");
									goto L2;
								}
								 *_a8 = 1;
								goto L23;
							} else {
								_push("Failed to open registration key.");
								goto L2;
							}
						}
					} else {
						 *_a8 = 3;
						L23:
						_t66 = 0;
						goto L24;
					}
				} else {
					_push("Failed to format pending restart registry key to read.");
					L2:
					_push(_t66);
					E011CFB09();
					L24:
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v16 != 0) {
						E01192762(_v16);
					}
					return _t66;
				}
			}














                                                            0x0119f7bd
                                                            0x0119f7c5
                                                            0x0119f7c8
                                                            0x0119f7ce
                                                            0x0119f7d7
                                                            0x0119f7e6
                                                            0x0119f80d
                                                            0x0119f82e
                                                            0x0119f837
                                                            0x0119f8d2
                                                            0x00000000
                                                            0x0119f849
                                                            0x0119f84b
                                                            0x0119f865
                                                            0x0119f869
                                                            0x0119f878
                                                            0x0119f887
                                                            0x0119f88a
                                                            0x0119f8c7
                                                            0x0119f88c
                                                            0x0119f88c
                                                            0x0119f88f
                                                            0x0119f8bc
                                                            0x0119f891
                                                            0x0119f891
                                                            0x0119f894
                                                            0x0119f8b1
                                                            0x0119f896
                                                            0x0119f899
                                                            0x0119f89c
                                                            0x0119f8a6
                                                            0x0119f89e
                                                            0x0119f89e
                                                            0x0119f89e
                                                            0x0119f89c
                                                            0x0119f894
                                                            0x0119f88f
                                                            0x00000000
                                                            0x0119f88a
                                                            0x0119f87a
                                                            0x00000000
                                                            0x0119f87a
                                                            0x0119f86e
                                                            0x00000000
                                                            0x0119f84d
                                                            0x0119f84d
                                                            0x00000000
                                                            0x0119f84d
                                                            0x0119f84b
                                                            0x0119f80f
                                                            0x0119f812
                                                            0x0119f8d4
                                                            0x0119f8d4
                                                            0x00000000
                                                            0x0119f8d4
                                                            0x0119f7e8
                                                            0x0119f7e8
                                                            0x0119f7ed
                                                            0x0119f7ed
                                                            0x0119f7ee
                                                            0x0119f8d6
                                                            0x0119f8df
                                                            0x0119f8e4
                                                            0x0119f8e6
                                                            0x0119f8e6
                                                            0x0119f8ec
                                                            0x0119f8f1
                                                            0x0119f8f3
                                                            0x0119f8f3
                                                            0x0119f8f9
                                                            0x0119f8fe
                                                            0x0119f8fe
                                                            0x0119f909
                                                            0x0119f909

                                                            APIs
                                                            • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0119F8E4
                                                            • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0119F8F1
                                                            Strings
                                                            • Failed to open registration key., xrefs: 0119F84D
                                                            • %ls.RebootRequired, xrefs: 0119F7D1
                                                            • Failed to read Resume value., xrefs: 0119F87A
                                                            • Resume, xrefs: 0119F858
                                                            • Failed to format pending restart registry key to read., xrefs: 0119F7E8
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                            • API String ID: 3535843008-3890505273
                                                            • Opcode ID: a25d507667984167510b6eb73cea011f77c6b97a0684fbfc99534fbc0d5f90d5
                                                            • Instruction ID: 852d6c805ec493a86a80b5f5b97642e74a6fcdb8429565df95d3616e2ab84a39
                                                            • Opcode Fuzzy Hash: a25d507667984167510b6eb73cea011f77c6b97a0684fbfc99534fbc0d5f90d5
                                                            • Instruction Fuzzy Hash: F1415E71D0012AFFDF5D9F98C980AADBFB4FF04314F158166E924EB250D3B1AA428B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B3727 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 69%
                                                            			E011B3727(void* __ebx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t55;
				intOrPtr* _t60;
				char _t62;
				void* _t63;

				_t62 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				if(_a8 > 0) {
					_t60 = _a4 + 4;
					do {
						if(_a24 == 0) {
							if(_a16 == 0) {
								L9:
								_t36 =  *_t60;
							} else {
								_t36 =  *((intOrPtr*)(_t60 + 4));
								if( *((intOrPtr*)(_t60 + 4)) == 0) {
									goto L9;
								}
							}
							_t62 = E01197303(_a12, _t36,  &_v8, 0);
							if(_t62 < 0) {
								goto L20;
							} else {
								goto L11;
							}
						} else {
							if(_a16 == 0) {
								L5:
								_t44 =  *_t60;
							} else {
								_t44 =  *((intOrPtr*)(_t60 + 4));
								if( *((intOrPtr*)(_t60 + 4)) == 0) {
									goto L5;
								}
							}
							_t62 = E0119731D(_a12, _t44,  &_v8, 0);
							L11:
							if(_t62 < 0) {
								L20:
								_push("Failed to format property value.");
								goto L21;
							} else {
								_t49 = 0 | _a24 == 0x00000000;
								_t62 = E011B2FD0(_v8,  &_v12, _a24 == 0);
								if(_t62 < 0) {
									_push("Failed to escape string.");
									goto L21;
								} else {
									_push(_v12);
									_t62 = E01198378(_t49,  &_v16, L" %s%=\"%s\"",  *((intOrPtr*)(_t60 - 4)));
									_t63 = _t63 + 0x14;
									if(_t62 < 0) {
										_push("Failed to format property string part.");
										goto L21;
									} else {
										_t62 = E01198356(_t49, _a20, _v16, 0);
										if(_t62 < 0) {
											_push("Failed to append property string part.");
											L21:
											_push(_t62);
											E011CFB09();
										} else {
											goto L15;
										}
									}
								}
							}
						}
						L22:
						goto L23;
						L15:
						_t60 = _t60 + 0xc;
						_t55 = _v20 + 1;
						_push(0);
						_v20 = _t55;
						_pop(0);
					} while (_t55 < _a8);
					goto L22;
				}
				L23:
				E0119287D(_v8);
				E0119287D(_v12);
				E0119287D(_v16);
				return _t62;
			}











                                                            0x011b3730
                                                            0x011b3732
                                                            0x011b3735
                                                            0x011b3738
                                                            0x011b373b
                                                            0x011b3741
                                                            0x011b374b
                                                            0x011b374f
                                                            0x011b3753
                                                            0x011b377a
                                                            0x011b3783
                                                            0x011b3783
                                                            0x011b377c
                                                            0x011b377c
                                                            0x011b3781
                                                            0x00000000
                                                            0x00000000
                                                            0x011b3781
                                                            0x011b3793
                                                            0x011b3797
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011b3755
                                                            0x011b3759
                                                            0x011b3762
                                                            0x011b3762
                                                            0x011b375b
                                                            0x011b375b
                                                            0x011b3760
                                                            0x00000000
                                                            0x00000000
                                                            0x011b3760
                                                            0x011b3772
                                                            0x011b3799
                                                            0x011b379b
                                                            0x011b3817
                                                            0x011b3817
                                                            0x00000000
                                                            0x011b379d
                                                            0x011b37a5
                                                            0x011b37b2
                                                            0x011b37b6
                                                            0x011b3810
                                                            0x00000000
                                                            0x011b37b8
                                                            0x011b37b8
                                                            0x011b37cd
                                                            0x011b37cf
                                                            0x011b37d4
                                                            0x011b3809
                                                            0x00000000
                                                            0x011b37d6
                                                            0x011b37e4
                                                            0x011b37e8
                                                            0x011b3802
                                                            0x011b381c
                                                            0x011b381c
                                                            0x011b381d
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011b37e8
                                                            0x011b37d4
                                                            0x011b37b6
                                                            0x011b379b
                                                            0x011b3824
                                                            0x00000000
                                                            0x011b37ea
                                                            0x011b37ed
                                                            0x011b37f0
                                                            0x011b37f4
                                                            0x011b37f6
                                                            0x011b37f9
                                                            0x011b37f9
                                                            0x00000000
                                                            0x011b3800
                                                            0x011b3826
                                                            0x011b3829
                                                            0x011b3831
                                                            0x011b3839
                                                            0x011b3842

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 011B378E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Open@16
                                                            • String ID: %s%="%s"$Failed to append property string part.$Failed to escape string.$Failed to format property string part.$Failed to format property value.$feclient.dll
                                                            • API String ID: 3613110473-656185529
                                                            • Opcode ID: 2c97220bb452a18fc5e303cbc0f25b519c6c988325a2ccb345c3b6c056e33fb8
                                                            • Instruction ID: 8b66c11c3afd3e55998fab5a5395d5483245b81e34b7da62f809103dc5242072
                                                            • Opcode Fuzzy Hash: 2c97220bb452a18fc5e303cbc0f25b519c6c988325a2ccb345c3b6c056e33fb8
                                                            • Instruction Fuzzy Hash: C531A171D1461ABBDF1D9E99CC81EDEBBB8BF04714F104229F92166250E770EE20CB96
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BD016 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 50%
                                                            			E011BD016(char _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				char _v28;
				void* _t48;
				signed int _t60;
				char _t69;
				void* _t71;

				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t69 = _a4;
				WaitForSingleObject( *(_t69 + 0xc), 0xffffffff);
				ReleaseMutex( *(_t69 + 0xc));
				_v16 = _v16 & 0x00000000;
				_push(_a12);
				_v28 = 2;
				_v24 = 1;
				_v20 = (( *( *((intOrPtr*)(_t69 + 0x10)) + 0x218) & 0x000000ff) + ( *( *((intOrPtr*)(_t69 + 0x10)) + 0x218) & 0x000000ff) >> 1) * 0x64 / 0xff;
				_push( &_v28);
				if(_a8() == 2) {
					WaitForSingleObject( *(_t69 + 0xc), 0xffffffff);
					 *((char*)( *((intOrPtr*)(_t69 + 0x10)) + 2)) = 1;
					 *((char*)( *((intOrPtr*)(_t69 + 0x10)) + 3)) = 1;
					ReleaseMutex( *(_t69 + 0xc));
					SetEvent( *(_t69 + 8));
				}
				_t48 = E011BCE8D(_t69,  &_v12,  &_v8,  &_a4);
				_t60 = _v8;
				_t71 = _t48;
				if(_t71 >= 0) {
					__eflags = _v12 - 0x1070001;
					if(__eflags == 0) {
						_t71 = E011BCF33(__eflags, _t69, _t60, _a8, _a12);
						__eflags = _t71;
						if(_t71 < 0) {
							_push("Failed to send files in use message from netfx chainer.");
							goto L7;
						}
					}
				} else {
					_push("Failed to get message from netfx chainer.");
					L7:
					_push(_t71);
					E011CFB09();
				}
				if(_t60 != 0) {
					E01193AA4(_t60);
				}
				return _t71;
			}













                                                            0x011bd01c
                                                            0x011bd020
                                                            0x011bd02d
                                                            0x011bd035
                                                            0x011bd049
                                                            0x011bd059
                                                            0x011bd067
                                                            0x011bd06a
                                                            0x011bd071
                                                            0x011bd07a
                                                            0x011bd080
                                                            0x011bd087
                                                            0x011bd08e
                                                            0x011bd093
                                                            0x011bd09a
                                                            0x011bd0a1
                                                            0x011bd0aa
                                                            0x011bd0aa
                                                            0x011bd0bd
                                                            0x011bd0c2
                                                            0x011bd0c5
                                                            0x011bd0c9
                                                            0x011bd0d2
                                                            0x011bd0d9
                                                            0x011bd0e8
                                                            0x011bd0ea
                                                            0x011bd0ec
                                                            0x011bd0ee
                                                            0x00000000
                                                            0x011bd0ee
                                                            0x011bd0ec
                                                            0x011bd0cb
                                                            0x011bd0cb
                                                            0x011bd0f3
                                                            0x011bd0f3
                                                            0x011bd0f4
                                                            0x011bd0fa
                                                            0x011bd0fd
                                                            0x011bd100
                                                            0x011bd100
                                                            0x011bd10b

                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,000000FF,7476F730,00000000,?,?,?,011BD312,?), ref: 011BD035
                                                            • ReleaseMutex.KERNEL32(?,?,?,011BD312,?), ref: 011BD049
                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 011BD08E
                                                            • ReleaseMutex.KERNEL32(?), ref: 011BD0A1
                                                            • SetEvent.KERNEL32(?), ref: 011BD0AA
                                                            Strings
                                                            • Failed to get message from netfx chainer., xrefs: 011BD0CB
                                                            • Failed to send files in use message from netfx chainer., xrefs: 011BD0EE
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: MutexObjectReleaseSingleWait$Event
                                                            • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
                                                            • API String ID: 2608678126-3424578679
                                                            • Opcode ID: cb2270ea72dcec74772cf84d53d3957e503fbc2543df92d69f18a87d68af460c
                                                            • Instruction ID: df339a479c8c04f7cdedf19f4f944c7aa14b7407356e48b8e342bbe397607234
                                                            • Opcode Fuzzy Hash: cb2270ea72dcec74772cf84d53d3957e503fbc2543df92d69f18a87d68af460c
                                                            • Instruction Fuzzy Hash: 7E31B63290061ABFCF1A9FA4DC84FEEBBB8BF15324F148265F920A7251C774D9558B90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01194263 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 87%
                                                            			E01194263(void* __ecx, WCHAR** _a4) {
				long _v8;
				long _t6;
				signed short _t10;
				WCHAR* _t16;
				long _t17;
				WCHAR** _t21;
				signed short _t24;
				signed short _t34;

				_t16 = 0;
				_t21 = _a4;
				_t6 = 0;
				_v8 = 0;
				_t24 = 0;
				if(_t21 == 0 ||  *_t21 == 0) {
					L5:
					_t17 = GetCurrentDirectoryW(_t6, _t16);
					if(_t17 != 0) {
						__eflags = _v8 - _t17;
						if(_v8 >= _t17) {
							goto L20;
						}
						_t24 = E01191FE0(_t21, _t17);
						__eflags = _t24;
						if(_t24 < 0) {
							goto L20;
						}
						_t10 = GetCurrentDirectoryW(_t17,  *_t21);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L20;
						}
						_t24 = GetLastError();
						__eflags = _t24;
						if(__eflags > 0) {
							_t24 = _t24 & 0x0000ffff | 0x80070000;
							__eflags = _t24;
						}
						if(__eflags >= 0) {
							_t24 = 0x80004005;
						}
						_push(_t24);
						_push(0x190);
						L19:
						_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dirutil.cpp");
						E011938BA(_t11);
						goto L20;
					}
					_t24 = GetLastError();
					if(_t24 > 0) {
						_t24 = _t24 & 0x0000ffff | 0x80070000;
						_t34 = _t24;
					}
					if(_t34 >= 0) {
						_t24 = 0x80004005;
					}
					_push(_t24);
					_push(0x187);
					goto L19;
				} else {
					_t24 = E01192847( *_t21,  &_v8);
					if(_t24 < 0) {
						L20:
						return _t24;
					}
					_t6 = _v8;
					if(_t6 != 0) {
						_t16 =  *_t21;
					}
					goto L5;
				}
			}











                                                            0x01194269
                                                            0x0119426c
                                                            0x0119426f
                                                            0x01194271
                                                            0x01194274
                                                            0x01194278
                                                            0x0119429c
                                                            0x011942a4
                                                            0x011942a8
                                                            0x011942d0
                                                            0x011942d3
                                                            0x00000000
                                                            0x00000000
                                                            0x011942dc
                                                            0x011942de
                                                            0x011942e0
                                                            0x00000000
                                                            0x00000000
                                                            0x011942e5
                                                            0x011942eb
                                                            0x011942ed
                                                            0x00000000
                                                            0x00000000
                                                            0x011942f5
                                                            0x011942f7
                                                            0x011942f9
                                                            0x011942fe
                                                            0x01194304
                                                            0x01194304
                                                            0x01194306
                                                            0x01194308
                                                            0x01194308
                                                            0x0119430d
                                                            0x0119430e
                                                            0x01194313
                                                            0x01194313
                                                            0x01194318
                                                            0x00000000
                                                            0x01194318
                                                            0x011942b0
                                                            0x011942b4
                                                            0x011942b9
                                                            0x011942bf
                                                            0x011942bf
                                                            0x011942c1
                                                            0x011942c3
                                                            0x011942c3
                                                            0x011942c8
                                                            0x011942c9
                                                            0x00000000
                                                            0x0119427e
                                                            0x01194289
                                                            0x0119428d
                                                            0x0119431d
                                                            0x01194323
                                                            0x01194323
                                                            0x01194293
                                                            0x01194298
                                                            0x0119429a
                                                            0x0119429a
                                                            0x00000000
                                                            0x01194298

                                                            APIs
                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00000000,crypt32.dll,?,?,011A3FAF,00000001,feclient.dll,?,00000000,?,?,?,01194B57), ref: 0119429E
                                                            • GetLastError.KERNEL32(?,?,011A3FAF,00000001,feclient.dll,?,00000000,?,?,?,01194B57,?,?,011DA488,?,00000001), ref: 011942AA
                                                            • GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,011A3FAF,00000001,feclient.dll,?,00000000,?,?,?,01194B57,?), ref: 011942E5
                                                            • GetLastError.KERNEL32(?,?,011A3FAF,00000001,feclient.dll,?,00000000,?,?,?,01194B57,?,?,011DA488,?,00000001), ref: 011942EF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectoryErrorLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp$crypt32.dll
                                                            • API String ID: 152501406-3004288549
                                                            • Opcode ID: bb01863bc659b8a8235488d79f5744ebc60314e8a805699e5d4add90ce6c19ae
                                                            • Instruction ID: 17c8ec2d8eac70bc3b049fee20e1dc87b6ad5ecd1fee2783e978ac9b90cfe4b3
                                                            • Opcode Fuzzy Hash: bb01863bc659b8a8235488d79f5744ebc60314e8a805699e5d4add90ce6c19ae
                                                            • Instruction Fuzzy Hash: E711EC77D01237A7EF3995E95A44A5FBB68BF056957010175EE20FB600E730DD0187E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B0937 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 74fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 60%
                                                            			E011B0937(void* __ecx, void* _a8, long _a12) {
				long _v8;
				intOrPtr _t25;
				signed int _t27;
				intOrPtr _t38;
				signed int _t41;
				signed short _t45;
				long _t49;

				_t41 =  *0x11faa94; // 0x0
				_t45 = 0;
				_v8 = 0;
				_t38 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t41 * 4)) + 4));
				_t25 =  *((intOrPtr*)(_t38 + 0x2c));
				if(_t25 == 0) {
					_t27 = WriteFile( *(_t38 + 0x3c), _a8, _a12,  &_v8, 0);
					__eflags = _t27;
					if(_t27 != 0) {
						L11:
						 *(_t38 + 0x30) = _t45;
						if(_t45 >= 0) {
							return _v8;
						} else {
							return _t27 | 0xffffffff;
						}
					}
					_t45 = GetLastError();
					__eflags = _t45;
					if(__eflags > 0) {
						_t45 = _t45 & 0x0000ffff | 0x80070000;
						__eflags = _t45;
					}
					if(__eflags >= 0) {
						_t45 = 0x80004005;
					}
					E011938BA(_t30, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x304, _t45);
					_push("Failed to write during cabinet extraction.");
					L10:
					_push(_t45);
					_t27 = E011CFB09();
					goto L11;
				}
				if(_t25 == 1) {
					_t49 = _a12;
					_t27 = E01193C78( *((intOrPtr*)(_t38 + 0x40)) +  *((intOrPtr*)(_t38 + 0x48)),  *((intOrPtr*)(_t38 + 0x44)) -  *((intOrPtr*)(_t38 + 0x48)), _a8, _t49);
					 *((intOrPtr*)(_t38 + 0x48)) =  *((intOrPtr*)(_t38 + 0x48)) + _t49;
					_v8 = _t49;
					goto L11;
				}
				_t45 = 0x8007139f;
				_push("Unexpected call to CabWrite().");
				goto L10;
			}










                                                            0x011b093b
                                                            0x011b0949
                                                            0x011b094e
                                                            0x011b0951
                                                            0x011b095b
                                                            0x011b095e
                                                            0x011b09a6
                                                            0x011b09ac
                                                            0x011b09ae
                                                            0x011b09eb
                                                            0x011b09eb
                                                            0x011b09f2
                                                            0x011b09fd
                                                            0x011b09f4
                                                            0x011b09f8
                                                            0x011b09f8
                                                            0x011b09f2
                                                            0x011b09b6
                                                            0x011b09b8
                                                            0x011b09ba
                                                            0x011b09bf
                                                            0x011b09c5
                                                            0x011b09c5
                                                            0x011b09c7
                                                            0x011b09c9
                                                            0x011b09c9
                                                            0x011b09d9
                                                            0x011b09de
                                                            0x011b09e3
                                                            0x011b09e3
                                                            0x011b09e4
                                                            0x00000000
                                                            0x011b09ea
                                                            0x011b0963
                                                            0x011b0978
                                                            0x011b0987
                                                            0x011b098f
                                                            0x011b0992
                                                            0x00000000
                                                            0x011b0995
                                                            0x011b0965
                                                            0x011b096a
                                                            0x00000000

                                                            APIs
                                                            Strings
                                                            • Failed to write during cabinet extraction., xrefs: 011B09DE
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 011B09D4
                                                            • Unexpected call to CabWrite()., xrefs: 011B096A
                                                            • @Mqt, xrefs: 011B09B0
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastWrite_memcpy_s
                                                            • String ID: @Mqt$Failed to write during cabinet extraction.$Unexpected call to CabWrite().$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 1970631241-699930843
                                                            • Opcode ID: 91c08a5c5f0f297492168f576263a4721b901d91e2cf4c776712c306b1061dc5
                                                            • Instruction ID: 48b344dff42593b71b61fa3854e19f926305e28f0b841e956157837d022f132d
                                                            • Opcode Fuzzy Hash: 91c08a5c5f0f297492168f576263a4721b901d91e2cf4c776712c306b1061dc5
                                                            • Instruction Fuzzy Hash: 3121DE76500206ABEB19CFADD984E9A7BB9FF88628B110059FA18D7245E775DD00CB20
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01199A9F Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 62%
                                                            			E01199A9F(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed short _t17;
				void* _t25;
				signed char _t28;
				signed short _t33;

				_v8 = _v8 & 0x00000000;
				_t30 = _a4;
				_t33 = E01197303(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0);
				if(_t33 >= 0) {
					_t28 = GetFileAttributesW(_v8);
					if(_t28 != 0xffffffff) {
						_t17 = 0;
						_t25 = 0;
						if((_t28 & 0x00000010) != 0) {
							_t17 = 1;
							goto L11;
						}
					} else {
						_t33 = GetLastError();
						if(_t33 > 0) {
							_t33 = _t33 & 0x0000ffff | 0x80070000;
						}
						if(_t33 == 0x80070002 || _t33 == 0x80070003) {
							_t33 = 0;
						}
						_t17 = 0;
						L11:
						_t25 = 0;
					}
					if(_t33 >= 0) {
						_t33 = E01198274(_a8,  *((intOrPtr*)(_t30 + 4)), _t17, _t25, 0);
						if(_t33 < 0) {
							_push("Failed to set variable.");
							goto L16;
						}
					} else {
						_push(_v8);
						E011CFB09(_t33, "Failed while searching directory search: %ls, for path: %ls",  *_t30);
					}
				} else {
					_push("Failed to format variable string.");
					L16:
					_push(_t33);
					E011CFB09();
				}
				E0119287D(_v8);
				return _t33;
			}








                                                            0x01199aa3
                                                            0x01199aac
                                                            0x01199abd
                                                            0x01199ac1
                                                            0x01199ad3
                                                            0x01199ad8
                                                            0x01199b05
                                                            0x01199b07
                                                            0x01199b0c
                                                            0x01199b0e
                                                            0x00000000
                                                            0x01199b0e
                                                            0x01199ada
                                                            0x01199ae0
                                                            0x01199ae4
                                                            0x01199ae9
                                                            0x01199ae9
                                                            0x01199af5
                                                            0x01199aff
                                                            0x01199aff
                                                            0x01199b01
                                                            0x01199b0f
                                                            0x01199b0f
                                                            0x01199b0f
                                                            0x01199b13
                                                            0x01199b39
                                                            0x01199b3d
                                                            0x01199b3f
                                                            0x00000000
                                                            0x01199b3f
                                                            0x01199b15
                                                            0x01199b15
                                                            0x01199b20
                                                            0x01199b25
                                                            0x01199ac3
                                                            0x01199ac3
                                                            0x01199b44
                                                            0x01199b44
                                                            0x01199b45
                                                            0x01199b4b
                                                            0x01199b4f
                                                            0x01199b59

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 01199AB8
                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,0119A889,00000100,000002C0,000002C0,00000100), ref: 01199ACD
                                                            • GetLastError.KERNEL32(?,0119A889,00000100,000002C0,000002C0,00000100), ref: 01199ADA
                                                            Strings
                                                            • Failed while searching directory search: %ls, for path: %ls, xrefs: 01199B1A
                                                            • Failed to format variable string., xrefs: 01199AC3
                                                            • Failed to set variable., xrefs: 01199B3F
                                                            • @Mqt, xrefs: 01199ADA
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesErrorFileLastOpen@16
                                                            • String ID: @Mqt$Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                            • API String ID: 1811509786-237658025
                                                            • Opcode ID: 5ec6d56cc96fd4348802c01c0f906284306439c010ce12e5e516243d9bdb87fd
                                                            • Instruction ID: b61f7658ebb8f41231b824c691e8984c76ce004a88718a5fed82bb22bdecde50
                                                            • Opcode Fuzzy Hash: 5ec6d56cc96fd4348802c01c0f906284306439c010ce12e5e516243d9bdb87fd
                                                            • Instruction Fuzzy Hash: 8F112C3394002ABBCF2F6668DC02FAE7A59EF11624F11021DF922A6190D7799D50D6D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C5929 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 69%
                                                            			E011C5929(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_push(_t30);
				_t36 = GetLastError();
				_t2 =  *0x11fa060; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E011C71F5(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E011C82DC(_t20, _t25, _t31, __eflags,  *0x11fa060, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E011C579B(_t25, _t31, 0x11fb0fc);
							E011C5CE8(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E011C5CE8();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E011C4A66(_t20, _t25, _t29, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x11fa060; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E011C71F5(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E011C82DC(_t21, _t27, _t32, __eflags,  *0x11fa060, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E011C579B(_t27, _t32, 0x11fb0fc);
									E011C5CE8(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E011C5CE8();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E011C8286(0, _t25, _t31, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E011C8286(__ebx, _t23, _t30, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}






















                                                            0x011c5929
                                                            0x011c5929
                                                            0x011c5929
                                                            0x011c592c
                                                            0x011c5933
                                                            0x011c5935
                                                            0x011c593a
                                                            0x011c593d
                                                            0x011c594b
                                                            0x011c5952
                                                            0x011c5957
                                                            0x011c595a
                                                            0x011c595d
                                                            0x011c596f
                                                            0x011c5974
                                                            0x011c5976
                                                            0x011c5981
                                                            0x011c5988
                                                            0x011c598d
                                                            0x011c5990
                                                            0x011c5992
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c5978
                                                            0x011c5978
                                                            0x00000000
                                                            0x011c5978
                                                            0x011c595f
                                                            0x011c595f
                                                            0x011c5960
                                                            0x011c5960
                                                            0x011c5965
                                                            0x011c59a0
                                                            0x011c59a1
                                                            0x011c59a7
                                                            0x011c59ac
                                                            0x011c59af
                                                            0x011c59b0
                                                            0x011c59b1
                                                            0x011c59b8
                                                            0x011c59ba
                                                            0x011c59bc
                                                            0x011c59c1
                                                            0x011c59c4
                                                            0x011c59d2
                                                            0x011c59de
                                                            0x011c59e1
                                                            0x011c59e4
                                                            0x011c59f6
                                                            0x011c59fb
                                                            0x011c59fd
                                                            0x011c5a08
                                                            0x011c5a0e
                                                            0x011c5a16
                                                            0x011c5a18
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c59ff
                                                            0x011c59ff
                                                            0x00000000
                                                            0x011c59ff
                                                            0x011c59e6
                                                            0x011c59e6
                                                            0x011c59e7
                                                            0x011c59e7
                                                            0x011c5a1a
                                                            0x011c5a1b
                                                            0x011c5a1b
                                                            0x011c59c6
                                                            0x011c59cc
                                                            0x011c59d0
                                                            0x011c5a23
                                                            0x011c5a24
                                                            0x011c5a2a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c59d0
                                                            0x011c5a31
                                                            0x011c5a31
                                                            0x011c593f
                                                            0x011c5945
                                                            0x011c5949
                                                            0x011c5994
                                                            0x011c5995
                                                            0x011c599f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c5949

                                                            APIs
                                                            • GetLastError.KERNEL32(?,00000000,011C12E7,00000000,80004004,?,011C15EB,00000000,80004004,00000000,00000000), ref: 011C592D
                                                            • _free.LIBCMT ref: 011C5960
                                                            • _free.LIBCMT ref: 011C5988
                                                            • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 011C5995
                                                            • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 011C59A1
                                                            • _abort.LIBCMT ref: 011C59A7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free$_abort
                                                            • String ID: @Mqt
                                                            • API String ID: 3160817290-2740872224
                                                            • Opcode ID: 65b384dca941e35241cd5a25dee2ca203ff16c786ee0fa3afeb3b73e6f096b38
                                                            • Instruction ID: 58033cc3f52e4d6ef992b583d62c55eba278c8274c2ca6cb0edae1235b23bdd3
                                                            • Opcode Fuzzy Hash: 65b384dca941e35241cd5a25dee2ca203ff16c786ee0fa3afeb3b73e6f096b38
                                                            • Instruction Fuzzy Hash: E9F02D3234560267C6AE76397C48F9A252F9FF3D34B25016CF528E3180FF24A481C225
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B5954 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 70%
                                                            			E011B5954(void* __ecx, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36) {
				intOrPtr _v8;
				intOrPtr _t124;
				void* _t126;
				intOrPtr _t152;
				intOrPtr _t155;
				intOrPtr* _t157;
				signed int _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t173;
				signed int _t182;
				signed int _t183;
				intOrPtr* _t194;
				signed int _t196;
				intOrPtr _t197;
				signed int _t199;
				intOrPtr _t202;
				intOrPtr* _t204;
				signed int _t205;
				intOrPtr* _t207;

				_push(__ecx);
				_t169 = _a8;
				_t196 = _a12;
				if(_t169 == 0) {
					_t202 =  *((intOrPtr*)(_t196 + 0x5c));
				} else {
					_t202 =  *((intOrPtr*)(_t196 + 0x64));
				}
				if(_t169 == 0) {
					_t124 =  *((intOrPtr*)(_t196 + 0x60));
				} else {
					_t124 =  *((intOrPtr*)(_t196 + 0x68));
				}
				_a12 = _a12 & 0x00000000;
				_t175 = 0;
				_v8 = _t124;
				_a8 = 0;
				if(_t124 == 0) {
					L14:
					_push( &_a12);
					_push(_t196);
					_t218 = _t169;
					if(_t169 == 0) {
						_t126 = E011A1DF0(_t175, __eflags);
					} else {
						_t126 = E011A1E37(_t175, _t218);
					}
					if(_t126 >= 0) {
						_t204 = _a32;
						 *_a12 = 6;
						 *((intOrPtr*)(_a12 + 0x24)) = _a24;
						 *((intOrPtr*)(_a12 + 8)) = _a28;
						__eflags =  *_t204 - 4;
						 *(_a12 + 0x18) = 0 |  *_t204 == 0x00000004;
						 *((intOrPtr*)(_a12 + 0x20)) = E011B36F3( *((intOrPtr*)(_a28 + 0x98)), _a4,  *((intOrPtr*)(_a12 + 0x24)));
						 *((intOrPtr*)(_a12 + 0x10)) =  *((intOrPtr*)(_t204 + 0x58));
						 *((intOrPtr*)(_a12 + 0x14)) =  *((intOrPtr*)(_t204 + 0x5c));
						_t205 = E0119229E(_a12 + 0xc, _t204 + 8, 0);
						__eflags = _t205;
						if(_t205 >= 0) {
							_t182 = _a12;
							__eflags =  *(_t182 + 0x18);
							if( *(_t182 + 0x18) != 0) {
								 *((intOrPtr*)(_t196 + 0xc)) = 1;
							}
							_t197 = _a28;
							_t72 = _t182 + 0x1c; // 0x1c
							E011A4426(_t182, _t197,  *((intOrPtr*)(_t182 + 0xc)), _t169, _a16, _a20, _t72);
							_t183 = _a12;
							goto L23;
						}
						_push("Failed to copy target product code.");
					} else {
						_push("Failed to plan action for target product.");
					}
					goto L28;
				} else {
					_t207 = _t202 + 0x18;
					do {
						_t157 = _t207 - 0x18;
						_a12 = _t157;
						if( *_t157 == 6 &&  *((intOrPtr*)(_t207 + 0xc)) == _a24) {
							_t194 = _a32;
							if( *_t207 != (0 |  *_t194 == 0x00000004)) {
								goto L13;
							}
							if(CompareStringW(0, 0,  *(_t207 - 0xc), 0xffffffff, _t194 + 8, 0xffffffff) == 2) {
								_t175 = _a12;
								__eflags = _a12;
								if(__eflags == 0) {
									goto L14;
								}
								__eflags = _t169;
								if(__eflags != 0) {
									L22:
									_t197 = _a28;
									L23:
									_t41 = _t183 + 0x28; // 0x28
									_t205 = E01193A01(_t183, __eflags, _t41,  *((intOrPtr*)(_t183 + 0x2c)) + 1, 8, 2);
									__eflags = _t205;
									if(_t205 >= 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_a12 + 0x28)) +  *(_a12 + 0x2c) * 8)) =  *((intOrPtr*)(_a32 + 4));
										 *((intOrPtr*)( *((intOrPtr*)(_a12 + 0x28)) + 4 +  *(_a12 + 0x2c) * 8)) = _t197;
										 *(_a12 + 0x2c) =  *(_a12 + 0x2c) + 1;
										_t170 = _a12;
										_t199 =  *((intOrPtr*)(_t170 + 0x2c)) - 1;
										__eflags = _t199;
										if(_t199 == 0) {
											L29:
											return _t205;
										} else {
											goto L36;
										}
										while(1) {
											L36:
											_t172 =  *((intOrPtr*)(_t170 + 0x28));
											_t152 =  *((intOrPtr*)(_t172 + _t199 * 8));
											__eflags = _t152 -  *((intOrPtr*)(_t172 + _t199 * 8 - 8));
											if(_t152 >=  *((intOrPtr*)(_t172 + _t199 * 8 - 8))) {
												goto L29;
											}
											 *((intOrPtr*)(_t172 + _t199 * 8 - 8)) = _t152;
											 *((intOrPtr*)(_t172 + _t199 * 8 - 4)) =  *((intOrPtr*)(_t172 + 4 + _t199 * 8));
											_t155 =  *((intOrPtr*)(_a12 + 0x28));
											 *((intOrPtr*)(_t155 + _t199 * 8)) =  *((intOrPtr*)(_t172 + _t199 * 8 - 8));
											 *((intOrPtr*)(_t155 + 4 + _t199 * 8)) =  *((intOrPtr*)(_t172 + _t199 * 8 - 4));
											_t199 = _t199 - 1;
											__eflags = _t199;
											if(_t199 == 0) {
												goto L29;
											}
											_t170 = _a12;
										}
										goto L29;
									}
									_push("Failed grow array of ordered patches.");
									L28:
									_push(_t205);
									E011CFB09();
									goto L29;
								}
								__eflags = _a36 - _t169;
								if(__eflags == 0) {
									goto L22;
								}
								_a24 = _a24 & _t169;
								_t173 = _a8;
								_t205 = E011A2454(_t175, __eflags, _t173, _t196,  &_a24);
								__eflags = _t205;
								if(_t205 >= 0) {
									 *_a24 = 2;
									 *((intOrPtr*)(_a24 + 8)) = _a36;
									_t36 = _t173 + 1; // 0x1
									_t183 = _t36 * 0x30 +  *((intOrPtr*)(_t196 + 0x5c));
									__eflags = _t183;
									_a12 = _t183;
									goto L22;
								}
								_push("Failed to insert execute action.");
								goto L28;
							}
							_t175 = _a8;
						}
						L13:
						_a12 = _a12 & 0x00000000;
						_t207 = _t207 + 0x30;
						_t175 = _t175 + 1;
						_a8 = _t175;
					} while (_t175 < _v8);
					goto L14;
				}
			}























                                                            0x011b5957
                                                            0x011b5959
                                                            0x011b595e
                                                            0x011b5963
                                                            0x011b596a
                                                            0x011b5965
                                                            0x011b5965
                                                            0x011b5965
                                                            0x011b596f
                                                            0x011b5976
                                                            0x011b5971
                                                            0x011b5971
                                                            0x011b5971
                                                            0x011b5979
                                                            0x011b597d
                                                            0x011b597f
                                                            0x011b5982
                                                            0x011b5987
                                                            0x011b59db
                                                            0x011b59de
                                                            0x011b59df
                                                            0x011b59e0
                                                            0x011b59e2
                                                            0x011b5a5d
                                                            0x011b59e4
                                                            0x011b59e4
                                                            0x011b59e4
                                                            0x011b5a66
                                                            0x011b5a84
                                                            0x011b5a8a
                                                            0x011b5a93
                                                            0x011b5a9b
                                                            0x011b5a9e
                                                            0x011b5aa7
                                                            0x011b5ac3
                                                            0x011b5acc
                                                            0x011b5ad5
                                                            0x011b5ae8
                                                            0x011b5aea
                                                            0x011b5aec
                                                            0x011b5af8
                                                            0x011b5afb
                                                            0x011b5aff
                                                            0x011b5b01
                                                            0x011b5b01
                                                            0x011b5b08
                                                            0x011b5b0b
                                                            0x011b5b1a
                                                            0x011b5b1f
                                                            0x00000000
                                                            0x011b5b1f
                                                            0x011b5aee
                                                            0x011b5a68
                                                            0x011b5a68
                                                            0x011b5a68
                                                            0x00000000
                                                            0x011b5989
                                                            0x011b5989
                                                            0x011b598c
                                                            0x011b598c
                                                            0x011b598f
                                                            0x011b5995
                                                            0x011b599f
                                                            0x011b59ac
                                                            0x00000000
                                                            0x00000000
                                                            0x011b59c6
                                                            0x011b59eb
                                                            0x011b59ee
                                                            0x011b59f0
                                                            0x00000000
                                                            0x00000000
                                                            0x011b59f2
                                                            0x011b59f4
                                                            0x011b5a37
                                                            0x011b5a37
                                                            0x011b5a3a
                                                            0x011b5a43
                                                            0x011b5a4c
                                                            0x011b5a4e
                                                            0x011b5a50
                                                            0x011b5b36
                                                            0x011b5b42
                                                            0x011b5b49
                                                            0x011b5b4c
                                                            0x011b5b52
                                                            0x011b5b52
                                                            0x011b5b55
                                                            0x011b5a75
                                                            0x011b5a7b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011b5b5b
                                                            0x011b5b5b
                                                            0x011b5b5b
                                                            0x011b5b5e
                                                            0x011b5b61
                                                            0x011b5b65
                                                            0x00000000
                                                            0x00000000
                                                            0x011b5b73
                                                            0x011b5b7b
                                                            0x011b5b82
                                                            0x011b5b85
                                                            0x011b5b88
                                                            0x011b5b8c
                                                            0x011b5b8c
                                                            0x011b5b8f
                                                            0x00000000
                                                            0x00000000
                                                            0x011b5b95
                                                            0x011b5b95
                                                            0x00000000
                                                            0x011b5b5b
                                                            0x011b5a56
                                                            0x011b5a6d
                                                            0x011b5a6d
                                                            0x011b5a6e
                                                            0x00000000
                                                            0x011b5a74
                                                            0x011b59f6
                                                            0x011b59f9
                                                            0x00000000
                                                            0x00000000
                                                            0x011b59fb
                                                            0x011b5a01
                                                            0x011b5a0c
                                                            0x011b5a0e
                                                            0x011b5a10
                                                            0x011b5a1f
                                                            0x011b5a28
                                                            0x011b5a2b
                                                            0x011b5a31
                                                            0x011b5a31
                                                            0x011b5a34
                                                            0x00000000
                                                            0x011b5a34
                                                            0x011b5a12
                                                            0x00000000
                                                            0x011b5a12
                                                            0x011b59c8
                                                            0x011b59c8
                                                            0x011b59cb
                                                            0x011b59cb
                                                            0x011b59cf
                                                            0x011b59d2
                                                            0x011b59d3
                                                            0x011b59d6
                                                            0x00000000
                                                            0x011b598c

                                                            APIs
                                                            • CompareStringW.KERNEL32(00000000,00000000,011DA500,000000FF,feclient.dll,000000FF,00000000,00000000,?,?,?,011B6548,?,00000001,?,00000000), ref: 011B59BD
                                                            Strings
                                                            • Failed to insert execute action., xrefs: 011B5A12
                                                            • Failed grow array of ordered patches., xrefs: 011B5A56
                                                            • Failed to plan action for target product., xrefs: 011B5A68
                                                            • Failed to copy target product code., xrefs: 011B5AEE
                                                            • feclient.dll, xrefs: 011B59B3, 011B5ADB
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.$feclient.dll
                                                            • API String ID: 1825529933-3477540455
                                                            • Opcode ID: 172a709172e1c8107a7eaf778c4d0bef8c45749f912a4d7f4f9fd100f7e95aac
                                                            • Instruction ID: f9e6abf57160351d42b9770ee0a859e70a82a1f911f6fd2c18fab273563477c7
                                                            • Opcode Fuzzy Hash: 172a709172e1c8107a7eaf778c4d0bef8c45749f912a4d7f4f9fd100f7e95aac
                                                            • Instruction Fuzzy Hash: A98145B560030ADFDB59CF68C8C0AAA7BA6FF09324F15856AED159B352D730E851CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B8FA9 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 149COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 72%
                                                            			E011B8FA9(void* __ecx, intOrPtr _a4, intOrPtr* _a8, int _a12) {
				int _v8;
				int _v12;
				short* _t45;
				intOrPtr* _t48;
				intOrPtr* _t70;
				int _t72;
				intOrPtr* _t73;
				intOrPtr* _t76;
				int _t77;
				int _t79;
				int _t82;
				void* _t98;

				_push(__ecx);
				_push(__ecx);
				_t79 = _a12;
				_t82 = 0;
				_v8 = 0;
				_t45 =  *(_t79 + 0xbc);
				if(_t45 != 0 && CompareStringW(0, 1, _t45, 0xffffffff,  *(_t79 + 0x10), 0xffffffff) != 2) {
					_t48 =  *((intOrPtr*)(_t79 + 0x40));
					if(_t48 != 0 &&  *_t48 != 0) {
						_t76 = _a8;
						if( *_t76 == 5) {
							L9:
							_v8 = 1;
						} else {
							if( *_t76 == 3 ||  *_t76 == 6 ||  *_t76 == 7) {
								if(E011B7A93(_t76, _t79, _t48) != 0) {
									goto L9;
								}
							}
						}
					}
					_t72 = 0;
					_a12 = 0;
					if( *((intOrPtr*)(_t79 + 0xb8)) > 0) {
						_t77 = 0;
						_v12 = 0;
						do {
							_t70 =  *((intOrPtr*)(_t79 + 0xb4)) + _t77;
							if( *_t70 != 2) {
								goto L18;
							} else {
								_t98 =  *((intOrPtr*)(_t79 + 0x3c)) -  *((intOrPtr*)(_t70 + 0xc));
								if(_t98 > 0 || _t98 >= 0 &&  *((intOrPtr*)(_t79 + 0x38)) >  *((intOrPtr*)(_t70 + 8))) {
									goto L18;
								} else {
									if(CompareStringW(0, 1,  *(_t79 + 0xbc), 0xffffffff,  *(_t70 + 0x18), 0xffffffff) == 2) {
										_t73 =  *((intOrPtr*)(_a4 + 0x10));
										_a12 =  *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *(_t70 + 0x18),  *_t70,  *((intOrPtr*)(_t70 + 0x10)),  *((intOrPtr*)(_t70 + 0x2c)),  *((intOrPtr*)(_t70 + 8)),  *((intOrPtr*)(_t70 + 0xc)), _v8);
										_t82 = E0119D644(_a4, 1, _t52);
										__eflags = _t82;
										if(_t82 >= 0) {
											__eflags = _a12 - 1;
											if(__eflags != 0) {
												L27:
												_push(E011A3D0C( *(_t79 + 0xc4)));
												_push(E011A457D( *((intOrPtr*)(_t70 + 8)),  *((intOrPtr*)(_t70 + 0xc))));
												_push(E011A425D( *((intOrPtr*)(_t70 + 0x2c))));
												_push(E011A42D7( *_t70));
												E0119563D(2, 0x2000006b,  *(_t70 + 0x18));
											} else {
												_t36 = _t79 + 0xc8; // 0x4d8
												_t82 = E011BC45E(_t73, __eflags, _t36, _a8, 0,  *((intOrPtr*)(_t79 + 0x40)),  *((intOrPtr*)(_t79 + 0xc0)), _t70 + 0x18);
												__eflags = _t82;
												if(_t82 >= 0) {
													 *(_t79 + 0xc4) = 1;
													goto L27;
												} else {
													_push("Failed to initialize update bundle.");
													goto L22;
												}
											}
										} else {
											E011938BA(_t53, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\detect.cpp", 0x7e, _t82);
											_push("BA aborted detect forward compatible bundle.");
											L22:
											_push(_t82);
											E011CFB09();
										}
									} else {
										_t72 = _a12;
										_t77 = _v12;
										goto L18;
									}
								}
							}
							goto L28;
							L18:
							_t72 = _t72 + 1;
							_t77 = _t77 + 0xf8;
							_a12 = _t72;
							_v12 = _t77;
						} while (_t72 <  *((intOrPtr*)(_t79 + 0xb8)));
					}
				}
				L28:
				return _t82;
			}















                                                            0x011b8fac
                                                            0x011b8fad
                                                            0x011b8fb1
                                                            0x011b8fb6
                                                            0x011b8fb8
                                                            0x011b8fbb
                                                            0x011b8fc3
                                                            0x011b8fe3
                                                            0x011b8fe8
                                                            0x011b8fef
                                                            0x011b8ff5
                                                            0x011b9011
                                                            0x011b9011
                                                            0x011b8ff7
                                                            0x011b8ffa
                                                            0x011b900f
                                                            0x00000000
                                                            0x00000000
                                                            0x011b900f
                                                            0x011b8ffa
                                                            0x011b8ff5
                                                            0x011b9018
                                                            0x011b901a
                                                            0x011b9023
                                                            0x011b9029
                                                            0x011b902b
                                                            0x011b902e
                                                            0x011b9034
                                                            0x011b9039
                                                            0x00000000
                                                            0x011b903b
                                                            0x011b903e
                                                            0x011b9041
                                                            0x00000000
                                                            0x011b904d
                                                            0x011b9067
                                                            0x011b9095
                                                            0x011b90ad
                                                            0x011b90b5
                                                            0x011b90b7
                                                            0x011b90b9
                                                            0x011b90d7
                                                            0x011b90db
                                                            0x011b9112
                                                            0x011b911d
                                                            0x011b9129
                                                            0x011b9132
                                                            0x011b913a
                                                            0x011b9145
                                                            0x011b90dd
                                                            0x011b90e7
                                                            0x011b90fb
                                                            0x011b90fd
                                                            0x011b90ff
                                                            0x011b9108
                                                            0x00000000
                                                            0x011b9101
                                                            0x011b9101
                                                            0x00000000
                                                            0x011b9101
                                                            0x011b90ff
                                                            0x011b90bb
                                                            0x011b90c3
                                                            0x011b90c8
                                                            0x011b90cd
                                                            0x011b90cd
                                                            0x011b90ce
                                                            0x011b90d4
                                                            0x011b9069
                                                            0x011b9069
                                                            0x011b906c
                                                            0x00000000
                                                            0x011b906c
                                                            0x011b9067
                                                            0x011b9041
                                                            0x00000000
                                                            0x011b906f
                                                            0x011b906f
                                                            0x011b9070
                                                            0x011b9076
                                                            0x011b9079
                                                            0x011b907c
                                                            0x011b9084
                                                            0x011b9023
                                                            0x011b914d
                                                            0x011b9153

                                                            APIs
                                                            • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000100,00000000,?,?,?,011A700A,000000B8,0000001C,00000100), ref: 011B8FD4
                                                            • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,011DA4B8,000000FF,?,?,?,011A700A,000000B8,0000001C,00000100,00000100,00000100,000000B0), ref: 011B905E
                                                            Strings
                                                            • Failed to initialize update bundle., xrefs: 011B9101
                                                            • comres.dll, xrefs: 011B90E0
                                                            • c:\agent\_work\66\s\src\burn\engine\detect.cpp, xrefs: 011B90BE
                                                            • BA aborted detect forward compatible bundle., xrefs: 011B90C8
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$c:\agent\_work\66\s\src\burn\engine\detect.cpp$comres.dll
                                                            • API String ID: 1825529933-4215571375
                                                            • Opcode ID: add0e15056392305392b6185d7607c5a2f1e805dcafbed2edecda5290dcd3c76
                                                            • Instruction ID: c15825beba88b4b40f42943a9d1d5d9b5fc4cc3caa2b84c92e47668ff99c3925
                                                            • Opcode Fuzzy Hash: add0e15056392305392b6185d7607c5a2f1e805dcafbed2edecda5290dcd3c76
                                                            • Instruction Fuzzy Hash: 2551A6B1600215FBDF1D9F68CCC4EE9BB6AFF05324F144258FA245A295C772E861DBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D7ED3 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 137timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E011D7ED3(intOrPtr _a4, struct _FILETIME* _a8) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				signed int _v28;
				struct _FILETIME* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				long _t26;
				signed int _t34;
				signed short _t37;
				void* _t39;
				void* _t41;
				void* _t43;
				void* _t45;
				signed short _t49;
				signed short* _t53;
				void* _t55;
				void* _t56;
				signed short* _t57;
				signed int _t61;
				void* _t62;
				long _t79;

				_t21 =  *0x11fa008; // 0x295f764a
				_v8 = _t21 ^ _t61;
				_v28 = _v28 & 0x00000000;
				_t49 = 0;
				_v32 = _a8;
				_t57 =  &_v24;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t26 = E0119229E( &_v28, _a4, 0);
				_t59 = _t26;
				if(_t26 < 0) {
					L28:
					if(_v28 != 0) {
						E01192762(_v28);
					}
					return E011BDD1F(_t49, _v8 ^ _t61, 0, _t57, _t59);
				}
				_t57 = _v28;
				if(_t57 == 0) {
					L22:
					if(SystemTimeToFileTime( &_v24, _v32) == 0) {
						_t59 = GetLastError();
						if(_t59 > 0) {
							_t79 = _t59;
						}
						if(_t79 >= 0) {
							_t59 = 0x80004005;
						}
						E011938BA(_t32, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\timeutil.cpp", 0xbf, _t59);
					}
					goto L28;
				}
				_t53 = _t57;
				while(1) {
					_t34 =  *_t57 & 0x0000ffff;
					if(_t34 == 0) {
						goto L22;
					}
					_t55 = 0x54;
					if(_t55 == _t34) {
						L7:
						 *_t57 = 0;
						_t57 =  &(_t57[1]);
						_t37 = _t49;
						if(_t37 == 0) {
							_v24.wYear = E011C5DE3(_t53, _t53, 0, 0xa);
							L19:
							_t62 = _t62 + 0xc;
							L20:
							_t53 = _t57;
							_t49 = _t49 + 1;
							L21:
							_t57 =  &(_t57[1]);
							if(_t57 != 0) {
								continue;
							}
							goto L22;
						}
						_t39 = _t37 - 1;
						if(_t39 == 0) {
							_v24.wMonth = E011C5DE3(_t53, _t53, 0, 0xa);
							goto L19;
						}
						_t41 = _t39 - 1;
						if(_t41 == 0) {
							_v24.wDay = E011C5DE3(_t53, _t53, 0, 0xa);
							goto L19;
						}
						_t43 = _t41 - 1;
						if(_t43 == 0) {
							_v24.wHour = E011C5DE3(_t53, _t53, 0, 0xa);
							goto L19;
						}
						_t45 = _t43 - 1;
						if(_t45 == 0) {
							_v24.wMinute = E011C5DE3(_t53, _t53, 0, 0xa);
							goto L19;
						}
						if(_t45 != 1) {
							goto L20;
						}
						_v24.wSecond = E011C5DE3(_t53, _t53, 0, 0xa);
						goto L19;
					}
					_t56 = 0x3a;
					if(_t56 == _t34) {
						goto L7;
					}
					_push(0x2d);
					_pop(0);
					if(0 != _t34) {
						goto L21;
					}
					goto L7;
				}
				goto L22;
			}


























                                                            0x011d7ed9
                                                            0x011d7ee0
                                                            0x011d7eea
                                                            0x011d7eee
                                                            0x011d7ef2
                                                            0x011d7ef5
                                                            0x011d7efa
                                                            0x011d7efd
                                                            0x011d7efe
                                                            0x011d7eff
                                                            0x011d7f04
                                                            0x011d7f09
                                                            0x011d7f0d
                                                            0x011d8018
                                                            0x011d801c
                                                            0x011d8021
                                                            0x011d8021
                                                            0x011d8036
                                                            0x011d8036
                                                            0x011d7f13
                                                            0x011d7f18
                                                            0x011d7fd9
                                                            0x011d7fe8
                                                            0x011d7ff0
                                                            0x011d7ff4
                                                            0x011d7fff
                                                            0x011d7fff
                                                            0x011d8001
                                                            0x011d8003
                                                            0x011d8003
                                                            0x011d8013
                                                            0x011d8013
                                                            0x00000000
                                                            0x011d7fe8
                                                            0x011d7f1e
                                                            0x011d7f20
                                                            0x011d7f20
                                                            0x011d7f26
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7f2e
                                                            0x011d7f32
                                                            0x011d7f48
                                                            0x011d7f4c
                                                            0x011d7f51
                                                            0x011d7f54
                                                            0x011d7f56
                                                            0x011d7fc5
                                                            0x011d7fc9
                                                            0x011d7fc9
                                                            0x011d7fcc
                                                            0x011d7fcc
                                                            0x011d7fce
                                                            0x011d7fcf
                                                            0x011d7fd0
                                                            0x011d7fd3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7fd3
                                                            0x011d7f58
                                                            0x011d7f5b
                                                            0x011d7fb6
                                                            0x00000000
                                                            0x011d7fb6
                                                            0x011d7f5d
                                                            0x011d7f60
                                                            0x011d7fa7
                                                            0x00000000
                                                            0x011d7fa7
                                                            0x011d7f62
                                                            0x011d7f65
                                                            0x011d7f98
                                                            0x00000000
                                                            0x011d7f98
                                                            0x011d7f67
                                                            0x011d7f6a
                                                            0x011d7f89
                                                            0x00000000
                                                            0x011d7f89
                                                            0x011d7f6f
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7f7a
                                                            0x00000000
                                                            0x011d7f7a
                                                            0x011d7f36
                                                            0x011d7f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7f3c
                                                            0x011d7f3e
                                                            0x011d7f42
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7f42
                                                            0x00000000

                                                            APIs
                                                            • SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 011D7FE0
                                                            • GetLastError.KERNEL32 ref: 011D7FEA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Time$ErrorFileLastSystem
                                                            • String ID: @Mqt$Jv_)$c:\agent\_work\66\s\src\libs\dutil\timeutil.cpp$clbcatq.dll
                                                            • API String ID: 2781989572-2024425492
                                                            • Opcode ID: c8500a006f13d2ac4b31e8e29759c9b32e8c336ccb604129c9f0609319e7d4b5
                                                            • Instruction ID: dae073de34efb3672e4e5f5267749617053e21c9b24c02eb2caeb59d163f7c2d
                                                            • Opcode Fuzzy Hash: c8500a006f13d2ac4b31e8e29759c9b32e8c336ccb604129c9f0609319e7d4b5
                                                            • Instruction Fuzzy Hash: 4A41D476B0021766EB3C9BBC8C44BBEBA75AFA0708F054159E611B72C4D775DA01C7A2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D5B40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 129fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 52%
                                                            			E011D5B40(void* __ecx, intOrPtr _a4, void* _a8, long _a12, void* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				signed int _v8;
				signed int _v12;
				signed int _t47;
				intOrPtr* _t48;
				void* _t52;
				void* _t58;
				signed int _t59;
				intOrPtr* _t62;
				signed short _t65;

				_t60 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t62 = _a12;
				_t65 = E011D412E(__ecx, _a8,  *_t62,  *((intOrPtr*)(_t62 + 4)), 0, 0);
				if(_t65 >= 0) {
					while(1) {
						L2:
						_push( &_v8);
						_push(_a32);
						_push(_a28);
						_push(_a4);
						if( *0x11fa990() == 0) {
							break;
						}
						if(_v8 != 0) {
							_t58 = 0;
							_a12 = _a12 & 0;
							while(WriteFile(_a8, _a28 + _t58, _v8 - _t58,  &_a12, 0) != 0) {
								_t58 = _t58 + _a12;
								if(_a12 == 0 || _t58 >= _v8) {
									 *_t62 =  *_t62 + _t58;
									_t47 = 0;
									asm("adc [edi+0x4], eax");
									if(_a16 != 0xffffffff) {
										_t59 = _t47;
										_v12 = _t47;
										if(E011D412E(_t60, _a16, _t47, _t47, _t47, _t47) >= 0) {
											do {
												_push(0);
												_push( &_v12);
												_t52 = 8;
												WriteFile(_a16, _t62 + _t59 * 8, _t52 - _t59, ??, ??);
												_t59 = _t59 + _v12;
											} while (_v12 != 0 && _t59 < 8);
										}
									}
									_t48 = _a36;
									if(_t48 == 0 ||  *_t48 == 0) {
										L15:
										if(_v8 != 0) {
											goto L2;
										} else {
										}
									} else {
										_t65 = E011D547D(_t48,  *_t62,  *((intOrPtr*)(_t62 + 4)), _a20, _a24, _a8);
										if(_t65 >= 0) {
											goto L15;
										}
									}
								} else {
									continue;
								}
								goto L28;
							}
							_t65 = GetLastError();
							__eflags = _t65;
							if(__eflags > 0) {
								_t65 = _t65 & 0x0000ffff | 0x80070000;
								__eflags = _t65;
							}
							if(__eflags >= 0) {
								_t65 = 0x80004005;
							}
							_push(_t65);
							_push(0x1a6);
							L27:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp");
							E011938BA(_t39);
						}
						L28:
						goto L29;
					}
					_t65 = GetLastError();
					__eflags = _t65;
					if(__eflags > 0) {
						_t65 = _t65 & 0x0000ffff | 0x80070000;
						__eflags = _t65;
					}
					if(__eflags >= 0) {
						_t65 = 0x80004005;
					}
					_push(_t65);
					_push(0x19a);
					goto L27;
				}
				L29:
				return _t65;
			}












                                                            0x011d5b40
                                                            0x011d5b43
                                                            0x011d5b44
                                                            0x011d5b45
                                                            0x011d5b4b
                                                            0x011d5b5f
                                                            0x011d5b63
                                                            0x011d5b6a
                                                            0x011d5b6a
                                                            0x011d5b6d
                                                            0x011d5b6e
                                                            0x011d5b71
                                                            0x011d5b74
                                                            0x011d5b7f
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5b89
                                                            0x011d5b8f
                                                            0x011d5b91
                                                            0x011d5b94
                                                            0x011d5bb7
                                                            0x011d5bbe
                                                            0x011d5bc5
                                                            0x011d5bc9
                                                            0x011d5bca
                                                            0x011d5bd1
                                                            0x011d5bda
                                                            0x011d5bdc
                                                            0x011d5be6
                                                            0x011d5be8
                                                            0x011d5be8
                                                            0x011d5bed
                                                            0x011d5bf0
                                                            0x011d5bfb
                                                            0x011d5c01
                                                            0x011d5c04
                                                            0x011d5be8
                                                            0x011d5be6
                                                            0x011d5c0f
                                                            0x011d5c14
                                                            0x011d5c35
                                                            0x011d5c39
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5c3f
                                                            0x011d5c1b
                                                            0x011d5c2f
                                                            0x011d5c33
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5c33
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5bbe
                                                            0x011d5c47
                                                            0x011d5c49
                                                            0x011d5c4b
                                                            0x011d5c50
                                                            0x011d5c56
                                                            0x011d5c56
                                                            0x011d5c58
                                                            0x011d5c5a
                                                            0x011d5c5a
                                                            0x011d5c5f
                                                            0x011d5c60
                                                            0x011d5c8b
                                                            0x011d5c8b
                                                            0x011d5c90
                                                            0x011d5c90
                                                            0x011d5c95
                                                            0x00000000
                                                            0x011d5c95
                                                            0x011d5c6d
                                                            0x011d5c6f
                                                            0x011d5c71
                                                            0x011d5c76
                                                            0x011d5c7c
                                                            0x011d5c7c
                                                            0x011d5c7e
                                                            0x011d5c80
                                                            0x011d5c80
                                                            0x011d5c85
                                                            0x011d5c86
                                                            0x00000000
                                                            0x011d5c86
                                                            0x011d5c96
                                                            0x011d5c9b

                                                            APIs
                                                              • Part of subcall function 011D412E: SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,011A8651,00000000,00000000,00000000,00000000,00000000), ref: 011D4146
                                                              • Part of subcall function 011D412E: GetLastError.KERNEL32(?,?,?,011A8651,00000000,00000000,00000000,00000000,00000000), ref: 011D4150
                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,011D53FE,?,?,?,?,?,?,?,00010000,?), ref: 011D5BA9
                                                            • WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,011D53FE,?,?,?,?), ref: 011D5BFB
                                                            • GetLastError.KERNEL32(?,011D53FE,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 011D5C41
                                                            • GetLastError.KERNEL32(?,011D53FE,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 011D5C67
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLast$Write$Pointer
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 133221148-3014452495
                                                            • Opcode ID: f66c46b353b883a6bc66a9febdf206b490feab5a5872b0ef47b3d7394f657672
                                                            • Instruction ID: 338dff614a4442aa5395f2da128149cdd42081eded92f7f7d9c26faa662fdcc5
                                                            • Opcode Fuzzy Hash: f66c46b353b883a6bc66a9febdf206b490feab5a5872b0ef47b3d7394f657672
                                                            • Instruction Fuzzy Hash: 6B419F7250121ABFEB698E98CC44BEE7B7EFF04355F050225BE10AA190D374DD50DBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119252E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E0119252E(signed int __edx, char** _a4, short* _a8, int _a12, int _a16) {
				signed int _t17;
				int _t18;
				int _t19;
				int _t20;
				intOrPtr* _t25;
				int _t29;
				short* _t34;
				char** _t35;
				int _t38;
				signed int _t41;
				int _t43;
				int _t45;

				_t33 = _a4;
				_t38 = __edx | 0xffffffff;
				_t17 = _a12;
				_t29 = 0;
				_t45 = 0;
				_t41 = _t17;
				if( *_a4 == 0) {
					L4:
					_t34 = _a8;
					__eflags = _t17;
					if(_t17 != 0) {
						__eflags = 0 - _t34[_t17];
						if(0 == _t34[_t17]) {
							_t41 = _t17 - 1;
						}
						L15:
						_t18 = _t41 + 1;
						__eflags = _t45 - _t18;
						if(_t45 >= _t18) {
							_t35 = _a4;
							L25:
							_t19 = _a12;
							__eflags = _t19;
							if(_t19 == 0) {
								_t19 = _t19 | 0xffffffff;
								__eflags = _t19;
							}
							_t20 = WideCharToMultiByte(_a16, _t29, _a8, _t19,  *_t35, _t45, _t29, _t29);
							__eflags = _t20;
							if(_t20 != 0) {
								( *_a4)[_t41] = _t29;
								goto L34;
							} else {
								_t29 = GetLastError();
								__eflags = _t29;
								if(__eflags > 0) {
									_t29 = _t29 & 0x0000ffff | 0x80070000;
									__eflags = _t29;
								}
								if(__eflags >= 0) {
									_t29 = 0x80004005;
								}
								_push(_t29);
								_push(0x1de);
								L11:
								_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\strutil.cpp");
								E011938BA(_t23);
								L34:
								return _t29;
							}
						}
						_t45 = _t18;
						__eflags = _t45 - 0x7fffffff;
						if(_t45 < 0x7fffffff) {
							_t25 = _a4;
							_push(1);
							_push(_t45);
							__eflags =  *_t25 - _t29;
							if( *_t25 == _t29) {
								_t23 = E011939DF();
							} else {
								_push( *_t25);
								_t23 = E01193B7C();
							}
							__eflags = _t23;
							if(_t23 != 0) {
								_t35 = _a4;
								 *_t35 = _t23;
								goto L25;
							} else {
								_t29 = 0x8007000e;
								_push(0x8007000e);
								_push(0x1d7);
								goto L11;
							}
						}
						_t29 = 0x8007000e;
						goto L34;
					}
					_t43 = WideCharToMultiByte(_a16, _t29, _t34, _t38, _t29, _t29, _t29, _t29);
					__eflags = _t43;
					if(_t43 != 0) {
						_t41 = _t43 - 1;
						goto L15;
					}
					_t29 = GetLastError();
					__eflags = _t29;
					if(__eflags > 0) {
						_t29 = _t29 & 0x0000ffff | 0x80070000;
						__eflags = _t29;
					}
					if(__eflags >= 0) {
						_t29 = 0x80004005;
					}
					_push(_t29);
					_push(0x1bc);
					goto L11;
				}
				_t45 = E01193C5F( *_t33);
				_t38 = _t38 | 0xffffffff;
				if(_t45 != _t38) {
					_t17 = _t41;
					goto L4;
				}
				_t29 = 0x80070057;
				goto L34;
			}















                                                            0x01192531
                                                            0x01192534
                                                            0x01192537
                                                            0x0119253c
                                                            0x0119253e
                                                            0x01192541
                                                            0x01192545
                                                            0x01192563
                                                            0x01192563
                                                            0x01192566
                                                            0x01192568
                                                            0x011925b8
                                                            0x011925bc
                                                            0x011925be
                                                            0x011925be
                                                            0x011925c1
                                                            0x011925c1
                                                            0x011925c4
                                                            0x011925c6
                                                            0x0119260c
                                                            0x0119260f
                                                            0x0119260f
                                                            0x01192612
                                                            0x01192614
                                                            0x01192616
                                                            0x01192616
                                                            0x01192616
                                                            0x01192626
                                                            0x0119262c
                                                            0x0119262e
                                                            0x0119265e
                                                            0x00000000
                                                            0x01192630
                                                            0x01192636
                                                            0x01192638
                                                            0x0119263a
                                                            0x0119263f
                                                            0x01192645
                                                            0x01192645
                                                            0x01192647
                                                            0x01192649
                                                            0x01192649
                                                            0x0119264e
                                                            0x0119264f
                                                            0x011925a4
                                                            0x011925a4
                                                            0x011925a9
                                                            0x01192661
                                                            0x01192667
                                                            0x01192667
                                                            0x0119262e
                                                            0x011925c8
                                                            0x011925ca
                                                            0x011925d0
                                                            0x011925dc
                                                            0x011925df
                                                            0x011925e1
                                                            0x011925e2
                                                            0x011925e4
                                                            0x011925ef
                                                            0x011925e6
                                                            0x011925e6
                                                            0x011925e8
                                                            0x011925e8
                                                            0x011925f4
                                                            0x011925f6
                                                            0x01192605
                                                            0x01192608
                                                            0x00000000
                                                            0x011925f8
                                                            0x011925f8
                                                            0x011925fd
                                                            0x011925fe
                                                            0x00000000
                                                            0x011925fe
                                                            0x011925f6
                                                            0x011925d2
                                                            0x00000000
                                                            0x011925d2
                                                            0x0119257a
                                                            0x0119257c
                                                            0x0119257e
                                                            0x011925b3
                                                            0x00000000
                                                            0x011925b3
                                                            0x01192586
                                                            0x01192588
                                                            0x0119258a
                                                            0x0119258f
                                                            0x01192595
                                                            0x01192595
                                                            0x01192597
                                                            0x01192599
                                                            0x01192599
                                                            0x0119259e
                                                            0x0119259f
                                                            0x00000000
                                                            0x0119259f
                                                            0x0119254e
                                                            0x01192550
                                                            0x01192555
                                                            0x01192561
                                                            0x00000000
                                                            0x01192561
                                                            0x01192557
                                                            0x00000000

                                                            APIs
                                                            • WideCharToMultiByte.KERNEL32(?,00000000,011CF8C7,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,011CF8C7,011B1074,?,00000000), ref: 01192574
                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,011CF8C7,011B1074,?,00000000,0000FDE9,?,011B1074), ref: 01192580
                                                              • Part of subcall function 01193C5F: GetProcessHeap.KERNEL32(00000000,000001C7,?,011922D5,000001C7,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01193C67
                                                              • Part of subcall function 01193C5F: HeapSize.KERNEL32(00000000,?,011922D5,000001C7,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01193C6E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\strutil.cpp
                                                            • API String ID: 3662877508-178104475
                                                            • Opcode ID: 1edb04214ee25e0a186ad2c1ba1b474413bc21b1e2b0141e66e6d5e551e163ad
                                                            • Instruction ID: dbef8fb3dfebbd997c37faa723b42247d6c958373e5a1162537090ce67fca4f6
                                                            • Opcode Fuzzy Hash: 1edb04214ee25e0a186ad2c1ba1b474413bc21b1e2b0141e66e6d5e551e163ad
                                                            • Instruction Fuzzy Hash: 4431C771200206BFFF2D9E698CD0AA63699EF45768B114329FE329B290EB71CC408791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011AD2BA Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 21%
                                                            			E011AD2BA(void* __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr* _t18;
				void* _t57;
				intOrPtr _t58;
				void* _t60;
				void* _t61;
				void* _t64;

				_v8 = _v8 | 0xffffffff;
				_t58 = _a4;
				_t18 =  *((intOrPtr*)(_t58 + 0xc8));
				_t61 = E0119D644(_t58 + 0xb8, 1,  *((intOrPtr*)( *_t18 + 0x74))(_t18, _t57, _t60, __ecx));
				if(_t61 >= 0) {
					_push(__ebx);
					_t41 = _t58 + 0x4a0;
					if(E011A4D1A(_t58 + 0x4a0, __edx, _t58 + 0x4a0, _t58 + 0x4a4) >= 0) {
						if(E011A4E6A(_t41, 1,  &_v8) >= 0) {
							_push(0x2000000a);
							_push(2);
							E0119563D();
							while(1) {
								_t64 = E011A5053( *((intOrPtr*)(_t58 + 0x49c)), _t41, 1, _a8);
								if(_t64 >= 0) {
									break;
								}
								if(_t64 != 0x800704c7) {
									L13:
									if(_t64 < 0) {
										goto L14;
									}
								} else {
									_t64 = 0x80070642;
									if(E0119D7FC(0x80070642,  *((intOrPtr*)(_t58 + 0xc8)), 0, 0, 0x80070642, 0, 0x15, 0) == 4) {
										continue;
									} else {
										L14:
										_push("Failed to elevate.");
										goto L16;
									}
								}
								goto L17;
							}
							_push(0x2000000b);
							_push(2);
							E0119563D();
							_t64 = E011A545D(_t41);
							if(_t64 < 0) {
								_push("Failed to connect to elevated child process.");
								goto L16;
							} else {
								_push(0x2000000c);
								_push(2);
								E0119563D();
								goto L13;
							}
						} else {
							_push("Failed to create pipe and cache pipe.");
							goto L16;
						}
					} else {
						_push("Failed to create pipe name and client token.");
						L16:
						_push(_t64);
						E011CFB09();
					}
					L17:
				} else {
					E011938BA(_t21, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\elevation.cpp", 0x101, _t61);
					_push("UX aborted elevation requirement.");
					_push(_t61);
					E011CFB09();
				}
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_t64 < 0) {
					E011A4CA8(_t58 + 0x4a0);
				}
				return _t64;
			}










                                                            0x011ad2be
                                                            0x011ad2c4
                                                            0x011ad2c7
                                                            0x011ad2e2
                                                            0x011ad2e6
                                                            0x011ad30a
                                                            0x011ad312
                                                            0x011ad322
                                                            0x011ad33e
                                                            0x011ad34a
                                                            0x011ad34f
                                                            0x011ad351
                                                            0x011ad358
                                                            0x011ad369
                                                            0x011ad36d
                                                            0x00000000
                                                            0x00000000
                                                            0x011ad375
                                                            0x011ad3c1
                                                            0x011ad3c3
                                                            0x00000000
                                                            0x00000000
                                                            0x011ad377
                                                            0x011ad38b
                                                            0x011ad395
                                                            0x00000000
                                                            0x011ad397
                                                            0x011ad3c5
                                                            0x011ad3c5
                                                            0x00000000
                                                            0x011ad3c5
                                                            0x011ad395
                                                            0x00000000
                                                            0x011ad375
                                                            0x011ad399
                                                            0x011ad39e
                                                            0x011ad3a0
                                                            0x011ad3ad
                                                            0x011ad3b1
                                                            0x011ad3cc
                                                            0x00000000
                                                            0x011ad3b3
                                                            0x011ad3b3
                                                            0x011ad3b8
                                                            0x011ad3ba
                                                            0x00000000
                                                            0x011ad3c0
                                                            0x011ad340
                                                            0x011ad340
                                                            0x00000000
                                                            0x011ad340
                                                            0x011ad324
                                                            0x011ad324
                                                            0x011ad3d1
                                                            0x011ad3d1
                                                            0x011ad3d2
                                                            0x011ad3d8
                                                            0x011ad3d9
                                                            0x011ad2e8
                                                            0x011ad2f3
                                                            0x011ad2f8
                                                            0x011ad2fd
                                                            0x011ad2fe
                                                            0x011ad304
                                                            0x011ad3de
                                                            0x011ad3e3
                                                            0x011ad3e9
                                                            0x011ad3e9
                                                            0x011ad3ef
                                                            0x011ad3f8
                                                            0x011ad3f8
                                                            0x011ad402

                                                            APIs
                                                            • CloseHandle.KERNEL32(00000000,?,?,00000001,011DA500,?,00000001,000000FF,?,?,775FA770,00000000,00000001,00000000,?,011A73D9), ref: 011AD3E3
                                                            Strings
                                                            • Failed to connect to elevated child process., xrefs: 011AD3CC
                                                            • Failed to create pipe name and client token., xrefs: 011AD324
                                                            • c:\agent\_work\66\s\src\burn\engine\elevation.cpp, xrefs: 011AD2EE
                                                            • Failed to elevate., xrefs: 011AD3C5
                                                            • UX aborted elevation requirement., xrefs: 011AD2F8
                                                            • Failed to create pipe and cache pipe., xrefs: 011AD340
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle
                                                            • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$c:\agent\_work\66\s\src\burn\engine\elevation.cpp
                                                            • API String ID: 2962429428-2367031576
                                                            • Opcode ID: bc52e7ae6e48b16d4c3f012e4c6ebc70ed8a89d90084b27482f3a88025eff4e0
                                                            • Instruction ID: 2e669af82b42398877e4e3e260e4269c9e17e0654494eefdc086a683867c6054
                                                            • Opcode Fuzzy Hash: bc52e7ae6e48b16d4c3f012e4c6ebc70ed8a89d90084b27482f3a88025eff4e0
                                                            • Instruction Fuzzy Hash: 5A3150B6649F12BFEF1E92E0FC45FAA7E5DAF10724F900205F915B6580DBA0AD0086D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D8C74 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011D8C74(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t58;
				void* _t60;

				_t58 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v24 = 0;
				_t60 = E011D0823(_a4,  *0x11fa7e0, 0x20019,  &_v16);
				if(_t60 == 0x80070002 || _t60 < 0) {
					L17:
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _t60;
				} else {
					_t60 = E011D0823(_v16, _a8, 0x20019,  &_v8);
					if(_t60 != 0x80070002 && _t60 >= 0) {
						_t60 = E011D0823(_v8,  *0x11fa7e4, 0x20019,  &_v12);
						if(_t60 != 0x80070002 && _t60 >= 0) {
							_t60 = E011D0517(_t58, _v12, _a12, 0, 1);
							if(_t60 < 0) {
								goto L17;
							}
							_t60 = E011D0886(_v12,  &_v20, 0);
							if(_t60 >= 0 && _v20 <= 0) {
								if(_v12 != 0) {
									RegCloseKey(_v12);
									_v12 = 0;
								}
								_t60 = E011D0517(_t58, _v8,  *0x11fa7e4, 0, 0);
								if(_t60 >= 0) {
									_t60 = E011D0886(_v8, 0,  &_v24);
									if(_t60 >= 0 && _v24 == 0) {
										if(_v8 != 0) {
											RegCloseKey(_v8);
											_v8 = 0;
										}
										_t60 = E011D0517(_t58, _v16, _a8, 0, 0);
									}
								}
							}
						}
					}
					goto L17;
				}
			}










                                                            0x011d8c74
                                                            0x011d8c8e
                                                            0x011d8c94
                                                            0x011d8c97
                                                            0x011d8c9a
                                                            0x011d8c9d
                                                            0x011d8cab
                                                            0x011d8cb3
                                                            0x011d8d9b
                                                            0x011d8d9e
                                                            0x011d8da3
                                                            0x011d8da5
                                                            0x011d8da5
                                                            0x011d8dab
                                                            0x011d8db0
                                                            0x011d8db2
                                                            0x011d8db2
                                                            0x011d8db8
                                                            0x011d8dbd
                                                            0x011d8dbd
                                                            0x011d8dc5
                                                            0x011d8cc1
                                                            0x011d8cd5
                                                            0x011d8cdd
                                                            0x011d8d02
                                                            0x011d8d0a
                                                            0x011d8d26
                                                            0x011d8d2a
                                                            0x00000000
                                                            0x00000000
                                                            0x011d8d39
                                                            0x011d8d3d
                                                            0x011d8d47
                                                            0x011d8d4c
                                                            0x011d8d4e
                                                            0x011d8d4e
                                                            0x011d8d61
                                                            0x011d8d65
                                                            0x011d8d74
                                                            0x011d8d78
                                                            0x011d8d82
                                                            0x011d8d87
                                                            0x011d8d89
                                                            0x011d8d89
                                                            0x011d8d99
                                                            0x011d8d99
                                                            0x011d8d78
                                                            0x011d8d65
                                                            0x011d8d3d
                                                            0x011d8d0a
                                                            0x00000000
                                                            0x011d8cdd

                                                            APIs
                                                              • Part of subcall function 011D0823: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,011FAA7C,00000000,?,011D4FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 011D0837
                                                            • RegCloseKey.ADVAPI32(00000001,00000001,crypt32.dll,00000000,00000001,011DA500,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 011D8D4C
                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,crypt32.dll,00000000,00000001,011DA500,00000000,00000001,00000000,00020019), ref: 011D8D87
                                                            • RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000,00000000,crypt32.dll), ref: 011D8DA3
                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,crypt32.dll), ref: 011D8DB0
                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,crypt32.dll), ref: 011D8DBD
                                                              • Part of subcall function 011D0886: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,011D8D39,00000001), ref: 011D089E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Close$InfoOpenQuery
                                                            • String ID: crypt32.dll
                                                            • API String ID: 796878624-1661610138
                                                            • Opcode ID: 86620f06d0125747f4c6c98ac21c7e16542d5eda324127e6d05c69712754584a
                                                            • Instruction ID: 887236582596f8045d542ce164f1099c147479812504f425d602dfb577f01c23
                                                            • Opcode Fuzzy Hash: 86620f06d0125747f4c6c98ac21c7e16542d5eda324127e6d05c69712754584a
                                                            • Instruction Fuzzy Hash: E0413B72C0162DFFDF25AF989C809DDFE79EF14654F12416AEA0077160D3314E509BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D3843 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011D3843(WCHAR* _a4, WCHAR* _a8, int _a12) {
				signed short _t13;
				signed int _t14;
				signed int _t15;
				void* _t18;
				signed short _t19;
				int _t22;
				signed short _t23;
				signed short _t24;
				signed int _t25;
				WCHAR* _t26;
				void* _t27;
				WCHAR* _t28;
				signed short _t29;

				_t22 = _a12;
				_t26 = _a8;
				_t29 = 0;
				if(CopyFileW(_a4, _t26, 0 | _t22 == 0x00000000) != 0) {
					L22:
					return _t29;
				}
				_t13 = GetLastError();
				if(_t22 != 0 || _t13 != 0x50 && _t13 != 0xb7) {
					__eflags = _t13 - 3;
					if(_t13 != 3) {
						__eflags = _t13;
						if(_t13 > 0) {
							_t29 = _t13 & 0x0000ffff | 0x80070000;
							__eflags = _t29;
						} else {
							_t29 = _t13;
						}
						goto L22;
					}
					_t14 =  *_t26 & 0x0000ffff;
					_t23 = _t29;
					_t24 = _t26;
					__eflags = _t14;
					if(_t14 == 0) {
						L18:
						_t29 = 0x80070003;
					} else {
						_t25 = _t14;
						_t27 = 0x5c;
						do {
							__eflags = _t25 - _t27;
							if(_t25 == _t27) {
								_t23 = _t24;
							}
							_t24 = _t24 + 2;
							_t15 =  *_t24 & 0x0000ffff;
							_t25 = _t15;
							__eflags = _t15;
						} while (_t15 != 0);
						_t28 = _a8;
						__eflags = _t23;
						if(_t23 == 0) {
							goto L18;
						}
						 *_t23 = 0;
						_t29 = E0119415F(_t28, _t29);
						_t18 = 0x5c;
						 *_t23 = _t18;
						__eflags = _t29;
						if(_t29 >= 0) {
							_t19 = CopyFileW(_a4, _t28, _a12);
							__eflags = _t19;
							if(_t19 == 0) {
								_t29 = GetLastError();
								__eflags = _t29;
								if(__eflags > 0) {
									_t29 = _t29 & 0x0000ffff | 0x80070000;
									__eflags = _t29;
								}
								if(__eflags < 0) {
									E011938BA(_t20, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x454, _t29);
								}
							}
						}
					}
				} else {
					_t29 = 1;
				}
			}
















                                                            0x011d3847
                                                            0x011d384e
                                                            0x011d3851
                                                            0x011d3865
                                                            0x011d392b
                                                            0x011d3930
                                                            0x011d3930
                                                            0x011d386b
                                                            0x011d3873
                                                            0x011d3889
                                                            0x011d388c
                                                            0x011d3919
                                                            0x011d391b
                                                            0x011d3924
                                                            0x011d3924
                                                            0x011d391d
                                                            0x011d391d
                                                            0x011d391d
                                                            0x00000000
                                                            0x011d391b
                                                            0x011d3892
                                                            0x011d3895
                                                            0x011d3897
                                                            0x011d3899
                                                            0x011d389c
                                                            0x011d3912
                                                            0x011d3912
                                                            0x011d389e
                                                            0x011d38a0
                                                            0x011d38a2
                                                            0x011d38a3
                                                            0x011d38a3
                                                            0x011d38a6
                                                            0x011d38a8
                                                            0x011d38a8
                                                            0x011d38aa
                                                            0x011d38ad
                                                            0x011d38b0
                                                            0x011d38b2
                                                            0x011d38b2
                                                            0x011d38b7
                                                            0x011d38ba
                                                            0x011d38bc
                                                            0x00000000
                                                            0x00000000
                                                            0x011d38c2
                                                            0x011d38ca
                                                            0x011d38ce
                                                            0x011d38cf
                                                            0x011d38d2
                                                            0x011d38d4
                                                            0x011d38dd
                                                            0x011d38e3
                                                            0x011d38e5
                                                            0x011d38ed
                                                            0x011d38ef
                                                            0x011d38f1
                                                            0x011d38f6
                                                            0x011d38fc
                                                            0x011d38fc
                                                            0x011d38fe
                                                            0x011d390b
                                                            0x011d390b
                                                            0x011d38fe
                                                            0x011d38e5
                                                            0x011d38d4
                                                            0x011d3881
                                                            0x011d3883
                                                            0x011d3883

                                                            APIs
                                                            • CopyFileW.KERNEL32(00000000,01194DFD,00000000,?,?,00000000,?,011D395E,00000000,01194DFD,00000000,00000000,?,011A84D1,?,?), ref: 011D385D
                                                            • GetLastError.KERNEL32(?,011D395E,00000000,01194DFD,00000000,00000000,?,011A84D1,?,?,00000001,00000003,000007D0,?,?,?), ref: 011D386B
                                                            • CopyFileW.KERNEL32(00000000,01194DFD,00000000,01194DFD,00000000,?,011D395E,00000000,01194DFD,00000000,00000000,?,011A84D1,?,?,00000001), ref: 011D38DD
                                                            • GetLastError.KERNEL32(?,011D395E,00000000,01194DFD,00000000,00000000,?,011A84D1,?,?,00000001,00000003,000007D0,?,?,?), ref: 011D38E7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CopyErrorFileLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 374144340-1324176156
                                                            • Opcode ID: e38a1647f60c17c40e66d7fb5c2c95a44dd1b1f3bb42993128a21c4b0d6abf70
                                                            • Instruction ID: 430dc731e5c1dbd5ae76184c25aaef5e0def5070be8d5684e79678e7f110910c
                                                            • Opcode Fuzzy Hash: e38a1647f60c17c40e66d7fb5c2c95a44dd1b1f3bb42993128a21c4b0d6abf70
                                                            • Instruction Fuzzy Hash: 99210BBBB21722A7DB3D1AA95C40B776698FF40750B454129EE24DB111FB64CC4182D3
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01197337 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 91COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 42%
                                                            			E01197337(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, signed short _a12) {
				signed int _v8;
				signed int _v12;
				void* _t29;
				char* _t38;
				signed int _t46;
				void* _t49;

				_t41 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t29 = E01195DA8(_t41, _a4, _a8,  &_v12);
				_t46 = _v12;
				_t49 = _t29;
				if(_t49 < 0 ||  *((intOrPtr*)(_t46 + 0x18)) != 0) {
					if(_t49 == 0x80070490) {
						goto L18;
					}
					if(_t49 >= 0) {
						if( *((intOrPtr*)(_t46 + 0x18)) != 2 ||  *((intOrPtr*)(_t46 + 0x2c)) != 0 ||  *((intOrPtr*)(_t46 + 0x24)) != 0) {
							_t24 = _t46 + 8; // 0x8
							_t49 = E011B0132(_t24, _a12);
							if(_t49 >= 0) {
								goto L18;
							}
							_push(_a8);
							_push("Failed to get value as string for variable: %ls");
							L17:
							_push(_t49);
							E011CFB09();
						} else {
							_t16 = _t46 + 8; // 0x8
							_t49 = E011B0132(_t16,  &_v8);
							if(_t49 >= 0) {
								_t49 = E011957A7(_a4, _v8, _a12, 0, 0);
								if(_t49 < 0) {
									_t38 = L"*****";
									if( *((intOrPtr*)(_t46 + 0x20)) == 0) {
										_t38 =  *(_t46 + 8);
									}
									_push(_a8);
									E011CFB09(_t49, "Failed to format value \'%ls\' of variable: %ls", _t38);
								}
							} else {
								_push("Failed to get unformatted string.");
								_push(_t49);
								E011CFB09();
							}
						}
						goto L18;
					}
					_push(_a8);
					_push("Failed to get variable: %ls");
					goto L17;
				} else {
					_t49 = 0x80070490;
					L18:
					LeaveCriticalSection(_a4);
					E0119287D(_v8);
					return _t49;
				}
			}









                                                            0x01197337
                                                            0x0119733a
                                                            0x0119733b
                                                            0x0119733c
                                                            0x01197340
                                                            0x01197349
                                                            0x01197359
                                                            0x0119735e
                                                            0x01197361
                                                            0x01197365
                                                            0x0119737d
                                                            0x00000000
                                                            0x00000000
                                                            0x01197385
                                                            0x01197398
                                                            0x01197405
                                                            0x0119740e
                                                            0x01197412
                                                            0x00000000
                                                            0x00000000
                                                            0x01197414
                                                            0x01197417
                                                            0x0119741c
                                                            0x0119741c
                                                            0x0119741d
                                                            0x011973a6
                                                            0x011973a9
                                                            0x011973b3
                                                            0x011973b7
                                                            0x011973da
                                                            0x011973de
                                                            0x011973e4
                                                            0x011973e9
                                                            0x011973eb
                                                            0x011973eb
                                                            0x011973ee
                                                            0x011973f8
                                                            0x011973fd
                                                            0x011973b9
                                                            0x011973b9
                                                            0x011973be
                                                            0x011973bf
                                                            0x011973c5
                                                            0x011973b7
                                                            0x00000000
                                                            0x01197398
                                                            0x01197387
                                                            0x0119738a
                                                            0x00000000
                                                            0x0119736d
                                                            0x0119736d
                                                            0x01197425
                                                            0x01197428
                                                            0x01197431
                                                            0x0119743b
                                                            0x0119743b

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,01195966,00000100,00000100,00000000,?,00000001,00000000,00000100), ref: 01197349
                                                            • LeaveCriticalSection.KERNEL32(00000000,00000000,00000100,00000000,?,?,?,01195966,00000100,00000100,00000000,?,00000001,00000000,00000100), ref: 01197428
                                                            Strings
                                                            • Failed to get unformatted string., xrefs: 011973B9
                                                            • Failed to format value '%ls' of variable: %ls, xrefs: 011973F2
                                                            • Failed to get value as string for variable: %ls, xrefs: 01197417
                                                            • Failed to get variable: %ls, xrefs: 0119738A
                                                            • *****, xrefs: 011973E4, 011973F1
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                            • API String ID: 3168844106-2873099529
                                                            • Opcode ID: 1dbace57864d689971f4f48adaae487dd9e20ad35b635eb4742dbfb7c5619767
                                                            • Instruction ID: 2df17bca81948da2a6e87ab00ae228a8188c7979b7e059fd3e07e5b79cf51836
                                                            • Opcode Fuzzy Hash: 1dbace57864d689971f4f48adaae487dd9e20ad35b635eb4742dbfb7c5619767
                                                            • Instruction Fuzzy Hash: 0331EE3291061AFBCF2E5E64CC05B9EBB65EF14628F014169F82067191D335EA61CFC1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D8109 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E011D8109(void* __edx, intOrPtr _a4, struct _FILETIME* _a8) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				signed short _t17;
				struct _FILETIME* _t22;
				void* _t26;
				SYSTEMTIME* _t27;
				signed short _t28;
				signed int _t31;
				signed short _t34;

				_t26 = __edx;
				_t10 =  *0x11fa008; // 0x295f764a
				_v8 = _t10 ^ _t31;
				_t27 =  &_v24;
				_t22 = _a8;
				asm("stosd");
				_t28 = 0;
				_push(0);
				_v28 = 0x10;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_push( &_v28);
				_push( &_v24);
				_push(0x4000000b);
				_push(_a4);
				if( *0x11fa988() != 0) {
					_t17 = SystemTimeToFileTime( &_v24, _t22);
					__eflags = _t17;
					if(_t17 == 0) {
						_t28 = GetLastError();
						__eflags = _t28;
						if(__eflags > 0) {
							_t28 = _t28 & 0x0000ffff | 0x80070000;
							__eflags = _t28;
						}
						if(__eflags >= 0) {
							_t28 = 0x80004005;
						}
						_push(_t28);
						_push(0x37);
						goto L12;
					}
				} else {
					_t28 = GetLastError();
					if(_t28 > 0) {
						_t28 = _t28 & 0x0000ffff | 0x80070000;
						_t34 = _t28;
					}
					if(_t34 >= 0) {
						_t28 = 0x80004005;
					}
					_push(_t28);
					_push(0x32);
					L12:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\inetutil.cpp");
					E011938BA(_t20);
				}
				return E011BDD1F(_t22, _v8 ^ _t31, _t26, _t27, _t28);
			}

















                                                            0x011d8109
                                                            0x011d810f
                                                            0x011d8116
                                                            0x011d811f
                                                            0x011d8124
                                                            0x011d8127
                                                            0x011d8128
                                                            0x011d812a
                                                            0x011d812b
                                                            0x011d8132
                                                            0x011d8133
                                                            0x011d8134
                                                            0x011d8138
                                                            0x011d813c
                                                            0x011d813d
                                                            0x011d8142
                                                            0x011d814b
                                                            0x011d8175
                                                            0x011d817b
                                                            0x011d817d
                                                            0x011d8185
                                                            0x011d8187
                                                            0x011d8189
                                                            0x011d818e
                                                            0x011d8194
                                                            0x011d8194
                                                            0x011d8196
                                                            0x011d8198
                                                            0x011d8198
                                                            0x011d819d
                                                            0x011d819e
                                                            0x00000000
                                                            0x011d819e
                                                            0x011d814d
                                                            0x011d8153
                                                            0x011d8157
                                                            0x011d815c
                                                            0x011d8162
                                                            0x011d8162
                                                            0x011d8164
                                                            0x011d8166
                                                            0x011d8166
                                                            0x011d816b
                                                            0x011d816c
                                                            0x011d81a0
                                                            0x011d81a0
                                                            0x011d81a5
                                                            0x011d81a5
                                                            0x011d81ba

                                                            APIs
                                                            • GetLastError.KERNEL32 ref: 011D814D
                                                            • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 011D8175
                                                            • GetLastError.KERNEL32 ref: 011D817F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastTime$FileSystem
                                                            • String ID: @Mqt$Jv_)$c:\agent\_work\66\s\src\libs\dutil\inetutil.cpp
                                                            • API String ID: 1528435940-1701274824
                                                            • Opcode ID: b6fffb2317487b0af2b366b386e580c4b503f4ca0967a8c93b82d8631bb1cd5f
                                                            • Instruction ID: 063afac4ce4f5b83f6158c0aea764b4d4aab63cb8e560e5104fe85b9c5c024cf
                                                            • Opcode Fuzzy Hash: b6fffb2317487b0af2b366b386e580c4b503f4ca0967a8c93b82d8631bb1cd5f
                                                            • Instruction Fuzzy Hash: 2011E97390212AABD729DAB9DC44BAFBBA8AF04654F010029EE15F7140E7249D0887E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B09FE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 63%
                                                            			E011B09FE(intOrPtr _a4, intOrPtr _a8) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				intOrPtr _t23;
				void* _t35;
				intOrPtr _t43;
				signed int _t44;

				_t43 = _a4;
				_t44 = 0;
				_v20.dwLowDateTime = 0;
				_v20.dwHighDateTime = 0;
				_v12.dwLowDateTime = 0;
				_v12.dwHighDateTime = 0;
				_t23 =  *((intOrPtr*)(_t43 + 0x2c));
				if(_t23 == 0) {
					if(DosDateTimeToFileTime( *(_a8 + 0x18) & 0x0000ffff,  *(_a8 + 0x1a) & 0x0000ffff,  &_v20) != 0 && LocalFileTimeToFileTime( &_v20,  &_v12) != 0) {
						SetFileTime( *(_t43 + 0x3c),  &_v12,  &_v12,  &_v12);
					}
					if( *(_t43 + 0x3c) != 0xffffffff) {
						CloseHandle( *(_t43 + 0x3c));
						 *(_t43 + 0x3c) =  *(_t43 + 0x3c) | 0xffffffff;
					}
				} else {
					_t35 = _t23 - 1;
					if(_t35 != 0) {
						_t37 = _t35 == 0;
						if(_t35 == 0) {
							_t44 = 0x80004004;
						} else {
							_t44 = 0x8007139f;
							E011938BA(_t37, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x296, 0x8007139f);
							_push("Invalid operation for this state.");
							_push(0x8007139f);
							E011CFB09();
						}
					}
				}
				 *(_t43 + 0x30) = _t44;
				_t20 = (_t44 >> 0x0000001f & 0xfffffffe) + 1; // 0x1
				return _t20;
			}









                                                            0x011b0a06
                                                            0x011b0a09
                                                            0x011b0a0b
                                                            0x011b0a0e
                                                            0x011b0a11
                                                            0x011b0a18
                                                            0x011b0a1b
                                                            0x011b0a1e
                                                            0x011b0a73
                                                            0x011b0a90
                                                            0x011b0a90
                                                            0x011b0a9a
                                                            0x011b0a9f
                                                            0x011b0aa5
                                                            0x011b0aa5
                                                            0x011b0a20
                                                            0x011b0a20
                                                            0x011b0a23
                                                            0x011b0a2a
                                                            0x011b0a2d
                                                            0x011b0a53
                                                            0x011b0a2f
                                                            0x011b0a2f
                                                            0x011b0a3f
                                                            0x011b0a44
                                                            0x011b0a49
                                                            0x011b0a4a
                                                            0x011b0a50
                                                            0x011b0a2d
                                                            0x011b0a23
                                                            0x011b0aa9
                                                            0x011b0ab3
                                                            0x011b0ab8

                                                            APIs
                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 011B0A6B
                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 011B0A7D
                                                            • SetFileTime.KERNEL32(?,?,?,?), ref: 011B0A90
                                                            • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,011B0660,?,?), ref: 011B0A9F
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 011B0A3A
                                                            • Invalid operation for this state., xrefs: 011B0A44
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Time$File$CloseDateHandleLocal
                                                            • String ID: Invalid operation for this state.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 609741386-2444813713
                                                            • Opcode ID: 13c673b05b6a0cc14ade6dd6761efc576a0ca295faa2449ee3db072a30a65728
                                                            • Instruction ID: 4b41381a924b71af2f21f5d2960999d9920d2e85d7d1d7d2bba889b516bf0fab
                                                            • Opcode Fuzzy Hash: 13c673b05b6a0cc14ade6dd6761efc576a0ca295faa2449ee3db072a30a65728
                                                            • Instruction Fuzzy Hash: 9921F37280052AAE9B18DFBDD8888EB7BBCFF486207004316F561D71C0D775E550CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A49FF Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 67fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 66%
                                                            			E011A49FF(void* __ecx, void* __eflags, void* _a4, intOrPtr _a8, intOrPtr _a12, long _a16) {
				signed short _v8;
				long _v12;
				signed short _t26;
				long _t34;
				signed short _t37;

				_t34 = 0;
				_v12 = 0;
				_v8 = 0;
				_t37 = E011A45CE(__eflags, _a8, _a12, _a16,  &_v12,  &_v8);
				if(_t37 >= 0) {
					_a16 = 0;
					__eflags = _v8;
					if(_v8 > 0) {
						while(1) {
							_t26 = WriteFile(_a4, _v12, _v8 - _t34,  &_a16, 0);
							__eflags = _t26;
							if(_t26 == 0) {
								break;
							}
							_t34 = _t34 + _a16;
							__eflags = _t34 - _v8;
							if(_t34 < _v8) {
								continue;
							} else {
							}
							goto L12;
						}
						_t37 = GetLastError();
						__eflags = _t37;
						if(__eflags > 0) {
							_t37 = _t37 & 0x0000ffff | 0x80070000;
							__eflags = _t37;
						}
						if(__eflags >= 0) {
							_t37 = 0x80004005;
						}
						E011938BA(_t27, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x2f0, _t37);
						_push("Failed to write message type to pipe.");
						goto L11;
					}
				} else {
					_push("Failed to allocate message to write.");
					L11:
					_push(_t37);
					E011CFB09();
				}
				L12:
				if(_v12 != 0) {
					E01193AA4(_v12);
				}
				return _t37;
			}








                                                            0x011a4a09
                                                            0x011a4a0f
                                                            0x011a4a16
                                                            0x011a4a24
                                                            0x011a4a28
                                                            0x011a4a31
                                                            0x011a4a34
                                                            0x011a4a37
                                                            0x011a4a39
                                                            0x011a4a4b
                                                            0x011a4a51
                                                            0x011a4a53
                                                            0x00000000
                                                            0x00000000
                                                            0x011a4a55
                                                            0x011a4a58
                                                            0x011a4a5b
                                                            0x00000000
                                                            0x00000000
                                                            0x011a4a5d
                                                            0x00000000
                                                            0x011a4a5b
                                                            0x011a4a65
                                                            0x011a4a67
                                                            0x011a4a69
                                                            0x011a4a6e
                                                            0x011a4a74
                                                            0x011a4a74
                                                            0x011a4a76
                                                            0x011a4a78
                                                            0x011a4a78
                                                            0x011a4a88
                                                            0x011a4a8d
                                                            0x00000000
                                                            0x011a4a8d
                                                            0x011a4a2a
                                                            0x011a4a2a
                                                            0x011a4a92
                                                            0x011a4a92
                                                            0x011a4a93
                                                            0x011a4a99
                                                            0x011a4a9a
                                                            0x011a4a9e
                                                            0x011a4aa3
                                                            0x011a4aa3
                                                            0x011a4aad

                                                            APIs
                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,011DA500,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,011A5322), ref: 011A4A4B
                                                            Strings
                                                            • Failed to allocate message to write., xrefs: 011A4A2A
                                                            • Failed to write message type to pipe., xrefs: 011A4A8D
                                                            • c:\agent\_work\66\s\src\burn\engine\pipe.cpp, xrefs: 011A4A83
                                                            • @Mqt, xrefs: 011A4A5F
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FileWrite
                                                            • String ID: @Mqt$Failed to allocate message to write.$Failed to write message type to pipe.$c:\agent\_work\66\s\src\burn\engine\pipe.cpp
                                                            • API String ID: 3934441357-223207841
                                                            • Opcode ID: b844b994fa493dfab1f788b9438fd66831f4abc67721bb0e8a66d92992aa149f
                                                            • Instruction ID: 47ff6c10c06e57d7c836443f69565cc17613c378c09c4821f4533ab601f8a932
                                                            • Opcode Fuzzy Hash: b844b994fa493dfab1f788b9438fd66831f4abc67721bb0e8a66d92992aa149f
                                                            • Instruction Fuzzy Hash: D0110F3AD0021ABBCB29CE95CD04ADE7EA8FF40350F050025B802B6200E7B09E40C7A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C89AF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011C89AF(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E011C8973(_t45, 7);
					E011C8973(_t45 + 0x1c, 7);
					E011C8973(_t45 + 0x38, 0xc);
					E011C8973(_t45 + 0x68, 0xc);
					E011C8973(_t45 + 0x98, 2);
					E011C5CE8( *((intOrPtr*)(_t45 + 0xa0)));
					E011C5CE8( *((intOrPtr*)(_t45 + 0xa4)));
					E011C5CE8( *((intOrPtr*)(_t45 + 0xa8)));
					E011C8973(_t45 + 0xb4, 7);
					E011C8973(_t45 + 0xd0, 7);
					E011C8973(_t45 + 0xec, 0xc);
					E011C8973(_t45 + 0x11c, 0xc);
					E011C8973(_t45 + 0x14c, 2);
					E011C5CE8( *((intOrPtr*)(_t45 + 0x154)));
					E011C5CE8( *((intOrPtr*)(_t45 + 0x158)));
					E011C5CE8( *((intOrPtr*)(_t45 + 0x15c)));
					return E011C5CE8( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                            0x011c89b5
                                                            0x011c89ba
                                                            0x011c89c3
                                                            0x011c89ce
                                                            0x011c89d9
                                                            0x011c89e4
                                                            0x011c89f2
                                                            0x011c89fd
                                                            0x011c8a08
                                                            0x011c8a13
                                                            0x011c8a21
                                                            0x011c8a2f
                                                            0x011c8a40
                                                            0x011c8a4e
                                                            0x011c8a5c
                                                            0x011c8a67
                                                            0x011c8a72
                                                            0x011c8a7d
                                                            0x00000000
                                                            0x011c8a8d
                                                            0x011c8a92

                                                            APIs
                                                              • Part of subcall function 011C8973: _free.LIBCMT ref: 011C899C
                                                            • _free.LIBCMT ref: 011C89FD
                                                              • Part of subcall function 011C5CE8: HeapFree.KERNEL32(00000000,00000000,?,011C89A1,?,00000000,?,00000000,?,011C89C8,?,00000007,?,?,011C8E2A,?), ref: 011C5CFE
                                                              • Part of subcall function 011C5CE8: GetLastError.KERNEL32(?,?,011C89A1,?,00000000,?,00000000,?,011C89C8,?,00000007,?,?,011C8E2A,?,?), ref: 011C5D10
                                                            • _free.LIBCMT ref: 011C8A08
                                                            • _free.LIBCMT ref: 011C8A13
                                                            • _free.LIBCMT ref: 011C8A67
                                                            • _free.LIBCMT ref: 011C8A72
                                                            • _free.LIBCMT ref: 011C8A7D
                                                            • _free.LIBCMT ref: 011C8A88
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 48635352fcdb93915df3ba2fc5eddb2e5b53a02fac6a758a8558f49e26154fd7
                                                            • Instruction ID: a7315546eb778fda85676b1d9aa6cefe5ab712796ea6b8c000986564e527af4e
                                                            • Opcode Fuzzy Hash: 48635352fcdb93915df3ba2fc5eddb2e5b53a02fac6a758a8558f49e26154fd7
                                                            • Instruction Fuzzy Hash: F5118E71A40B05BAD624BBB0CC85FCF77DDAF70B04F80081EA299A7050EB65B544E795
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A45CE Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 63%
                                                            			E011A45CE(void* __eflags, char _a4, signed int _a8, signed int _a12, intOrPtr* _a16, intOrPtr* _a20) {
				signed int _t18;
				intOrPtr _t32;
				intOrPtr _t37;
				void* _t38;

				_t38 = 0;
				asm("sbb eax, eax");
				_t18 =  ~_a8 & _a12;
				_a12 = _t18;
				_t4 = _t18 + 8; // 0x11da508
				_t37 = _t4;
				_t32 = E011939DF(_t37, 0);
				if(_t32 != 0) {
					E01193C78(_t32, _t37,  &_a4, 4);
					_t7 = _t37 - 4; // 0x11da504
					_t8 = _t32 + 4; // 0x4
					E01193C78(_t8, _t7,  &_a12, 4);
					if(_a12 != 0) {
						_t11 = _t37 - 8; // 0x11da500
						_t13 = _t32 + 8; // 0x8
						E01193C78(_t13, _t11, _a8, _a12);
					}
					 *_a20 = _t37;
					 *_a16 = _t32;
				} else {
					_t38 = 0x8007000e;
					E011938BA(_t19, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x2be, 0x8007000e);
					_push("Failed to allocate memory for message.");
					_push(0x8007000e);
					E011CFB09();
				}
				return _t38;
			}







                                                            0x011a45d6
                                                            0x011a45db
                                                            0x011a45dd
                                                            0x011a45e1
                                                            0x011a45e4
                                                            0x011a45e4
                                                            0x011a45ed
                                                            0x011a45f1
                                                            0x011a461f
                                                            0x011a462a
                                                            0x011a462e
                                                            0x011a4632
                                                            0x011a463d
                                                            0x011a4642
                                                            0x011a4649
                                                            0x011a464d
                                                            0x011a4652
                                                            0x011a4658
                                                            0x011a465d
                                                            0x011a45f3
                                                            0x011a45f3
                                                            0x011a4603
                                                            0x011a4608
                                                            0x011a460d
                                                            0x011a460e
                                                            0x011a4614
                                                            0x011a4665

                                                            APIs
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • _memcpy_s.LIBCMT ref: 011A461F
                                                            • _memcpy_s.LIBCMT ref: 011A4632
                                                            • _memcpy_s.LIBCMT ref: 011A464D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _memcpy_s$Heap$AllocateProcess
                                                            • String ID: Failed to allocate memory for message.$c:\agent\_work\66\s\src\burn\engine\pipe.cpp$crypt32.dll
                                                            • API String ID: 886498622-1118502555
                                                            • Opcode ID: 9c1b2e70ac796bcb538cf71a4719cf3d4608f59872d35fb662d3203b7970657d
                                                            • Instruction ID: 7ad5139bdf008d2523328fdceb7fe74beb04f4179ed460fc162a4d5a6efffc36
                                                            • Opcode Fuzzy Hash: 9c1b2e70ac796bcb538cf71a4719cf3d4608f59872d35fb662d3203b7970657d
                                                            • Instruction Fuzzy Hash: 4B119EB651030ABBDB09EEA5CC81DEBB7ACFF15604B04452BFA25DB200EB71D91087E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D002E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 62filestringCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E011D002E(void* __ecx, signed short _a4) {
				long _v8;
				signed short _t9;
				signed short _t13;
				CHAR* _t18;
				void* _t21;
				void* _t24;
				signed short _t27;

				_push(__ecx);
				_t18 = _a4;
				_t27 = 0;
				_t24 = 0;
				_v8 = _v8 & 0;
				_t9 = lstrlenA(_t18);
				_t21 =  *0x11fa774; // 0xffffffff
				_a4 = _t9;
				if(_t21 != 0xffffffff) {
					__eflags = _t9;
					if(_t9 == 0) {
						L11:
						return _t27;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = WriteFile(_t21, _t24 + _t18, _t9 - _t24,  &_v8, 0);
						__eflags = _t13;
						if(_t13 != 0) {
							goto L8;
						}
						_t27 = GetLastError();
						__eflags = _t27;
						if(__eflags > 0) {
							_t27 = _t27 & 0x0000ffff | 0x80070000;
							__eflags = _t27;
						}
						if(__eflags < 0) {
							E011938BA(_t14, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\logutil.cpp", 0x310, _t27);
							goto L11;
						}
						L8:
						_t24 = _t24 + _v8;
						_t9 = _a4;
						__eflags = _t24 - _t9;
						if(_t24 >= _t9) {
							goto L11;
						}
						_t21 =  *0x11fa774; // 0xffffffff
					}
				}
				_t27 = E0119247E(_t21, "`,o", _t18, 0);
				if(_t27 >= 0) {
					_t27 = 0;
				}
				goto L11;
			}










                                                            0x011d0031
                                                            0x011d0033
                                                            0x011d0038
                                                            0x011d003a
                                                            0x011d003c
                                                            0x011d0040
                                                            0x011d0046
                                                            0x011d004c
                                                            0x011d0052
                                                            0x011d006a
                                                            0x011d006c
                                                            0x011d00c1
                                                            0x011d00c7
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d006e
                                                            0x011d006e
                                                            0x011d007c
                                                            0x011d0082
                                                            0x011d0084
                                                            0x00000000
                                                            0x00000000
                                                            0x011d008c
                                                            0x011d008e
                                                            0x011d0090
                                                            0x011d0095
                                                            0x011d009b
                                                            0x011d009b
                                                            0x011d009d
                                                            0x011d00bc
                                                            0x00000000
                                                            0x011d00bc
                                                            0x011d009f
                                                            0x011d009f
                                                            0x011d00a2
                                                            0x011d00a5
                                                            0x011d00a7
                                                            0x00000000
                                                            0x00000000
                                                            0x011d00a9
                                                            0x011d00a9
                                                            0x011d006e
                                                            0x011d0060
                                                            0x011d0064
                                                            0x011d0066
                                                            0x011d0066
                                                            0x00000000

                                                            APIs
                                                            • lstrlenA.KERNEL32(011B1074,00000000,00000000,?,?,?,011CF8EB,011B1074,011B1074,?,00000000,0000FDE9,?,011B1074,8007139F,Invalid operation for this state.), ref: 011D0040
                                                            • WriteFile.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,?,?,011CF8EB,011B1074,011B1074,?,00000000,0000FDE9,?,011B1074,8007139F), ref: 011D007C
                                                            • GetLastError.KERNEL32(?,?,011CF8EB,011B1074,011B1074,?,00000000,0000FDE9,?,011B1074,8007139F,Invalid operation for this state.,c:\agent\_work\66\s\src\burn\engine\cabextract.cpp,000001C7,8007139F), ref: 011D0086
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastWritelstrlen
                                                            • String ID: @Mqt$`,o$c:\agent\_work\66\s\src\libs\dutil\logutil.cpp
                                                            • API String ID: 606256338-302545055
                                                            • Opcode ID: ee51c886753f032c94b11bcefd0cff4310cf48df1852bb45787ec10f1562eb65
                                                            • Instruction ID: 5442a6bb7b168302affe1a40eab281ee42bfca2062f4efcdcf3b455e20d7c38a
                                                            • Opcode Fuzzy Hash: ee51c886753f032c94b11bcefd0cff4310cf48df1852bb45787ec10f1562eb65
                                                            • Instruction Fuzzy Hash: 0711C672A01225B7D73D8A7AAC44EEF7A6DEF496E0F010324FE11E7240D7749D8086E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D34C7 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011D34C7(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				struct _SHELLEXECUTEINFOW _v64;
				void* _t35;
				intOrPtr* _t41;
				signed short _t42;
				signed short _t46;

				_v64.hwnd = _a24;
				_v64.lpVerb = _a12;
				_v64.lpFile = _a4;
				_v64.lpParameters = _a8;
				_v64.lpDirectory = _a16;
				_t42 = 0;
				_v64.nShow = _a20;
				_v64.hInstApp = 0;
				_v64.lpIDList = 0;
				_v64.lpClass = 0;
				_v64.hkeyClass = 0;
				_v64.dwHotKey = 0;
				_v64.hIcon = 0;
				_v64.hProcess = 0;
				_v64.cbSize = 0x3c;
				_v64.fMask = 0x540;
				if(ShellExecuteExW( &_v64) != 0) {
					_t41 = _a28;
					if(_t41 == 0) {
						goto L6;
					} else {
						 *_t41 = _v64.hProcess;
						_t35 = 0;
						_v64.hProcess = 0;
					}
				} else {
					_t42 = GetLastError();
					if(_t42 > 0) {
						_t42 = _t42 & 0x0000ffff | 0x80070000;
						_t46 = _t42;
					}
					if(_t46 >= 0) {
						_t42 = 0x80004005;
					}
					E011938BA(_t39, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\shelutil.cpp", 0x3a, _t42);
					L6:
					_t35 = _v64.hProcess;
				}
				if(_t35 != 0) {
					CloseHandle(_t35);
				}
				return _t42;
			}








                                                            0x011d34d0
                                                            0x011d34d6
                                                            0x011d34dc
                                                            0x011d34e2
                                                            0x011d34e8
                                                            0x011d34ef
                                                            0x011d34f1
                                                            0x011d34f7
                                                            0x011d34fb
                                                            0x011d34fe
                                                            0x011d3501
                                                            0x011d3504
                                                            0x011d3507
                                                            0x011d350a
                                                            0x011d350d
                                                            0x011d3514
                                                            0x011d3523
                                                            0x011d3565
                                                            0x011d356a
                                                            0x00000000
                                                            0x011d356c
                                                            0x011d356f
                                                            0x011d3571
                                                            0x011d3573
                                                            0x011d3573
                                                            0x011d3525
                                                            0x011d352b
                                                            0x011d352f
                                                            0x011d3534
                                                            0x011d353a
                                                            0x011d353a
                                                            0x011d353c
                                                            0x011d353e
                                                            0x011d353e
                                                            0x011d354b
                                                            0x011d3550
                                                            0x011d3550
                                                            0x011d3550
                                                            0x011d3555
                                                            0x011d3558
                                                            0x011d3558
                                                            0x011d3562

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseErrorExecuteHandleLastShell
                                                            • String ID: <$@Mqt$c:\agent\_work\66\s\src\libs\dutil\shelutil.cpp
                                                            • API String ID: 3023784893-1817072648
                                                            • Opcode ID: 84283eda680f88aed819f3e2a3061bcb0064f3024a349e94c0423feeafac23db
                                                            • Instruction ID: 64c85eb4d66bf0250a1444151da83cecfdead4e4109a6b05864fc65027a57fb4
                                                            • Opcode Fuzzy Hash: 84283eda680f88aed819f3e2a3061bcb0064f3024a349e94c0423feeafac23db
                                                            • Instruction Fuzzy Hash: AF21C8B5E11229ABDB14CFADD544ADEBBF8BF08650F50811AE925F7340D3749A00CF95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D3984 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E011D3984(void* __ecx, void* __eflags, WCHAR* _a4) {
				signed char _v8;
				signed short _t13;
				signed short _t22;
				signed short _t31;

				_v8 = _v8 | 0xffffffff;
				_t22 = 0;
				if(E011D3C72(_a4,  &_v8) != 0) {
					if((_v8 & 0x00000007) == 0 || SetFileAttributesW(_a4, 0x80) != 0) {
						L7:
						_t13 = DeleteFileW(_a4);
						__eflags = _t13;
						if(_t13 == 0) {
							_t22 = GetLastError();
							__eflags = _t22;
							if(__eflags > 0) {
								_t22 = _t22 & 0x0000ffff | 0x80070000;
								__eflags = _t22;
							}
							if(__eflags < 0) {
								_push(_t22);
								_push(0x5ca);
								goto L12;
							}
						}
					} else {
						_t22 = GetLastError();
						if(_t22 > 0) {
							_t22 = _t22 & 0x0000ffff | 0x80070000;
							_t31 = _t22;
						}
						if(_t31 >= 0) {
							goto L7;
						} else {
							_push(_t22);
							_push(0x5c4);
							L12:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp");
							E011938BA(_t14);
						}
					}
				}
				return _t22;
			}







                                                            0x011d3988
                                                            0x011d3994
                                                            0x011d399d
                                                            0x011d39a9
                                                            0x011d39da
                                                            0x011d39dd
                                                            0x011d39e3
                                                            0x011d39e5
                                                            0x011d39ed
                                                            0x011d39ef
                                                            0x011d39f1
                                                            0x011d39f6
                                                            0x011d39f8
                                                            0x011d39f8
                                                            0x011d39fa
                                                            0x011d39fc
                                                            0x011d39fd
                                                            0x00000000
                                                            0x011d39fd
                                                            0x011d39fa
                                                            0x011d39bd
                                                            0x011d39c3
                                                            0x011d39c7
                                                            0x011d39cc
                                                            0x011d39ce
                                                            0x011d39ce
                                                            0x011d39d0
                                                            0x00000000
                                                            0x011d39d2
                                                            0x011d39d2
                                                            0x011d39d3
                                                            0x011d3a02
                                                            0x011d3a02
                                                            0x011d3a07
                                                            0x011d3a07
                                                            0x011d39d0
                                                            0x011d3a0c
                                                            0x011d3a11

                                                            APIs
                                                              • Part of subcall function 011D3C72: FindFirstFileW.KERNEL32(011B8F6B,?,00000100,00000000,00000000), ref: 011D3CAD
                                                              • Part of subcall function 011D3C72: FindClose.KERNEL32(00000000), ref: 011D3CB9
                                                            • SetFileAttributesW.KERNEL32(011B8F6B,00000080,00000000,011B8F6B,000000FF,00000000,?,?,011B8F6B), ref: 011D39B3
                                                            • GetLastError.KERNEL32(?,?,011B8F6B), ref: 011D39BD
                                                            • DeleteFileW.KERNEL32(011B8F6B,00000000,011B8F6B,000000FF,00000000,?,?,011B8F6B), ref: 011D39DD
                                                            • GetLastError.KERNEL32(?,?,011B8F6B), ref: 011D39E7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 3967264933-1324176156
                                                            • Opcode ID: 8337be217a375c63e9334d2ccd25d5a22c090967e3652c8b7b4c651aa96ead28
                                                            • Instruction ID: dc8635bd1642e4eee24f4058c089da2ebe4bc3267d0de9069cfce61eebe30ad8
                                                            • Opcode Fuzzy Hash: 8337be217a375c63e9334d2ccd25d5a22c090967e3652c8b7b4c651aa96ead28
                                                            • Instruction Fuzzy Hash: A801D6B3B12636A7DB3E866D9D09B5B7E98BF00791F010221ED65FB180E320CD4086D2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C59AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 82%
                                                            			E011C59AD(void* __ecx) {
				void* __ebx;
				void* __edi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x11fa060; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E011C71F5(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E011C82DC(_t10, _t13, _t16, __eflags,  *0x11fa060, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E011C579B(_t13, _t16, 0x11fb0fc);
							E011C5CE8(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E011C5CE8();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E011C8286(0, _t11, _t15, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}













                                                            0x011c59ad
                                                            0x011c59b8
                                                            0x011c59ba
                                                            0x011c59bc
                                                            0x011c59c1
                                                            0x011c59c4
                                                            0x011c59d2
                                                            0x011c59de
                                                            0x011c59e1
                                                            0x011c59e4
                                                            0x011c59f6
                                                            0x011c59fb
                                                            0x011c59fd
                                                            0x011c5a08
                                                            0x011c5a0e
                                                            0x011c5a16
                                                            0x011c5a18
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c59ff
                                                            0x011c59ff
                                                            0x00000000
                                                            0x011c59ff
                                                            0x011c59e6
                                                            0x011c59e6
                                                            0x011c59e7
                                                            0x011c59e7
                                                            0x011c5a1a
                                                            0x011c5a1b
                                                            0x011c5a1b
                                                            0x011c59c6
                                                            0x011c59cc
                                                            0x011c59d0
                                                            0x011c5a23
                                                            0x011c5a24
                                                            0x011c5a2a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c59d0
                                                            0x011c5a31

                                                            APIs
                                                            • GetLastError.KERNEL32(?,00000100,00000000,011C372D,01193CE2,80004005,00000000,?,c:\agent\_work\66\s\src\burn\engine\cabextract.cpp,000001C7), ref: 011C59B2
                                                            • _free.LIBCMT ref: 011C59E7
                                                            • _free.LIBCMT ref: 011C5A0E
                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 011C5A1B
                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 011C5A24
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free
                                                            • String ID: @Mqt
                                                            • API String ID: 3170660625-2740872224
                                                            • Opcode ID: 085ed48170420f1b5fa9be46731d24754cbb3d28c337f2e7c10f5d405d18ea4d
                                                            • Instruction ID: e41d728766a210face9caa5e91bd52fea721ee4a9567af4ee2715345b2e2d009
                                                            • Opcode Fuzzy Hash: 085ed48170420f1b5fa9be46731d24754cbb3d28c337f2e7c10f5d405d18ea4d
                                                            • Instruction Fuzzy Hash: 9201263335270267C66EA63E7CC5E5B252FEFF2D74321012DF429A3241EF60D8418221
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D02EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 81%
                                                            			E011D02EC(void* _a4, long _a8, long* _a12) {
				long _t8;
				signed short _t10;
				signed short _t16;
				signed short _t21;

				_t16 = 0;
				_t8 = WaitForSingleObject(_a4, _a8);
				_a8 = _t8;
				if(_t8 != 0xffffffff) {
					__eflags = _t8 - 0x102;
					if(_t8 != 0x102) {
						_t10 = GetExitCodeProcess(_a4,  &_a8);
						__eflags = _t10;
						if(_t10 != 0) {
							 *_a12 = _a8;
						} else {
							_t16 = GetLastError();
							__eflags = _t16;
							if(__eflags > 0) {
								_t16 = _t16 & 0x0000ffff | 0x80070000;
								__eflags = _t16;
							}
							if(__eflags >= 0) {
								_t16 = 0x80004005;
							}
							_push(_t16);
							_push(0x12a);
							goto L6;
						}
					} else {
						_t16 = 0x80070102;
					}
				} else {
					_t16 = GetLastError();
					if(_t16 > 0) {
						_t16 = _t16 & 0x0000ffff | 0x80070000;
						_t21 = _t16;
					}
					if(_t21 >= 0) {
						_t16 = 0x80004005;
					}
					_push(_t16);
					_push(0x121);
					L6:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\procutil.cpp");
					E011938BA(_t12);
				}
				return _t16;
			}







                                                            0x011d02f3
                                                            0x011d02f8
                                                            0x011d02fe
                                                            0x011d0304
                                                            0x011d0336
                                                            0x011d033b
                                                            0x011d034b
                                                            0x011d0351
                                                            0x011d0353
                                                            0x011d0381
                                                            0x011d0355
                                                            0x011d035b
                                                            0x011d035d
                                                            0x011d035f
                                                            0x011d0364
                                                            0x011d036a
                                                            0x011d036a
                                                            0x011d036c
                                                            0x011d036e
                                                            0x011d036e
                                                            0x011d0373
                                                            0x011d0374
                                                            0x00000000
                                                            0x011d0374
                                                            0x011d033d
                                                            0x011d033d
                                                            0x011d033d
                                                            0x011d0306
                                                            0x011d030c
                                                            0x011d0310
                                                            0x011d0315
                                                            0x011d031b
                                                            0x011d031b
                                                            0x011d031d
                                                            0x011d031f
                                                            0x011d031f
                                                            0x011d0324
                                                            0x011d0325
                                                            0x011d032a
                                                            0x011d032a
                                                            0x011d032f
                                                            0x011d032f
                                                            0x011d0387

                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,01194F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?), ref: 011D02F8
                                                            • GetLastError.KERNEL32(?,01194F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 011D0306
                                                            • GetExitCodeProcess.KERNEL32 ref: 011D034B
                                                            • GetLastError.KERNEL32(?,01194F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 011D0355
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CodeExitObjectProcessSingleWait
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\procutil.cpp
                                                            • API String ID: 590199018-3090323974
                                                            • Opcode ID: ba477d3321dee498ea2d7078a0040f70ea8f3c8931b3c97251e2b0db424d34a2
                                                            • Instruction ID: b36033a44b0575a0b844df9d2b75c0836b811e5c635a8d4bb79786f13fbc8004
                                                            • Opcode Fuzzy Hash: ba477d3321dee498ea2d7078a0040f70ea8f3c8931b3c97251e2b0db424d34a2
                                                            • Instruction Fuzzy Hash: D7016537949136BBCB3D9A55980869F7A95EF08770F024225FE64AF240DB358C40C6D5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C4189 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 20%
                                                            			E011C4189(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				signed int _t10;
				struct HINSTANCE__** _t12;
				void* _t18;
				void* _t23;
				void* _t24;
				void* _t25;
				intOrPtr* _t26;
				signed int _t27;

				_t10 =  *0x11fa008; // 0x295f764a
				_v8 = _t10 ^ _t27;
				_v12 = _v12 & 0x00000000;
				_t12 =  &_v12;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
				if(_t12 != 0) {
					_push(_t25);
					_t26 = GetProcAddress(_v12, "CorExitProcess");
					if(_t26 != 0) {
						 *0x11da3e0(_a4);
						 *_t26();
					}
					_pop(_t25);
				}
				if(_v12 != 0) {
					FreeLibrary(_v12);
				}
				return E011BDD1F(_t18, _v8 ^ _t27, _t23, _t24, _t25);
			}














                                                            0x011c4190
                                                            0x011c4197
                                                            0x011c419a
                                                            0x011c419e
                                                            0x011c41a9
                                                            0x011c41b1
                                                            0x011c41b3
                                                            0x011c41c2
                                                            0x011c41c6
                                                            0x011c41cd
                                                            0x011c41d3
                                                            0x011c41d3
                                                            0x011c41d5
                                                            0x011c41d5
                                                            0x011c41da
                                                            0x011c41df
                                                            0x011c41df
                                                            0x011c41f2

                                                            APIs
                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,011C413A,00000000,?,011C40DA,00000000,011F7908,0000000C,011C4231,00000000,00000002), ref: 011C41A9
                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 011C41BC
                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,011C413A,00000000,?,011C40DA,00000000,011F7908,0000000C,011C4231,00000000,00000002), ref: 011C41DF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$Jv_)$mscoree.dll
                                                            • API String ID: 4061214504-2010258745
                                                            • Opcode ID: ea11263858a4ee00cdc36c22b385897cb46cc418432e6e63d112340ec83ac233
                                                            • Instruction ID: 7681d8d29c60ad6528a039259389f7d53ec3421ec0f7bade4506df83b186b612
                                                            • Opcode Fuzzy Hash: ea11263858a4ee00cdc36c22b385897cb46cc418432e6e63d112340ec83ac233
                                                            • Instruction Fuzzy Hash: 59F0C870A02218BBDB29AFA5E808B9EBFB5EF44751F00406CFD05A3140DB705A84CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A8B85 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 121sleepCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E011A8B85(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				char* _t39;
				char* _t41;
				signed int _t48;
				void* _t53;
				intOrPtr _t55;
				void* _t58;
				void* _t59;

				_t53 = __edx;
				_t50 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t55 = _a8;
				_t24 = E011AA279(__ecx, _t55, _a16,  &_v12);
				_t48 = _v12;
				_t58 = _t24;
				if(_t58 >= 0) {
					_push(_t48);
					E0119563D(2, (0 | _a4 != 0x00000000) + 0x2000015f, _a12);
					_t29 = 0x80004005;
					_t59 = 0;
					while(_t59 < 3) {
						if(_t59 != 0) {
							Sleep(0x7d0);
						}
						_t29 = E01193D4E(_t53, _t48, 7);
						if(_t29 != 0x80070003) {
							_t59 = _t59 + 1;
							if(_t29 < 0) {
								continue;
							}
						}
						break;
					}
					if(_t29 >= 0) {
						_t58 = E011A8951(_t50, _t55, 1,  &_v8);
						if(_t58 >= 0) {
							E01193D4E(_t53, _v8, 4);
							if(_t58 == 1) {
								_t58 = E011A8951(_t50, _t55, 0,  &_v8);
								if(_t58 >= 0) {
									E01193D4E(_t53, _v8, 4);
								} else {
									_t39 = "per-machine";
									if(_t55 == 0) {
										_t39 = "per-user";
									}
									_push(_t39);
									_push("Failed to get old %hs package cache root directory.");
									goto L14;
								}
							}
						} else {
							_t41 = "per-machine";
							if(_t55 == 0) {
								_t41 = "per-user";
							}
							_push(_t41);
							_push("Failed to get %hs package cache root directory.");
							L14:
							_push(_t58);
							E011CFB09();
						}
					} else {
						_push(_t29);
						_push(_t48);
						E0119563D(2, (0 | _a4 != 0x00000000) + 0xa0000161, _a12);
						_t58 = 0;
					}
				} else {
					_push("Failed to calculate cache path.");
					_push(_t58);
					E011CFB09();
				}
				if(_t48 != 0) {
					E01192762(_t48);
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t58;
			}














                                                            0x011a8b85
                                                            0x011a8b85
                                                            0x011a8b88
                                                            0x011a8b89
                                                            0x011a8b8a
                                                            0x011a8b91
                                                            0x011a8b98
                                                            0x011a8ba0
                                                            0x011a8ba5
                                                            0x011a8ba8
                                                            0x011a8bac
                                                            0x011a8bc5
                                                            0x011a8bd4
                                                            0x011a8bdc
                                                            0x011a8be1
                                                            0x011a8be3
                                                            0x011a8bea
                                                            0x011a8bf1
                                                            0x011a8bf1
                                                            0x011a8bfa
                                                            0x011a8c04
                                                            0x011a8c06
                                                            0x011a8c09
                                                            0x00000000
                                                            0x00000000
                                                            0x011a8c09
                                                            0x00000000
                                                            0x011a8c04
                                                            0x011a8c0d
                                                            0x011a8c3c
                                                            0x011a8c40
                                                            0x011a8c66
                                                            0x011a8c6e
                                                            0x011a8c7c
                                                            0x011a8c80
                                                            0x011a8c9d
                                                            0x011a8c82
                                                            0x011a8c82
                                                            0x011a8c89
                                                            0x011a8c8b
                                                            0x011a8c8b
                                                            0x011a8c90
                                                            0x011a8c91
                                                            0x00000000
                                                            0x011a8c91
                                                            0x011a8c80
                                                            0x011a8c42
                                                            0x011a8c42
                                                            0x011a8c49
                                                            0x011a8c4b
                                                            0x011a8c4b
                                                            0x011a8c50
                                                            0x011a8c51
                                                            0x011a8c56
                                                            0x011a8c56
                                                            0x011a8c57
                                                            0x011a8c5c
                                                            0x011a8c0f
                                                            0x011a8c0f
                                                            0x011a8c15
                                                            0x011a8c24
                                                            0x011a8c2c
                                                            0x011a8c2c
                                                            0x011a8bae
                                                            0x011a8bae
                                                            0x011a8bb3
                                                            0x011a8bb4
                                                            0x011a8bba
                                                            0x011a8ca4
                                                            0x011a8ca7
                                                            0x011a8ca7
                                                            0x011a8cb0
                                                            0x011a8cb5
                                                            0x011a8cb5
                                                            0x011a8cc0

                                                            APIs
                                                            • Sleep.KERNEL32(000007D0,00000000,00000000), ref: 011A8BF1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$per-machine$per-user
                                                            • API String ID: 3472027048-398165853
                                                            • Opcode ID: d64be98e4f27e654f25069c27833e14db54a647895b848f2d65850f92674274e
                                                            • Instruction ID: a88a5de33c8a01c334653248d94293c3b818e14569af7006e214701e996868b0
                                                            • Opcode Fuzzy Hash: d64be98e4f27e654f25069c27833e14db54a647895b848f2d65850f92674274e
                                                            • Instruction Fuzzy Hash: 0431377AE41626BBEB1EA6A48D45FFFBEADDB10A56F810014FD10FA141E734DD0046A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011922B5 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 118COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E011922B5(signed int __edx, short** _a4, char* _a8, int _a12, int _a16) {
				int _t18;
				int _t19;
				int _t20;
				int _t21;
				intOrPtr* _t27;
				signed int _t31;
				int _t33;
				char* _t35;
				short** _t36;
				int _t40;
				int _t42;
				unsigned int _t44;
				int _t46;

				_t34 = _a4;
				_t40 = __edx | 0xffffffff;
				_t18 = _a12;
				_t46 = 0;
				_t31 = _t18;
				_t42 = 0;
				if( *_a4 == 0) {
					L4:
					_t35 = _a8;
					__eflags = _t18;
					if(_t18 != 0) {
						__eflags = _t35[_t18];
						if(_t35[_t18] == 0) {
							_t31 = _t18 - 1;
						}
						L15:
						_t19 = _t31 + 1;
						__eflags = _t42 - _t19;
						if(_t42 >= _t19) {
							_t36 = _a4;
							L25:
							_t20 = _a12;
							__eflags = _t20;
							if(_t20 == 0) {
								_t20 = _t20 | 0xffffffff;
								__eflags = _t20;
							}
							_t21 = MultiByteToWideChar(_a16, _t46, _a8, _t20,  *_t36, _t42);
							__eflags = _t21;
							if(_t21 != 0) {
								__eflags = 0;
								( *_a4)[_t31] = 0;
								goto L34;
							} else {
								_t46 = GetLastError();
								__eflags = _t46;
								if(__eflags > 0) {
									_t46 = _t46 & 0x0000ffff | 0x80070000;
									__eflags = _t46;
								}
								if(__eflags >= 0) {
									_t46 = 0x80004005;
								}
								_push(_t46);
								_push(0x22f);
								L11:
								_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\strutil.cpp");
								E011938BA(_t25);
								L34:
								return _t46;
							}
						}
						_t42 = _t19;
						__eflags = _t42 - 0x7fffffff;
						if(_t42 < 0x7fffffff) {
							_t27 = _a4;
							_push(1);
							_push(_t42 + _t42);
							__eflags =  *_t27 - _t46;
							if( *_t27 == _t46) {
								_t25 = E011939DF();
							} else {
								_push( *_t27);
								_t25 = E01193B7C();
							}
							__eflags = _t25;
							if(_t25 != 0) {
								_t36 = _a4;
								 *_t36 = _t25;
								goto L25;
							} else {
								_t46 = 0x8007000e;
								_push(0x8007000e);
								_push(0x228);
								goto L11;
							}
						}
						_t46 = 0x8007000e;
						goto L34;
					}
					_t33 = MultiByteToWideChar(_a16, _t46, _t35, _t40, _t46, _t46);
					__eflags = _t33;
					if(_t33 != 0) {
						_t31 = _t33 - 1;
						goto L15;
					}
					_t46 = GetLastError();
					__eflags = _t46;
					if(__eflags > 0) {
						_t46 = _t46 & 0x0000ffff | 0x80070000;
						__eflags = _t46;
					}
					if(__eflags >= 0) {
						_t46 = 0x80004005;
					}
					_push(_t46);
					_push(0x20c);
					goto L11;
				}
				_t44 = E01193C5F( *_t34);
				_t40 = _t40 | 0xffffffff;
				if(_t44 != _t40) {
					_t42 = _t44 >> 1;
					__eflags = _t42;
					_t18 = _t31;
					goto L4;
				}
				_t46 = 0x80070057;
				goto L34;
			}
















                                                            0x011922b8
                                                            0x011922bb
                                                            0x011922be
                                                            0x011922c3
                                                            0x011922c5
                                                            0x011922c8
                                                            0x011922cc
                                                            0x011922ec
                                                            0x011922ec
                                                            0x011922ef
                                                            0x011922f1
                                                            0x0119233d
                                                            0x01192341
                                                            0x01192343
                                                            0x01192343
                                                            0x01192346
                                                            0x01192346
                                                            0x01192349
                                                            0x0119234b
                                                            0x01192394
                                                            0x01192397
                                                            0x01192397
                                                            0x0119239a
                                                            0x0119239c
                                                            0x0119239e
                                                            0x0119239e
                                                            0x0119239e
                                                            0x011923ac
                                                            0x011923b2
                                                            0x011923b4
                                                            0x011923e4
                                                            0x011923e6
                                                            0x00000000
                                                            0x011923b6
                                                            0x011923bc
                                                            0x011923be
                                                            0x011923c0
                                                            0x011923c5
                                                            0x011923cb
                                                            0x011923cb
                                                            0x011923cd
                                                            0x011923cf
                                                            0x011923cf
                                                            0x011923d4
                                                            0x011923d5
                                                            0x0119232b
                                                            0x0119232b
                                                            0x01192330
                                                            0x011923ea
                                                            0x011923f0
                                                            0x011923f0
                                                            0x011923b4
                                                            0x0119234d
                                                            0x0119234f
                                                            0x01192355
                                                            0x01192361
                                                            0x01192367
                                                            0x01192369
                                                            0x0119236a
                                                            0x0119236c
                                                            0x01192377
                                                            0x0119236e
                                                            0x0119236e
                                                            0x01192370
                                                            0x01192370
                                                            0x0119237c
                                                            0x0119237e
                                                            0x0119238d
                                                            0x01192390
                                                            0x00000000
                                                            0x01192380
                                                            0x01192380
                                                            0x01192385
                                                            0x01192386
                                                            0x00000000
                                                            0x01192386
                                                            0x0119237e
                                                            0x01192357
                                                            0x00000000
                                                            0x01192357
                                                            0x01192301
                                                            0x01192303
                                                            0x01192305
                                                            0x0119233a
                                                            0x00000000
                                                            0x0119233a
                                                            0x0119230d
                                                            0x0119230f
                                                            0x01192311
                                                            0x01192316
                                                            0x0119231c
                                                            0x0119231c
                                                            0x0119231e
                                                            0x01192320
                                                            0x01192320
                                                            0x01192325
                                                            0x01192326
                                                            0x00000000
                                                            0x01192326
                                                            0x011922d5
                                                            0x011922d7
                                                            0x011922dc
                                                            0x011922e8
                                                            0x011922e8
                                                            0x011922ea
                                                            0x00000000
                                                            0x011922ea
                                                            0x011922de
                                                            0x00000000

                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(8007139F,00000000,?,?,00000000,00000000,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011922FB
                                                            • GetLastError.KERNEL32(?,00000000,00000000,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01192307
                                                              • Part of subcall function 01193C5F: GetProcessHeap.KERNEL32(00000000,000001C7,?,011922D5,000001C7,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01193C67
                                                              • Part of subcall function 01193C5F: HeapSize.KERNEL32(00000000,?,011922D5,000001C7,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01193C6E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\strutil.cpp
                                                            • API String ID: 3662877508-178104475
                                                            • Opcode ID: 5da12f90d7d0f7acb2fd88db43546064de3938be015d9a41380aac9c450f7a91
                                                            • Instruction ID: 9d3ebba93b7418ed197a47b32e3aba1b9b1d82b229552599739279c40f6817bd
                                                            • Opcode Fuzzy Hash: 5da12f90d7d0f7acb2fd88db43546064de3938be015d9a41380aac9c450f7a91
                                                            • Instruction Fuzzy Hash: 01314A32619226FBDF2D9E69CC44A6A3B99AF09774B024224FD319B290E730CD40C7D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CCA28 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 186COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E011CCA28(void* __ebx, signed int __edx, signed int _a4, void* _a8, signed int _a12) {
				signed int _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				void* __edi;
				void* __esi;
				signed int _t62;
				intOrPtr _t66;
				signed char _t68;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t77;
				intOrPtr _t79;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				signed int _t106;
				signed int _t107;
				signed int _t109;
				intOrPtr _t111;
				signed int _t116;
				signed int _t118;
				void* _t119;
				signed int _t120;
				signed int _t121;
				void* _t122;

				_t118 = __edx;
				_t104 = __ebx;
				_t62 =  *0x11fa008; // 0x295f764a
				_v8 = _t62 ^ _t121;
				_t109 = _a12;
				_v12 = _t109;
				_t120 = _a4;
				_t119 = _a8;
				_v52 = _t119;
				if(_t109 != 0) {
					__eflags = _t119;
					if(_t119 != 0) {
						_push(__ebx);
						_t106 = _t120 >> 6;
						_t118 = (_t120 & 0x0000003f) * 0x30;
						_v32 = _t106;
						_t66 =  *((intOrPtr*)(0x11fb118 + _t106 * 4));
						_v48 = _t66;
						_v28 = _t118;
						_t107 =  *((intOrPtr*)(_t66 + _t118 + 0x29));
						__eflags = _t107 - 2;
						if(_t107 == 2) {
							L6:
							_t68 =  !_t109;
							__eflags = _t68 & 0x00000001;
							if((_t68 & 0x00000001) != 0) {
								_t66 = _v48;
								L9:
								__eflags =  *(_t66 + _t118 + 0x28) & 0x00000020;
								if(__eflags != 0) {
									E011CCCB2(_t120, 0, 0, 2);
									_t122 = _t122 + 0x10;
								}
								_t69 = E011CC5CD(_t107, _t118, __eflags, _t120);
								__eflags = _t69;
								if(_t69 == 0) {
									_t111 =  *((intOrPtr*)(0x11fb118 + _v32 * 4));
									_t71 = _v28;
									__eflags =  *(_t111 + _t71 + 0x28) & 0x00000080;
									if(( *(_t111 + _t71 + 0x28) & 0x00000080) == 0) {
										_v24 = 0;
										_v20 = 0;
										_v16 = 0;
										_t73 = WriteFile( *(_t111 + _t71 + 0x18), _t119, _v12,  &_v20, 0);
										__eflags = _t73;
										if(_t73 == 0) {
											_v24 = GetLastError();
										}
										_t120 =  &_v24;
										goto L28;
									}
									_t87 = _t107;
									__eflags = _t87;
									if(_t87 == 0) {
										_t89 = E011CC643( &_v24, _t120, _t119, _v12);
										goto L17;
									}
									_t90 = _t87 - 1;
									__eflags = _t90;
									if(_t90 == 0) {
										_t89 = E011CC810( &_v24, _t120, _t119, _v12);
										goto L17;
									}
									__eflags = _t90 != 1;
									if(_t90 != 1) {
										goto L34;
									}
									_t89 = E011CC722( &_v24, _t120, _t119, _v12);
									goto L17;
								} else {
									__eflags = _t107;
									if(_t107 == 0) {
										_t89 = E011CC3AD( &_v24, _t120, _t119, _v12);
										L17:
										L15:
										_t120 = _t89;
										L28:
										_t119 =  &_v44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t74 = _v40;
										__eflags = _t74;
										if(_t74 != 0) {
											__eflags = _t74 - _v36;
											L40:
											_pop(_t104);
											L41:
											return E011BDD1F(_t104, _v8 ^ _t121, _t118, _t119, _t120);
										}
										_t77 = _v44;
										__eflags = _t77;
										if(_t77 == 0) {
											_t119 = _v52;
											L34:
											_t116 = _v28;
											_t79 =  *((intOrPtr*)(0x11fb118 + _v32 * 4));
											__eflags =  *(_t79 + _t116 + 0x28) & 0x00000040;
											if(( *(_t79 + _t116 + 0x28) & 0x00000040) == 0) {
												L37:
												 *((intOrPtr*)(E011C3728())) = 0x1c;
												_t81 = E011C3715();
												 *_t81 =  *_t81 & 0x00000000;
												__eflags =  *_t81;
												L38:
												goto L40;
											}
											__eflags =  *_t119 - 0x1a;
											if( *_t119 != 0x1a) {
												goto L37;
											}
											goto L40;
										}
										_t120 = 5;
										__eflags = _t77 - _t120;
										if(_t77 != _t120) {
											_t81 = E011C36F2(_t77);
										} else {
											 *((intOrPtr*)(E011C3728())) = 9;
											 *(E011C3715()) = _t120;
										}
										goto L38;
									}
									__eflags = _t107 - 1 - 1;
									if(_t107 - 1 > 1) {
										goto L34;
									}
									_t89 = E011CC560( &_v24, _t119, _v12);
									goto L15;
								}
							}
							 *(E011C3715()) =  *_t97 & 0x00000000;
							 *((intOrPtr*)(E011C3728())) = 0x16;
							_t81 = E011C366C();
							goto L38;
						}
						__eflags = _t107 - 1;
						if(_t107 != 1) {
							goto L9;
						}
						goto L6;
					}
					 *(E011C3715()) =  *_t99 & _t119;
					 *((intOrPtr*)(E011C3728())) = 0x16;
					E011C366C();
					goto L41;
				}
				goto L41;
			}







































                                                            0x011cca28
                                                            0x011cca28
                                                            0x011cca30
                                                            0x011cca37
                                                            0x011cca3a
                                                            0x011cca3d
                                                            0x011cca41
                                                            0x011cca45
                                                            0x011cca48
                                                            0x011cca4d
                                                            0x011cca56
                                                            0x011cca58
                                                            0x011cca79
                                                            0x011cca7e
                                                            0x011cca84
                                                            0x011cca87
                                                            0x011cca8a
                                                            0x011cca91
                                                            0x011cca94
                                                            0x011cca97
                                                            0x011cca9b
                                                            0x011cca9e
                                                            0x011ccaa5
                                                            0x011ccaa7
                                                            0x011ccaa9
                                                            0x011ccaab
                                                            0x011ccaca
                                                            0x011ccacd
                                                            0x011ccacd
                                                            0x011ccad2
                                                            0x011ccadb
                                                            0x011ccae0
                                                            0x011ccae0
                                                            0x011ccae4
                                                            0x011ccaea
                                                            0x011ccaec
                                                            0x011ccb2a
                                                            0x011ccb31
                                                            0x011ccb34
                                                            0x011ccb39
                                                            0x011ccb88
                                                            0x011ccb8b
                                                            0x011ccb8e
                                                            0x011ccb9a
                                                            0x011ccba0
                                                            0x011ccba2
                                                            0x011ccbaa
                                                            0x011ccbaa
                                                            0x011ccbad
                                                            0x00000000
                                                            0x011ccbad
                                                            0x011ccb3e
                                                            0x011ccb3e
                                                            0x011ccb41
                                                            0x011ccb7a
                                                            0x00000000
                                                            0x011ccb7a
                                                            0x011ccb43
                                                            0x011ccb43
                                                            0x011ccb46
                                                            0x011ccb6a
                                                            0x00000000
                                                            0x011ccb6a
                                                            0x011ccb48
                                                            0x011ccb4b
                                                            0x00000000
                                                            0x00000000
                                                            0x011ccb5a
                                                            0x00000000
                                                            0x011ccaee
                                                            0x011ccaee
                                                            0x011ccaf0
                                                            0x011ccb1d
                                                            0x011ccb22
                                                            0x011ccb0d
                                                            0x011ccb0d
                                                            0x011ccbb0
                                                            0x011ccbb0
                                                            0x011ccbb3
                                                            0x011ccbb4
                                                            0x011ccbb5
                                                            0x011ccbb6
                                                            0x011ccbb9
                                                            0x011ccbbb
                                                            0x011ccc20
                                                            0x011ccc23
                                                            0x011ccc23
                                                            0x011ccc24
                                                            0x011ccc33
                                                            0x011ccc33
                                                            0x011ccbbd
                                                            0x011ccbc0
                                                            0x011ccbc2
                                                            0x011ccbe8
                                                            0x011ccbeb
                                                            0x011ccbee
                                                            0x011ccbf1
                                                            0x011ccbf8
                                                            0x011ccbfd
                                                            0x011ccc08
                                                            0x011ccc0d
                                                            0x011ccc13
                                                            0x011ccc18
                                                            0x011ccc18
                                                            0x011ccc1b
                                                            0x00000000
                                                            0x011ccc1b
                                                            0x011ccbff
                                                            0x011ccc02
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011ccc04
                                                            0x011ccbc6
                                                            0x011ccbc7
                                                            0x011ccbc9
                                                            0x011ccbe0
                                                            0x011ccbcb
                                                            0x011ccbd0
                                                            0x011ccbdb
                                                            0x011ccbdb
                                                            0x00000000
                                                            0x011ccbc9
                                                            0x011ccaf4
                                                            0x011ccaf7
                                                            0x00000000
                                                            0x00000000
                                                            0x011ccb05
                                                            0x00000000
                                                            0x011ccb0a
                                                            0x011ccaec
                                                            0x011ccab2
                                                            0x011ccaba
                                                            0x011ccac0
                                                            0x00000000
                                                            0x011ccac0
                                                            0x011ccaa0
                                                            0x011ccaa3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011ccaa3
                                                            0x011cca5f
                                                            0x011cca66
                                                            0x011cca6c
                                                            0x00000000
                                                            0x011cca71
                                                            0x00000000

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @Mqt$Jv_)
                                                            • API String ID: 0-3215632469
                                                            • Opcode ID: 4eb4fbd6f9c1c173cb5ab27f918db07cc3a65f8ef12d44e2492ee67234533652
                                                            • Instruction ID: 8aa1c27ab9adac69cb97914fc73a22a697ce17c58b345599aaabfd25cfb130cf
                                                            • Opcode Fuzzy Hash: 4eb4fbd6f9c1c173cb5ab27f918db07cc3a65f8ef12d44e2492ee67234533652
                                                            • Instruction Fuzzy Hash: 4F51E0B190020AABDB1DDFE8D844FAE7BB8EF35B64F04405DE418A7291D7319E41CBA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D0AB4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 147registrystringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E011D0AB4(void* _a4, short* _a8, signed int* _a12, signed int* _a16) {
				int* _v8;
				int _v12;
				int _v16;
				long _t46;
				int* _t50;
				int* _t60;
				signed int _t68;
				signed int _t69;
				unsigned int _t71;
				long _t72;
				signed int _t75;
				signed int _t76;
				unsigned int _t77;
				WCHAR* _t78;
				long _t81;
				long _t87;

				_v16 = 0;
				_t68 = 0;
				_v12 = 0;
				_t77 = 0;
				_v8 = 0;
				_t46 = RegQueryValueExW(_a4, _a8, 0,  &_v16, 0,  &_v12);
				_t71 = _v12;
				if(_t71 == 0) {
					L3:
					_t75 = _t46 & 0x0000ffff | 0x80070000;
					_a8 = _t46;
					if(_t46 > 0) {
						_a8 = _t75;
					}
					_t81 = 0x80070002;
					if(_a8 != 0x80070002) {
						_t87 = _t46;
						if(_t87 == 0) {
							_t72 = _t71 >> 1;
							__eflags = _t72 - _t77;
							if(_t72 == _t77) {
								__eflags = _v16 - 7;
								if(_v16 == 7) {
									__eflags = _t77 - 2;
									if(_t77 >= 2) {
										_t50 = _v8;
										_t76 = 0;
										__eflags = 0 -  *((intOrPtr*)(_t50 + _t77 * 2 - 2));
										if(0 !=  *((intOrPtr*)(_t50 + _t77 * 2 - 2))) {
											L30:
											_t81 = 0x80070057;
										} else {
											__eflags = 0 -  *((intOrPtr*)(_t50 + _t77 * 2 - 4));
											if(0 !=  *((intOrPtr*)(_t50 + _t77 * 2 - 4))) {
												goto L30;
											} else {
												__eflags = _t72;
												if(__eflags != 0) {
													do {
														_t60 = _v8;
														__eflags = 0 -  *((intOrPtr*)(_t60 + _t76 * 2));
														if(0 ==  *((intOrPtr*)(_t60 + _t76 * 2))) {
															_t68 = _t68 + 1;
															__eflags = _t68;
														}
														_t76 = _t76 + 1;
														__eflags = _t76 - _t72;
													} while (__eflags < 0);
												}
												_t33 = _t68 - 1; // -1
												 *_a16 = _t33;
												_t81 = E01193A01(_a16, __eflags, _a12, _t33, 4, 0);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t69 = 0;
													_t78 = _v8;
													__eflags =  *_a16;
													if( *_a16 > 0) {
														while(1) {
															_t81 = E0119229E( *_a12 + _t69 * 4, _t78, 0);
															__eflags = _t81;
															if(_t81 < 0) {
																goto L31;
															}
															_t78 =  &(( &(_t78[lstrlenW(_t78)]))[1]);
															_t69 = _t69 + 1;
															__eflags = _t69 -  *_a16;
															if(_t69 <  *_a16) {
																continue;
															} else {
															}
															goto L31;
														}
													}
												}
											}
										}
									} else {
										 *_a12 =  *_a12 & _t68;
										 *_a16 =  *_a16 & _t68;
										_t81 = 0;
									}
								} else {
									_t81 = 0x8007070c;
									_push(0x8007070c);
									_push(0x225);
									goto L12;
								}
							} else {
								_t81 = 0x8000ffff;
							}
						} else {
							_t81 = _t46;
							if(_t87 > 0) {
								_t81 = _t75;
							}
							if(_t81 >= 0) {
								_t81 = 0x80004005;
							}
							_push(_t81);
							_push(0x21a);
							L12:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
							E011938BA(_t46);
						}
					}
				} else {
					_t77 = _t71 >> 1;
					_t81 = E01191FE0( &_v8, _t77);
					if(_t81 >= 0) {
						_t46 = RegQueryValueExW(_a4, _a8, 0,  &_v16, _v8,  &_v12);
						_t71 = _v12;
						goto L3;
					}
				}
				L31:
				_t47 = _v8;
				if(_v8 != 0) {
					E01192762(_t47);
				}
				return _t81;
			}



















                                                            0x011d0ac7
                                                            0x011d0acf
                                                            0x011d0ad1
                                                            0x011d0ad7
                                                            0x011d0ad9
                                                            0x011d0adc
                                                            0x011d0ae2
                                                            0x011d0ae7
                                                            0x011d0b1c
                                                            0x011d0b1f
                                                            0x011d0b25
                                                            0x011d0b2a
                                                            0x011d0b2c
                                                            0x011d0b2c
                                                            0x011d0b2f
                                                            0x011d0b37
                                                            0x011d0b3d
                                                            0x011d0b3f
                                                            0x011d0b65
                                                            0x011d0b67
                                                            0x011d0b69
                                                            0x011d0b75
                                                            0x011d0b79
                                                            0x011d0b88
                                                            0x011d0b8b
                                                            0x011d0b9e
                                                            0x011d0ba1
                                                            0x011d0ba3
                                                            0x011d0ba8
                                                            0x011d0c1b
                                                            0x011d0c1b
                                                            0x011d0baa
                                                            0x011d0baa
                                                            0x011d0baf
                                                            0x00000000
                                                            0x011d0bb1
                                                            0x011d0bb1
                                                            0x011d0bb3
                                                            0x011d0bb5
                                                            0x011d0bb5
                                                            0x011d0bba
                                                            0x011d0bbe
                                                            0x011d0bc0
                                                            0x011d0bc0
                                                            0x011d0bc0
                                                            0x011d0bc1
                                                            0x011d0bc2
                                                            0x011d0bc2
                                                            0x011d0bb5
                                                            0x011d0bc9
                                                            0x011d0bd4
                                                            0x011d0bdb
                                                            0x011d0bdd
                                                            0x011d0bdf
                                                            0x011d0be4
                                                            0x011d0be6
                                                            0x011d0be9
                                                            0x011d0beb
                                                            0x011d0bed
                                                            0x011d0bfe
                                                            0x011d0c00
                                                            0x011d0c02
                                                            0x00000000
                                                            0x00000000
                                                            0x011d0c11
                                                            0x011d0c14
                                                            0x011d0c15
                                                            0x011d0c17
                                                            0x00000000
                                                            0x00000000
                                                            0x011d0c19
                                                            0x00000000
                                                            0x011d0c17
                                                            0x011d0bed
                                                            0x011d0beb
                                                            0x011d0bdf
                                                            0x011d0baf
                                                            0x011d0b8d
                                                            0x011d0b90
                                                            0x011d0b95
                                                            0x011d0b97
                                                            0x011d0b97
                                                            0x011d0b7b
                                                            0x011d0b7b
                                                            0x011d0b80
                                                            0x011d0b81
                                                            0x00000000
                                                            0x011d0b81
                                                            0x011d0b6b
                                                            0x011d0b6b
                                                            0x011d0b6b
                                                            0x011d0b41
                                                            0x011d0b41
                                                            0x011d0b43
                                                            0x011d0b45
                                                            0x011d0b45
                                                            0x011d0b49
                                                            0x011d0b4b
                                                            0x011d0b4b
                                                            0x011d0b50
                                                            0x011d0b51
                                                            0x011d0b56
                                                            0x011d0b56
                                                            0x011d0b5b
                                                            0x011d0b5b
                                                            0x011d0b3f
                                                            0x011d0ae9
                                                            0x011d0aee
                                                            0x011d0af7
                                                            0x011d0afb
                                                            0x011d0b13
                                                            0x011d0b19
                                                            0x00000000
                                                            0x011d0b19
                                                            0x011d0afb
                                                            0x011d0c20
                                                            0x011d0c20
                                                            0x011d0c25
                                                            0x011d0c28
                                                            0x011d0c28
                                                            0x011d0c33

                                                            APIs
                                                            • RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 011D0ADC
                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,011A6FDF,00000100,000000B0,00000088,00000410,000002C0), ref: 011D0B13
                                                            • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 011D0C05
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 011D0B56
                                                            • BundleUpgradeCode, xrefs: 011D0ABB
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$lstrlen
                                                            • String ID: BundleUpgradeCode$c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 3790715954-1890108899
                                                            • Opcode ID: 33d85f3e18f542aa91368b4fbdc706b1f19d3f94663ade8a3540dad8cf1deb62
                                                            • Instruction ID: 0d80c89604d844e919c70035f2ff58b8ef5a4ad8f522e661e3a6c8337e90e0bf
                                                            • Opcode Fuzzy Hash: 33d85f3e18f542aa91368b4fbdc706b1f19d3f94663ade8a3540dad8cf1deb62
                                                            • Instruction Fuzzy Hash: D941B735A0421AEFDF29DF68C884AAEBBB9EF08714F1541A9F915AB200D730DD00CB95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C8AD8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E011C8AD8(void* __edx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t54;
				int _t56;
				signed int _t62;
				int _t65;
				short* _t66;
				signed int _t67;
				short* _t68;

				_t64 = __edx;
				_t34 =  *0x11fa008; // 0x295f764a
				_v8 = _t34 ^ _t67;
				E011C12A9(_t54,  &_v28, __edx, _a4);
				_t56 = _a24;
				if(_t56 == 0) {
					_t6 = _v24 + 8; // 0xbce85006
					_t53 =  *_t6;
					_t56 = _t53;
					_a24 = _t53;
				}
				_t65 = 0;
				_t40 = MultiByteToWideChar(_t56, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E011BDD1F(_t54, _v8 ^ _t67, _t64, _t65, _t66);
				}
				_t54 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t54 + 0x00000008 & _t40) == 0) {
					_t66 = 0;
					L11:
					if(_t66 != 0) {
						E011BF600(_t65, _t66, _t65, _t54);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t66, _v12);
						if(_t46 != 0) {
							_t65 = GetStringTypeW(_a8, _t66, _t46, _a20);
						}
					}
					L14:
					E011C8BF5(_t66);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t54 + 0x00000008;
				_t62 = _t54 + 8;
				if((_t40 & _t54 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t66 = E011C5D22(_t62, _t48 & _t62);
					if(_t66 == 0) {
						goto L14;
					}
					 *_t66 = 0xdddd;
					L9:
					_t66 =  &(_t66[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E011D9650();
				_t66 = _t68;
				if(_t66 == 0) {
					goto L14;
				}
				 *_t66 = 0xcccc;
				goto L9;
			}























                                                            0x011c8ad8
                                                            0x011c8ae0
                                                            0x011c8ae7
                                                            0x011c8af3
                                                            0x011c8af8
                                                            0x011c8afd
                                                            0x011c8b02
                                                            0x011c8b02
                                                            0x011c8b05
                                                            0x011c8b07
                                                            0x011c8b07
                                                            0x011c8b0c
                                                            0x011c8b25
                                                            0x011c8b2b
                                                            0x011c8b30
                                                            0x011c8bcf
                                                            0x011c8bd3
                                                            0x011c8bd8
                                                            0x011c8bd8
                                                            0x011c8bf4
                                                            0x011c8bf4
                                                            0x011c8b36
                                                            0x011c8b3e
                                                            0x011c8b42
                                                            0x011c8b8e
                                                            0x011c8b90
                                                            0x011c8b92
                                                            0x011c8b97
                                                            0x011c8bae
                                                            0x011c8bb6
                                                            0x011c8bc6
                                                            0x011c8bc6
                                                            0x011c8bb6
                                                            0x011c8bc8
                                                            0x011c8bc9
                                                            0x00000000
                                                            0x011c8bce
                                                            0x011c8b49
                                                            0x011c8b4b
                                                            0x011c8b4d
                                                            0x011c8b55
                                                            0x011c8b72
                                                            0x011c8b7c
                                                            0x011c8b81
                                                            0x00000000
                                                            0x00000000
                                                            0x011c8b83
                                                            0x011c8b89
                                                            0x011c8b89
                                                            0x00000000
                                                            0x011c8b89
                                                            0x011c8b59
                                                            0x011c8b5d
                                                            0x011c8b62
                                                            0x011c8b66
                                                            0x00000000
                                                            0x00000000
                                                            0x011c8b68
                                                            0x00000000

                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(?,00000000,BCE85006,011C1C3F,00000000,00000000,011C2C74,?,011C2C74,?,00000001,011C1C3F,BCE85006,00000001,011C2C74,011C2C74), ref: 011C8B25
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 011C8BAE
                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 011C8BC0
                                                            • __freea.LIBCMT ref: 011C8BC9
                                                              • Part of subcall function 011C5D22: RtlAllocateHeap.NTDLL(00000000,?,?,?,011C1782,?,0000015D,?,?,?,?,011C2BDB,000000FF,00000000,?,?), ref: 011C5D54
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                            • String ID: Jv_)
                                                            • API String ID: 2652629310-4194347600
                                                            • Opcode ID: 9d85cb2300d7267e09a05028248a508150c865df5a42a3a261a9608a1a0f1326
                                                            • Instruction ID: ba9ea92b7f7a1da2146e67a31646d061c46a166c1de13892e70f0bd759d9bbc1
                                                            • Opcode Fuzzy Hash: 9d85cb2300d7267e09a05028248a508150c865df5a42a3a261a9608a1a0f1326
                                                            • Instruction Fuzzy Hash: 6D31E3B2A0021AABDF29DF78DC84EAE7BA5EF60B14B05016CEC14D7140E735DC91CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CC810 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 92%
                                                            			E011CC810(intOrPtr* _a4, signed int _a8, signed short* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v12;
				short _v1716;
				char _v5132;
				intOrPtr _v5136;
				long _v5140;
				void* _v5144;
				int _v5148;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				intOrPtr _t38;
				signed int* _t41;
				int _t45;
				int _t54;
				void* _t55;
				signed short* _t59;
				signed int _t65;
				signed int _t67;
				signed short* _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t73;
				intOrPtr _t74;
				signed int _t75;

				E011D9760();
				_t31 =  *0x11fa008; // 0x295f764a
				_v8 = _t31 ^ _t75;
				_t54 = 0;
				_t72 = _a4;
				_t59 = _a12;
				_t69 = _t59;
				_v5144 =  *((intOrPtr*)( *((intOrPtr*)(0x11fb118 + (_a8 >> 6) * 4)) + 0x18 + (_a8 & 0x0000003f) * 0x30));
				_t38 = _a16 + _t59;
				 *_t72 = 0;
				 *((intOrPtr*)(_t72 + 4)) = 0;
				_v5136 = _t38;
				 *((intOrPtr*)(_t72 + 8)) = 0;
				if(_t59 < _t38) {
					while(1) {
						L1:
						_t74 = _v5136;
						_t41 =  &_v1716;
						while(_t69 < _t74) {
							_t65 =  *_t69 & 0x0000ffff;
							_t69 =  &(_t69[1]);
							if(_t65 == 0xa) {
								_t67 = 0xd;
								 *_t41 = _t67;
								_t41 =  &(_t41[0]);
							}
							 *_t41 = _t65;
							_t41 =  &(_t41[0]);
							if(_t41 <  &_v12) {
								continue;
							}
							break;
						}
						_t45 = WideCharToMultiByte(0xfde9, _t54,  &_v1716, _t41 -  &_v1716 >> 1,  &_v5132, 0xd55, _t54, _t54);
						_t72 = _a4;
						_v5148 = _t45;
						if(_t45 == 0) {
							L11:
							 *_t72 = GetLastError();
						} else {
							while(WriteFile(_v5144,  &(( &_v5132)[_t54]), _t45 - _t54,  &_v5140, 0) != 0) {
								_t54 = _t54 + _v5140;
								_t45 = _v5148;
								if(_t54 < _t45) {
									continue;
								} else {
									 *((intOrPtr*)(_t72 + 4)) = _t69 - _a12;
									if(_t69 < _v5136) {
										_t54 = 0;
										goto L1;
									}
								}
								goto L12;
							}
							goto L11;
						}
						goto L12;
					}
				}
				L12:
				_pop(_t70);
				_pop(_t73);
				_pop(_t55);
				return E011BDD1F(_t55, _v8 ^ _t75, _t67, _t70, _t73);
			}





























                                                            0x011cc81a
                                                            0x011cc81f
                                                            0x011cc826
                                                            0x011cc840
                                                            0x011cc842
                                                            0x011cc84a
                                                            0x011cc84d
                                                            0x011cc84f
                                                            0x011cc858
                                                            0x011cc85a
                                                            0x011cc85c
                                                            0x011cc85f
                                                            0x011cc865
                                                            0x011cc86a
                                                            0x011cc870
                                                            0x011cc870
                                                            0x011cc870
                                                            0x011cc876
                                                            0x011cc87c
                                                            0x011cc880
                                                            0x011cc883
                                                            0x011cc889
                                                            0x011cc88d
                                                            0x011cc88e
                                                            0x011cc891
                                                            0x011cc891
                                                            0x011cc894
                                                            0x011cc897
                                                            0x011cc89f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011cc89f
                                                            0x011cc8c3
                                                            0x011cc8c9
                                                            0x011cc8cc
                                                            0x011cc8d4
                                                            0x011cc922
                                                            0x011cc928
                                                            0x011cc8d6
                                                            0x011cc8d6
                                                            0x011cc8fb
                                                            0x011cc901
                                                            0x011cc909
                                                            0x00000000
                                                            0x011cc90b
                                                            0x011cc910
                                                            0x011cc919
                                                            0x011cc91b
                                                            0x00000000
                                                            0x011cc91b
                                                            0x011cc919
                                                            0x00000000
                                                            0x011cc909
                                                            0x00000000
                                                            0x011cc8d6
                                                            0x00000000
                                                            0x011cc8d4
                                                            0x011cc870
                                                            0x011cc92a
                                                            0x011cc92f
                                                            0x011cc930
                                                            0x011cc933
                                                            0x011cc93c

                                                            APIs
                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000,00000000,00000000,?,?,011CCB6F,00000000,00000000,00000000), ref: 011CC8C3
                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,011CCB6F,00000000,00000000,00000000,00000000,00000000,011C2718,00000000,011C2718,011F7BB8), ref: 011CC8F1
                                                            • GetLastError.KERNEL32(?,011CCB6F,00000000,00000000,00000000,00000000,00000000,011C2718,00000000,011C2718,011F7BB8,00000010,011CB677,006B8EB0,011F7B30,00000010), ref: 011CC922
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ByteCharErrorFileLastMultiWideWrite
                                                            • String ID: @Mqt$Jv_)
                                                            • API String ID: 2456169464-3215632469
                                                            • Opcode ID: 82262d0896fdd3bad65050a0c4929a4698ea2e679c0cf51e4d9c777d8de9cb2c
                                                            • Instruction ID: a3b8d4a4cf7591e996f609f75cef325125651269ef72b1c839f5df66d2d4f435
                                                            • Opcode Fuzzy Hash: 82262d0896fdd3bad65050a0c4929a4698ea2e679c0cf51e4d9c777d8de9cb2c
                                                            • Instruction Fuzzy Hash: F5315375A002199FDB28CF69DC91AEAB7B9EF58714F0444BDE50AD7250E730AD84CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D3B71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011D3B71(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				void* _t34;
				void* _t37;
				signed short* _t39;
				signed int _t42;
				void* _t44;
				void* _t45;
				signed int _t49;
				void* _t50;

				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_t50 = E011D3C72(_a4, _a8);
				if(_t50 == 0) {
					L21:
					if(_v12 != 0) {
						E0119272F(_v12, _v8);
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _t50;
				}
				_t34 = E011D0823(0x80000002, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager", 1,  &_v16);
				if(_t34 == 0x80070002 || _t34 < 0) {
					L20:
					goto L21;
				} else {
					_t37 = E011D0AB4(_v16, L"PendingFileRenameOperations",  &_v12,  &_v8);
					if(_t37 != 0x80070002 && _t37 >= 0) {
						_t49 = 0;
						if(_v8 <= 0) {
							goto L20;
						}
						_a8 = 0x5c;
						_t45 = 0x3f;
						do {
							_t39 =  *(_v12 + _t49 * 4);
							if(_t39 == 0) {
								goto L17;
							}
							_t42 =  *_t39 & 0x0000ffff;
							if(_t42 == 0) {
								goto L17;
							}
							if(_a8 == _t42 && _t45 == _t39[1] && _t45 == _t39[2]) {
								_t44 = 0x5c;
								if(_t44 == _t39[3]) {
									_t39 =  &(_t39[4]);
								}
							}
							if(E01192DE3( &_v20, _a4, _t39,  &_v20) < 0) {
								goto L20;
							} else {
								if(_v20 == 2) {
									_t50 = 0;
									goto L20;
								}
								_t45 = 0x3f;
							}
							L17:
							_t49 = _t49 + 2;
						} while (_t49 < _v8);
					}
					goto L20;
				}
			}















                                                            0x011d3b81
                                                            0x011d3b84
                                                            0x011d3b87
                                                            0x011d3b8a
                                                            0x011d3b92
                                                            0x011d3b96
                                                            0x011d3c4c
                                                            0x011d3c4f
                                                            0x011d3c57
                                                            0x011d3c57
                                                            0x011d3c5f
                                                            0x011d3c64
                                                            0x011d3c64
                                                            0x011d3c6f
                                                            0x011d3c6f
                                                            0x011d3bad
                                                            0x011d3bb9
                                                            0x011d3c4b
                                                            0x00000000
                                                            0x011d3bc7
                                                            0x011d3bd7
                                                            0x011d3bde
                                                            0x011d3be4
                                                            0x011d3be9
                                                            0x00000000
                                                            0x00000000
                                                            0x011d3bed
                                                            0x011d3bf4
                                                            0x011d3bf5
                                                            0x011d3bf8
                                                            0x011d3bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x011d3bff
                                                            0x011d3c05
                                                            0x00000000
                                                            0x00000000
                                                            0x011d3c0b
                                                            0x011d3c1b
                                                            0x011d3c20
                                                            0x011d3c22
                                                            0x011d3c22
                                                            0x011d3c20
                                                            0x011d3c34
                                                            0x00000000
                                                            0x011d3c36
                                                            0x011d3c3a
                                                            0x011d3c49
                                                            0x00000000
                                                            0x011d3c49
                                                            0x011d3c3e
                                                            0x011d3c3e
                                                            0x011d3c3f
                                                            0x011d3c3f
                                                            0x011d3c42
                                                            0x011d3c47
                                                            0x00000000
                                                            0x011d3bde

                                                            APIs
                                                              • Part of subcall function 011D3C72: FindFirstFileW.KERNEL32(011B8F6B,?,00000100,00000000,00000000), ref: 011D3CAD
                                                              • Part of subcall function 011D3C72: FindClose.KERNEL32(00000000), ref: 011D3CB9
                                                            • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 011D3C64
                                                              • Part of subcall function 011D0823: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,011FAA7C,00000000,?,011D4FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 011D0837
                                                              • Part of subcall function 011D0AB4: RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 011D0ADC
                                                              • Part of subcall function 011D0AB4: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,011A6FDF,00000100,000000B0,00000088,00000410,000002C0), ref: 011D0B13
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseFindQueryValue$FileFirstOpen
                                                            • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                            • API String ID: 3397690329-3978359083
                                                            • Opcode ID: 37efab83edbde4b918a9f3ad6cc8202d75c0b8e3ab9cc5dbdb7a91b985e1317f
                                                            • Instruction ID: 251091375a8775b8885bb7ae15ac5889a3c27ed3819a88644835d12f190ad487
                                                            • Opcode Fuzzy Hash: 37efab83edbde4b918a9f3ad6cc8202d75c0b8e3ab9cc5dbdb7a91b985e1317f
                                                            • Instruction Fuzzy Hash: FC31D4B1D10209FADF29AF9ACC809AEBBB5FF10B54F14806BE625A6151D371A640CB52
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119EFB7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 76%
                                                            			E0119EFB7(void* __ecx, intOrPtr _a4) {
				void* _v8;
				short* _v12;
				char _v16;
				signed int _v20;
				void* _t26;
				int _t37;
				intOrPtr _t42;
				intOrPtr _t46;
				void* _t47;

				_t43 = __ecx;
				_t42 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 1;
				_t26 = E0119E895(__ecx, _t42,  &_v16);
				_t46 = _v16;
				_t47 = _t26;
				if(_t47 >= 0) {
					if(E011D0823( *((intOrPtr*)(_t42 + 0x4c)), _t46, 1,  &_v8) < 0) {
						L7:
						_t47 = 0;
						if(_v20 != 0) {
							_t47 = E011D0517(_t43,  *((intOrPtr*)(_t42 + 0x4c)), _t46, 0, 0);
							if(_t47 != 0x80070002 && _t47 < 0) {
								E011CFB09(_t47, "Failed to remove update registration key: %ls", _t46);
							}
						}
						goto L11;
					}
					if(E011D095E(_v8, L"PackageVersion",  &_v12) >= 0) {
						_t37 = CompareStringW(0x7f, 0, _v12, 0xffffffff,  *(_t42 + 0x64), 0xffffffff);
						asm("sbb eax, eax");
						_v20 = 1 &  !( ~(_t37 - 2));
					}
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = _v8 & 0x00000000;
					}
					goto L7;
				} else {
					_push("Failed to format key for update registration.");
					_push(_t47);
					E011CFB09();
					L11:
					if(_v12 != 0) {
						E01192762(_v12);
					}
					if(_t46 != 0) {
						E01192762(_t46);
					}
					return _t47;
				}
			}












                                                            0x0119efb7
                                                            0x0119efc0
                                                            0x0119efc3
                                                            0x0119efc6
                                                            0x0119efc9
                                                            0x0119efcf
                                                            0x0119efd7
                                                            0x0119efdc
                                                            0x0119efdf
                                                            0x0119efe3
                                                            0x0119f00a
                                                            0x0119f056
                                                            0x0119f056
                                                            0x0119f05b
                                                            0x0119f068
                                                            0x0119f070
                                                            0x0119f07d
                                                            0x0119f082
                                                            0x0119f070
                                                            0x00000000
                                                            0x0119f05b
                                                            0x0119f01f
                                                            0x0119f02f
                                                            0x0119f03a
                                                            0x0119f040
                                                            0x0119f040
                                                            0x0119f047
                                                            0x0119f04c
                                                            0x0119f052
                                                            0x0119f052
                                                            0x00000000
                                                            0x0119efe5
                                                            0x0119efe5
                                                            0x0119efea
                                                            0x0119efeb
                                                            0x0119f085
                                                            0x0119f089
                                                            0x0119f08e
                                                            0x0119f08e
                                                            0x0119f095
                                                            0x0119f098
                                                            0x0119f098
                                                            0x0119f0a3
                                                            0x0119f0a3

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,00000001,PackageVersion,00000001,?,011A05EB,00000001,00000001,00000001,011A05EB,00000000), ref: 0119F02F
                                                            • RegCloseKey.ADVAPI32(00000000,00000001,PackageVersion,00000001,?,011A05EB,00000001,00000001,00000001,011A05EB,00000000,00000001,00000000,?,011A05EB,00000001), ref: 0119F04C
                                                            Strings
                                                            • Failed to format key for update registration., xrefs: 0119EFE5
                                                            • PackageVersion, xrefs: 0119F010
                                                            • Failed to remove update registration key: %ls, xrefs: 0119F077
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseCompareString
                                                            • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
                                                            • API String ID: 446873843-3222553582
                                                            • Opcode ID: 047b859e2d3db3d8ff5e9c7d799dadd26ac101dc714907bb4a9ecf5e151dc4d2
                                                            • Instruction ID: 90f6ef53191c5f8bb15dbbbded81c7a42b1f1f46e18b0f5edc3fc9d317757174
                                                            • Opcode Fuzzy Hash: 047b859e2d3db3d8ff5e9c7d799dadd26ac101dc714907bb4a9ecf5e151dc4d2
                                                            • Instruction Fuzzy Hash: 9121D231D01227BADF2AABA9CC09FAEBEBDDF14764F144265E920F2140E7318A41C691
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119EECF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 65%
                                                            			E0119EECF(intOrPtr _a4, void* _a8) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr* _v20;
				char _t28;
				intOrPtr* _t43;
				char _t49;
				char _t50;

				_t43 = _a8;
				_t50 = 0;
				_v16 = 0;
				_t49 = 0;
				_v8 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(_t43 + 4)) <= 0) {
					L17:
					return _t50;
				}
				_t28 = 0;
				_a8 = 0;
				while(1) {
					_t45 =  *_t43 + _t28;
					_v20 =  *_t43 + _t28;
					_t50 = E01197303(_a4,  *((intOrPtr*)(_t45 + 8)),  &_v16, 0);
					if(_t50 < 0) {
						break;
					}
					_t50 = E01192E55(_t45, _v16, L"swidtag",  &_v8);
					if(_t50 < 0) {
						_push("Failed to allocate regid folder path.");
						L10:
						_push(_t50);
						E011CFB09();
						L11:
						if(_v12 != 0) {
							E01192762(_v12);
						}
						if(_v8 != 0) {
							E01192762(_v8);
						}
						if(_v16 != 0) {
							E01192762(_v16);
						}
						goto L17;
					}
					_t50 = E01192E55(_t45, _v8,  *_v20,  &_v12);
					_t54 = _t50;
					if(_t50 < 0) {
						_push("Failed to allocate regid file path.");
						goto L10;
					}
					E011D3984(_t45, _t54, _v12);
					_push(0);
					E01193CF7(_t45, _v8);
					_t49 = _t49 + 1;
					_t28 = _a8 + 0x10;
					_push(0);
					_a8 = _t28;
					_pop(0);
					if(_t49 <  *((intOrPtr*)(_t43 + 4))) {
						continue;
					}
					goto L11;
				}
				_push("Failed to format tag folder path.");
				goto L10;
			}











                                                            0x0119eed6
                                                            0x0119eedd
                                                            0x0119eedf
                                                            0x0119eee2
                                                            0x0119eee4
                                                            0x0119eee7
                                                            0x0119eeed
                                                            0x0119efaf
                                                            0x0119efb4
                                                            0x0119efb4
                                                            0x0119eef3
                                                            0x0119eef5
                                                            0x0119eef8
                                                            0x0119eefa
                                                            0x0119ef01
                                                            0x0119ef0f
                                                            0x0119ef13
                                                            0x00000000
                                                            0x00000000
                                                            0x0119ef26
                                                            0x0119ef2a
                                                            0x0119ef70
                                                            0x0119ef7c
                                                            0x0119ef7c
                                                            0x0119ef7d
                                                            0x0119ef84
                                                            0x0119ef88
                                                            0x0119ef8d
                                                            0x0119ef8d
                                                            0x0119ef96
                                                            0x0119ef9b
                                                            0x0119ef9b
                                                            0x0119efa4
                                                            0x0119efa9
                                                            0x0119efa9
                                                            0x00000000
                                                            0x0119efa4
                                                            0x0119ef3d
                                                            0x0119ef3f
                                                            0x0119ef41
                                                            0x0119ef69
                                                            0x00000000
                                                            0x0119ef69
                                                            0x0119ef46
                                                            0x0119ef4b
                                                            0x0119ef50
                                                            0x0119ef58
                                                            0x0119ef59
                                                            0x0119ef5c
                                                            0x0119ef5e
                                                            0x0119ef61
                                                            0x0119ef65
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119ef67
                                                            0x0119ef77
                                                            0x00000000

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 0119EF0A
                                                              • Part of subcall function 011D3984: SetFileAttributesW.KERNEL32(011B8F6B,00000080,00000000,011B8F6B,000000FF,00000000,?,?,011B8F6B), ref: 011D39B3
                                                              • Part of subcall function 011D3984: GetLastError.KERNEL32(?,?,011B8F6B), ref: 011D39BD
                                                              • Part of subcall function 01193CF7: RemoveDirectoryW.KERNEL32(00000001,00000000,00000000,00000000,?,?,0119EF55,00000001,00000000,00000095,00000001,011A05FA,00000095,00000000,swidtag,00000001), ref: 01193D14
                                                            Strings
                                                            • Failed to format tag folder path., xrefs: 0119EF77
                                                            • Failed to allocate regid folder path., xrefs: 0119EF70
                                                            • swidtag, xrefs: 0119EF19
                                                            • Failed to allocate regid file path., xrefs: 0119EF69
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesDirectoryErrorFileLastOpen@16Remove
                                                            • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to format tag folder path.$swidtag
                                                            • API String ID: 1428973842-4170906717
                                                            • Opcode ID: 80c572778247786c4f56d661f64f91e10393778f7a237d085cefdce9e07298bb
                                                            • Instruction ID: c520c894a76d049829e55c2bd536e29b0cb2b616297efba6204866c9bc9b4269
                                                            • Opcode Fuzzy Hash: 80c572778247786c4f56d661f64f91e10393778f7a237d085cefdce9e07298bb
                                                            • Instruction Fuzzy Hash: CA21BD31D01619FBCF1DEB99CC40B9DFBB5EF58714F108066E524AA160E7319A40CB42
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B8AF2 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 69%
                                                            			E011B8AF2(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t41;
				intOrPtr _t47;
				void* _t49;
				void* _t50;

				_t42 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t49 = E011D0823((0 | _a4 != 0x00000000) + 0x80000001, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0x20019,  &_v12);
				if(_t49 == 0x80070003 || _t49 == 0x80070002) {
					L11:
					_t50 = 0;
				} else {
					if(_t49 >= 0) {
						_t41 = 0;
						_t50 = E011D0708(_t42, _v12, 0,  &_v8);
						if(_t50 == 0x80070103) {
							goto L11;
						} else {
							_t47 = _a8;
							while(_t50 >= 0) {
								if(CompareStringW(0, 1, _v8, 0xffffffff,  *(_t47 + 0x10), 0xffffffff) != 2) {
									E011B8857(_t42, _a4, _v12, _v8, _t47, _a12);
								}
								_t41 = _t41 + 1;
								_t50 = E011D0708(_t42, _v12, _t41,  &_v8);
								if(_t50 != 0x80070103) {
									continue;
								} else {
									goto L11;
								}
								goto L12;
							}
							_push("Failed to enumerate uninstall key for related bundles.");
							goto L4;
						}
					} else {
						_push("Failed to open uninstall registry key.");
						L4:
						_push(_t50);
						E011CFB09();
					}
				}
				L12:
				if(_v8 != 0) {
					E01192762(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _t50;
			}









                                                            0x011b8af2
                                                            0x011b8af5
                                                            0x011b8af6
                                                            0x011b8af7
                                                            0x011b8afe
                                                            0x011b8b23
                                                            0x011b8b2b
                                                            0x011b8bab
                                                            0x011b8bab
                                                            0x011b8b35
                                                            0x011b8b37
                                                            0x011b8b4b
                                                            0x011b8b57
                                                            0x011b8b5f
                                                            0x00000000
                                                            0x011b8b61
                                                            0x011b8b61
                                                            0x011b8b64
                                                            0x011b8b7f
                                                            0x011b8b8e
                                                            0x011b8b8e
                                                            0x011b8b96
                                                            0x011b8ba1
                                                            0x011b8ba9
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011b8ba9
                                                            0x011b8bd3
                                                            0x00000000
                                                            0x011b8bd3
                                                            0x011b8b39
                                                            0x011b8b39
                                                            0x011b8b3e
                                                            0x011b8b3e
                                                            0x011b8b3f
                                                            0x011b8b45
                                                            0x011b8b37
                                                            0x011b8bad
                                                            0x011b8bb1
                                                            0x011b8bb6
                                                            0x011b8bb6
                                                            0x011b8bbf
                                                            0x011b8bc4
                                                            0x011b8bc4
                                                            0x011b8bd0

                                                            APIs
                                                              • Part of subcall function 011D0823: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,011FAA7C,00000000,?,011D4FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 011D0837
                                                            • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4), ref: 011B8B76
                                                            • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4,?,?,?,0119F782,00000001,00000100,000001B4,00000000), ref: 011B8BC4
                                                            Strings
                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 011B8B13
                                                            • Failed to enumerate uninstall key for related bundles., xrefs: 011B8BD3
                                                            • Failed to open uninstall registry key., xrefs: 011B8B39
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseCompareOpenString
                                                            • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                            • API String ID: 2817536665-2531018330
                                                            • Opcode ID: 9351307f5ec19f475f971a5f59a2ced43696a966a8ede3f0d583ac3a427186a1
                                                            • Instruction ID: 9e5eab6dbcd1faf00c9444bf8affb65b71e43adb80903dbd2d11cf9358ad978e
                                                            • Opcode Fuzzy Hash: 9351307f5ec19f475f971a5f59a2ced43696a966a8ede3f0d583ac3a427186a1
                                                            • Instruction Fuzzy Hash: 5421B172910229FAEF299AA4DD85FDEBA7DEB00B25F144264F51076050C7354E809690
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BCF33 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 79synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 31%
                                                            			E011BCF33(void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v20;
				signed int _t31;
				intOrPtr _t33;
				signed int _t45;
				signed int* _t46;
				signed int* _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int* _t53;
				intOrPtr _t54;

				_t53 = _a8;
				_t45 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t51 =  *_t53;
				_t49 = E011939DF(_t51 << 2, 1);
				_a8 = _t49;
				if(_t49 != 0) {
					_t31 = 0;
					if( *_t53 > 0) {
						_t4 =  &(_t53[1]); // 0x4
						_t46 = _t4;
						do {
							 *(_t49 + _t31 * 4) = _t46;
							_t31 = _t31 + 1;
							_t46 =  &(_t46[0x83]);
						} while (_t31 <  *_t53);
					}
					_v20 = 3;
					_v16 = 2;
					_v12 = _t51;
					_v8 = _t49;
					_t33 = _a12( &_v20, _a16);
					_t52 = _a4;
					_t54 = _t33;
					WaitForSingleObject( *(_t52 + 0xc), 0xffffffff);
					 *((intOrPtr*)( *((intOrPtr*)(_t52 + 0x10)) + 0x424)) = _t45;
					 *((intOrPtr*)( *((intOrPtr*)(_t52 + 0x10)) + 0x428)) = _t54;
					if(_t54 == 2) {
						 *((char*)( *((intOrPtr*)(_t52 + 0x10)) + 2)) = 1;
						 *((char*)( *((intOrPtr*)(_t52 + 0x10)) + 3)) = 1;
					}
					ReleaseMutex( *(_t52 + 0xc));
					SetEvent( *(_t52 + 8));
					E01193AA4(_a8);
				} else {
					_t45 = 0x8007000e;
					E011938BA(_t30, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0xe4, 0x8007000e);
					_push("Failed to allocate buffer.");
					_push(0x8007000e);
					E011CFB09();
				}
				return _t45;
			}
















                                                            0x011bcf3b
                                                            0x011bcf44
                                                            0x011bcf46
                                                            0x011bcf49
                                                            0x011bcf4a
                                                            0x011bcf4b
                                                            0x011bcf4c
                                                            0x011bcf59
                                                            0x011bcf5b
                                                            0x011bcf60
                                                            0x011bcf89
                                                            0x011bcf8d
                                                            0x011bcf8f
                                                            0x011bcf8f
                                                            0x011bcf92
                                                            0x011bcf92
                                                            0x011bcf95
                                                            0x011bcf96
                                                            0x011bcf9c
                                                            0x011bcf92
                                                            0x011bcfa6
                                                            0x011bcfae
                                                            0x011bcfb5
                                                            0x011bcfb8
                                                            0x011bcfbb
                                                            0x011bcfbe
                                                            0x011bcfc1
                                                            0x011bcfc8
                                                            0x011bcfd1
                                                            0x011bcfda
                                                            0x011bcfe3
                                                            0x011bcfe8
                                                            0x011bcfef
                                                            0x011bcfef
                                                            0x011bcff6
                                                            0x011bcfff
                                                            0x011bd008
                                                            0x011bcf62
                                                            0x011bcf62
                                                            0x011bcf72
                                                            0x011bcf77
                                                            0x011bcf7c
                                                            0x011bcf7d
                                                            0x011bcf83
                                                            0x011bd013

                                                            APIs
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 011BCFC8
                                                            • ReleaseMutex.KERNEL32(?), ref: 011BCFF6
                                                            • SetEvent.KERNEL32(?), ref: 011BCFFF
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\netfxchainer.cpp, xrefs: 011BCF6D
                                                            • Failed to allocate buffer., xrefs: 011BCF77
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                            • String ID: Failed to allocate buffer.$c:\agent\_work\66\s\src\burn\engine\netfxchainer.cpp
                                                            • API String ID: 944053411-3017045536
                                                            • Opcode ID: 9919706f2558ae6c9e96e578da69ba936cdf5a20866023d19fbcf6fe3b8e3dc3
                                                            • Instruction ID: 548bb07e752ce7062a2c4e02729aecd075eb85b7f3746d7d01102b1eb4fa96c2
                                                            • Opcode Fuzzy Hash: 9919706f2558ae6c9e96e578da69ba936cdf5a20866023d19fbcf6fe3b8e3dc3
                                                            • Instruction Fuzzy Hash: 2921DEB0A0020ABFDB189F6CD884A9ABBF5FF48314F108669F965A7251C375A951CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011997FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 64%
                                                            			E011997FE(void* __edi, signed int _a4, intOrPtr _a8) {
				void* _t12;
				void* _t19;
				void* _t22;
				signed int _t26;
				void* _t27;
				signed int _t28;
				void* _t32;
				void* _t33;
				void* _t36;

				_t32 = __edi;
				_t26 = _a4;
				_t12 =  *((intOrPtr*)(_t26 + 0x10)) - 0x10;
				if(_t12 == 0) {
					L8:
					_push(_t32);
					_t8 = _t26 + 0x18; // 0x18
					_t33 = _t8;
					E01193C78(_a8, 0x18, _t33, 0x18);
					_t28 = 6;
					memset(_t33, 0, _t28 << 2);
					goto L9;
				} else {
					_t19 = _t12 - 1;
					if(_t19 == 0) {
						_t36 = E0119753E(_t27,  *_t26,  *(_t26 + 0x18), _a8);
						if(_t36 == 0x80070490 || _t36 >= 0) {
							L9:
							_t36 = E01198F3F(_t26);
							if(_t36 < 0) {
								_push("Failed to read next symbol.");
								goto L11;
							}
						} else {
							E011938BA(_t20, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\condition.cpp", 0x1b8, _t36);
							_push("Failed to find variable.");
							L11:
							_push(_t36);
							E011CFB09();
						}
					} else {
						_t22 = _t19 - 1;
						if(_t22 == 0) {
							goto L8;
						} else {
							_t23 = _t22 == 1;
							if(_t22 == 1) {
								goto L8;
							} else {
								_t36 = 0x8007000d;
								 *((intOrPtr*)(_t26 + 0x30)) = 1;
								E011938BA(_t23, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\condition.cpp", 0x1c7, 0x8007000d);
								_push( *((intOrPtr*)(_t26 + 0x14)));
								E011CFB09(0x8007000d, "Failed to parse condition \'%ls\' at position: %u",  *((intOrPtr*)(_t26 + 4)));
							}
						}
					}
				}
				return _t36;
			}












                                                            0x011997fe
                                                            0x01199802
                                                            0x01199809
                                                            0x0119980c
                                                            0x01199881
                                                            0x01199881
                                                            0x01199884
                                                            0x01199884
                                                            0x0119988d
                                                            0x01199899
                                                            0x0119989a
                                                            0x00000000
                                                            0x0119980e
                                                            0x0119980e
                                                            0x01199811
                                                            0x0119985c
                                                            0x01199864
                                                            0x0119989d
                                                            0x011998a3
                                                            0x011998a7
                                                            0x011998a9
                                                            0x00000000
                                                            0x011998a9
                                                            0x0119986a
                                                            0x01199875
                                                            0x0119987a
                                                            0x011998ae
                                                            0x011998ae
                                                            0x011998af
                                                            0x011998b5
                                                            0x01199813
                                                            0x01199813
                                                            0x01199816
                                                            0x00000000
                                                            0x01199818
                                                            0x01199818
                                                            0x0119981b
                                                            0x00000000
                                                            0x0119981d
                                                            0x0119981d
                                                            0x01199822
                                                            0x01199834
                                                            0x01199839
                                                            0x01199845
                                                            0x0119984a
                                                            0x0119981b
                                                            0x01199816
                                                            0x01199811
                                                            0x011998bb

                                                            APIs
                                                            Strings
                                                            • Failed to parse condition '%ls' at position: %u, xrefs: 0119983F
                                                            • Failed to read next symbol., xrefs: 011998A9
                                                            • c:\agent\_work\66\s\src\burn\engine\condition.cpp, xrefs: 0119982F, 01199870
                                                            • Failed to find variable., xrefs: 0119987A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _memcpy_s
                                                            • String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$c:\agent\_work\66\s\src\burn\engine\condition.cpp
                                                            • API String ID: 2001391462-1451669575
                                                            • Opcode ID: 809d272cf6a100a71def666b3c3bc4b54ed8fa996536ab399714c527fa853158
                                                            • Instruction ID: 6d83a95a9d8db0dbb0f2f23f8ceb0f206f842653c761f06b1183eba7f6076d0d
                                                            • Opcode Fuzzy Hash: 809d272cf6a100a71def666b3c3bc4b54ed8fa996536ab399714c527fa853158
                                                            • Instruction Fuzzy Hash: EE11277399022EBAEF2D2D6D9C45F973E05EB21B28F00051DFE206D251CB62D810C2E2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01199DDA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E01199DDA(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				void* _t32;
				char _t33;

				_t30 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				if(E01197303(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0) >= 0) {
					_t32 = E011D4289(_v8,  &_v12,  &_v16);
					if(_t32 == 0x80070002 || _t32 == 0x80070003) {
						_push(_v8);
						E011CFFF0(2, "File search: %ls, did not find path: %ls",  *_t30);
						_t33 = 0;
					} else {
						if(_t32 >= 0) {
							_t33 = E011982F4(_a8,  *((intOrPtr*)(_t30 + 4)), _v16, _v12, 0);
							if(_t33 < 0) {
								_push("Failed to set variable.");
								goto L2;
							}
						} else {
							_push("Failed get file version.");
							goto L2;
						}
					}
				} else {
					_push("Failed to format path string.");
					L2:
					_push(_t33);
					E011CFB09();
				}
				E0119287D(_v8);
				return _t33;
			}








                                                            0x01199de3
                                                            0x01199df0
                                                            0x01199df6
                                                            0x01199df9
                                                            0x01199e05
                                                            0x01199e26
                                                            0x01199e2e
                                                            0x01199e62
                                                            0x01199e6e
                                                            0x01199e76
                                                            0x01199e38
                                                            0x01199e3a
                                                            0x01199e55
                                                            0x01199e59
                                                            0x01199e5b
                                                            0x00000000
                                                            0x01199e5b
                                                            0x01199e3c
                                                            0x01199e3c
                                                            0x00000000
                                                            0x01199e3c
                                                            0x01199e3a
                                                            0x01199e07
                                                            0x01199e07
                                                            0x01199e0c
                                                            0x01199e0c
                                                            0x01199e0d
                                                            0x01199e13
                                                            0x01199e7b
                                                            0x01199e86

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 01199DFC
                                                            Strings
                                                            • File search: %ls, did not find path: %ls, xrefs: 01199E67
                                                            • Failed to format path string., xrefs: 01199E07
                                                            • Failed to set variable., xrefs: 01199E5B
                                                            • Failed get file version., xrefs: 01199E3C
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Open@16
                                                            • String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
                                                            • API String ID: 3613110473-2458530209
                                                            • Opcode ID: a46211a6419e73b44d116fbad8d38ac13941dc1504f097f57b3b886f42718a90
                                                            • Instruction ID: e63272891f66d77e797ad82781fd6be63849ec02687c944fb901a2ae77873e02
                                                            • Opcode Fuzzy Hash: a46211a6419e73b44d116fbad8d38ac13941dc1504f097f57b3b886f42718a90
                                                            • Instruction Fuzzy Hash: 4D119D72D0012EBADF0BAAD8DC81DEEBB69EF14658B11416EE82066211D7329E109BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CE042 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011CE042(void* __eflags, signed int _a4) {
				intOrPtr _t13;
				void* _t21;
				signed int _t33;
				long _t35;

				_t33 = _a4;
				if(E011C877C(_t33) != 0xffffffff) {
					_t13 =  *0x11fb118; // 0x6b7470
					if(_t33 != 1 || ( *(_t13 + 0x88) & 0x00000001) == 0) {
						if(_t33 != 2 || ( *(_t13 + 0x58) & 0x00000001) == 0) {
							goto L7;
						} else {
							goto L6;
						}
					} else {
						L6:
						_t21 = E011C877C(2);
						if(E011C877C(1) == _t21) {
							goto L1;
						}
						L7:
						if(CloseHandle(E011C877C(_t33)) != 0) {
							goto L1;
						}
						_t35 = GetLastError();
						L9:
						E011C86EB(_t33);
						 *((char*)( *((intOrPtr*)(0x11fb118 + (_t33 >> 6) * 4)) + 0x28 + (_t33 & 0x0000003f) * 0x30)) = 0;
						if(_t35 == 0) {
							return 0;
						}
						return E011C36F2(_t35) | 0xffffffff;
					}
				}
				L1:
				_t35 = 0;
				goto L9;
			}







                                                            0x011ce049
                                                            0x011ce056
                                                            0x011ce05c
                                                            0x011ce064
                                                            0x011ce072
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011ce07a
                                                            0x011ce07a
                                                            0x011ce07c
                                                            0x011ce08e
                                                            0x00000000
                                                            0x00000000
                                                            0x011ce090
                                                            0x011ce0a0
                                                            0x00000000
                                                            0x00000000
                                                            0x011ce0a8
                                                            0x011ce0aa
                                                            0x011ce0ab
                                                            0x011ce0c3
                                                            0x011ce0ca
                                                            0x00000000
                                                            0x011ce0d8
                                                            0x00000000
                                                            0x011ce0d3
                                                            0x011ce064
                                                            0x011ce058
                                                            0x011ce058
                                                            0x00000000

                                                            APIs
                                                            • CloseHandle.KERNEL32(00000000,00000000,00000000,?,011CDF60,00000000,011F7BF8,0000000C), ref: 011CE098
                                                            • GetLastError.KERNEL32(?,011CDF60,00000000,011F7BF8,0000000C), ref: 011CE0A2
                                                            • __dosmaperr.LIBCMT ref: 011CE0CD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                            • String ID: @Mqt$ptk
                                                            • API String ID: 2583163307-1339934029
                                                            • Opcode ID: 3fd090ccfd2e05e27a71fc0405f5a9143f1c91d9b5f4e17a834c5d53c3b5ec77
                                                            • Instruction ID: e254288e16207a43053583a6b94cc812276c11b0f3644859e2aeb1e26ac7a9c1
                                                            • Opcode Fuzzy Hash: 3fd090ccfd2e05e27a71fc0405f5a9143f1c91d9b5f4e17a834c5d53c3b5ec77
                                                            • Instruction Fuzzy Hash: B001893370726016E23E663CA88573E2F494BF5F38F26022DEA14871D2EF6184D1C2D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01191206 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E01191206(void* __ecx, intOrPtr _a4, intOrPtr* _a8, short*** _a12) {
				int _v8;
				int _v12;
				PWCHAR* _t21;
				signed short _t34;
				signed short _t41;

				_v8 = 0;
				_v12 = 0;
				_t34 = E01191FF4( &_v8, L"ignored ", 0);
				if(_t34 >= 0) {
					_t34 = E01191FF4( &_v8, _a4, 0);
					if(_t34 >= 0) {
						_t21 = CommandLineToArgvW(_v8,  &_v12);
						if(_t21 != 0) {
							_t8 =  &(_t21[1]); // 0x4
							 *_a12 = _t8;
							 *_a8 = _v12 - 1;
						} else {
							_t34 = GetLastError();
							if(_t34 > 0) {
								_t34 = _t34 & 0x0000ffff | 0x80070000;
								_t41 = _t34;
							}
							if(_t41 >= 0) {
								_t34 = 0x80004005;
							}
							E011938BA(_t24, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\apputil.cpp", 0x63, _t34);
						}
					}
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				return _t34;
			}








                                                            0x01191219
                                                            0x0119121c
                                                            0x01191224
                                                            0x01191228
                                                            0x01191237
                                                            0x0119123b
                                                            0x01191244
                                                            0x0119124c
                                                            0x0119127b
                                                            0x01191281
                                                            0x0119128a
                                                            0x0119124e
                                                            0x01191254
                                                            0x01191258
                                                            0x0119125d
                                                            0x01191263
                                                            0x01191263
                                                            0x01191265
                                                            0x01191267
                                                            0x01191267
                                                            0x01191274
                                                            0x01191274
                                                            0x0119124c
                                                            0x0119123b
                                                            0x0119128f
                                                            0x01191294
                                                            0x01191294
                                                            0x0119129e

                                                            APIs
                                                            • CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,0119527C,00000000,?), ref: 01191244
                                                            • GetLastError.KERNEL32(?,?,?,0119527C,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 0119124E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ArgvCommandErrorLastLine
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\apputil.cpp$ignored
                                                            • API String ID: 3459693003-4239442035
                                                            • Opcode ID: d1e1ab04453a9a59dc54de22e5b78d7ad0b5d24c79d77bba0246fc11fd4a4ba8
                                                            • Instruction ID: 173f0481aa3a789cfb856db68e580ceeab096a462f8a43a2e1bbe419b1ec26d6
                                                            • Opcode Fuzzy Hash: d1e1ab04453a9a59dc54de22e5b78d7ad0b5d24c79d77bba0246fc11fd4a4ba8
                                                            • Instruction Fuzzy Hash: D71142B690112ABBCF29EB99D904DDEBFB8AF54A60B114195FD20E7200D7709E40C7A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CF6FD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011CF6FD(void* __ecx, void* __edi, intOrPtr _a4, void* _a8, long _a12, char* _a16, intOrPtr _a20) {
				short _v8;
				short _t25;
				signed int _t32;
				void* _t33;
				void* _t34;
				void* _t36;
				signed short _t38;
				signed short _t43;

				_t36 = __edi;
				_t38 = 0;
				_v8 = 0;
				_t32 = FormatMessageW(0x900, _a8, _a12, 0,  &_v8, 0,  &_a16);
				if(_t32 != 0) {
					if(_t32 < 2) {
						goto L9;
					} else {
						_t25 = _v8;
						_t33 = 0xd;
						if(_t33 ==  *((intOrPtr*)(_t25 + _t32 * 2 - 4))) {
							_t34 = 0xa;
							if(_t34 ==  *((intOrPtr*)(_t25 + _t32 * 2 - 2))) {
								 *((short*)(_t25 + _t32 * 2 - 4)) = 0;
								goto L9;
							}
						}
					}
					goto L10;
				} else {
					_t38 = GetLastError();
					if(_t38 > 0) {
						_t38 = _t38 & 0x0000ffff | 0x80070000;
						_t43 = _t38;
					}
					if(_t43 >= 0) {
						L9:
						_t25 = _v8;
						L10:
						E011CF79E(_t36, _a4, _a12, _t25, _a20);
					} else {
						E011938BA(_t29, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\logutil.cpp", 0x333, _t38);
					}
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return _t38;
			}











                                                            0x011cf6fd
                                                            0x011cf705
                                                            0x011cf70c
                                                            0x011cf722
                                                            0x011cf726
                                                            0x011cf756
                                                            0x00000000
                                                            0x011cf758
                                                            0x011cf758
                                                            0x011cf75d
                                                            0x011cf763
                                                            0x011cf767
                                                            0x011cf76d
                                                            0x011cf771
                                                            0x00000000
                                                            0x011cf771
                                                            0x011cf76d
                                                            0x011cf763
                                                            0x00000000
                                                            0x011cf728
                                                            0x011cf72e
                                                            0x011cf732
                                                            0x011cf737
                                                            0x011cf73d
                                                            0x011cf73d
                                                            0x011cf73f
                                                            0x011cf776
                                                            0x011cf776
                                                            0x011cf779
                                                            0x011cf783
                                                            0x011cf741
                                                            0x011cf74c
                                                            0x011cf74c
                                                            0x011cf73f
                                                            0x011cf78c
                                                            0x011cf791
                                                            0x011cf791
                                                            0x011cf79b

                                                            APIs
                                                            • FormatMessageW.KERNEL32(00000900,?,?,00000000,00000000,00000000,?,00000000,?,?,011CFDC0,?,?,?,?,00000001), ref: 011CF71C
                                                            • GetLastError.KERNEL32(?,011CFDC0,?,?,?,?,00000001,?,01195651,?,?,00000000,?,?,011953D2,00000002), ref: 011CF728
                                                            • LocalFree.KERNEL32(00000000,?,?,00000000,?,?,011CFDC0,?,?,?,?,00000001,?,01195651,?,?), ref: 011CF791
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\logutil.cpp, xrefs: 011CF747
                                                            • @Mqt, xrefs: 011CF728
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\logutil.cpp
                                                            • API String ID: 1365068426-243983799
                                                            • Opcode ID: 2bd123329aa803a3f64e53dbde997345f2c15e6a179fe2b115923441ef0436e1
                                                            • Instruction ID: 53e73ca8f25c1636b45fa0cccb74347fd53b69d8c9cc8e49d34385ed89db480e
                                                            • Opcode Fuzzy Hash: 2bd123329aa803a3f64e53dbde997345f2c15e6a179fe2b115923441ef0436e1
                                                            • Instruction Fuzzy Hash: 5111A33250162AFBDF2A9F94DD05EEE7A7AEF64B50F01801DFE01E6164D7308A52D7A0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01199A0E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 24%
                                                            			E01199A0E(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _t25;
				void* _t29;
				void* _t30;

				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t29 = E011D3209(_a8, L"Condition",  &_v12);
				if(_t29 != 1) {
					if(_t29 >= 0) {
						_t30 = E011D2D56(_v12,  &_v8);
						if(_t30 >= 0) {
							_t30 = E0119229E(_a4, _v8, 0);
							if(_t30 < 0) {
								_push("Failed to copy condition string from BSTR");
								goto L8;
							}
						} else {
							_push("Failed to get Condition inner text.");
							goto L8;
						}
					} else {
						_push("Failed to select condition node.");
						L8:
						_push(_t30);
						E011CFB09();
					}
				} else {
					_t30 = 0;
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t25 = _v12;
				if(_t25 != 0) {
					 *((intOrPtr*)( *_t25 + 8))(_t25);
				}
				return _t30;
			}








                                                            0x01199a13
                                                            0x01199a1a
                                                            0x01199a2d
                                                            0x01199a32
                                                            0x01199a3a
                                                            0x01199a4f
                                                            0x01199a53
                                                            0x01199a69
                                                            0x01199a6d
                                                            0x01199a6f
                                                            0x00000000
                                                            0x01199a6f
                                                            0x01199a55
                                                            0x01199a55
                                                            0x00000000
                                                            0x01199a55
                                                            0x01199a3c
                                                            0x01199a3c
                                                            0x01199a74
                                                            0x01199a74
                                                            0x01199a75
                                                            0x01199a7b
                                                            0x01199a34
                                                            0x01199a34
                                                            0x01199a34
                                                            0x01199a80
                                                            0x01199a85
                                                            0x01199a85
                                                            0x01199a8b
                                                            0x01199a90
                                                            0x01199a95
                                                            0x01199a95
                                                            0x01199a9c

                                                            APIs
                                                            • SysFreeString.OLEAUT32(00000000), ref: 01199A85
                                                            Strings
                                                            • Failed to get Condition inner text., xrefs: 01199A55
                                                            • Failed to copy condition string from BSTR, xrefs: 01199A6F
                                                            • Condition, xrefs: 01199A20
                                                            • Failed to select condition node., xrefs: 01199A3C
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeString
                                                            • String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.
                                                            • API String ID: 3341692771-3600577998
                                                            • Opcode ID: e80fe6e172aaac609e24dc4f460c007b27c03d023bd77a0d10673239579d69d6
                                                            • Instruction ID: 65bdab475afc09472c8eb88cb8fc2266621e699af5cbb2b5d19a7ea87b382308
                                                            • Opcode Fuzzy Hash: e80fe6e172aaac609e24dc4f460c007b27c03d023bd77a0d10673239579d69d6
                                                            • Instruction Fuzzy Hash: 5A118E31A41228BBDF1EA6A4DC06BAEBF65EF04628F11016CE82276210D7799E00C7C0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C815F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E011C815F(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x11fb498 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x11f14a8 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x295f764b
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










                                                            0x011c8164
                                                            0x011c8168
                                                            0x011c816f
                                                            0x011c8173
                                                            0x011c8181
                                                            0x011c8197
                                                            0x011c819b
                                                            0x011c81c4
                                                            0x011c81c6
                                                            0x011c81ca
                                                            0x011c81cd
                                                            0x011c81cd
                                                            0x011c81d3
                                                            0x011c81d5
                                                            0x00000000
                                                            0x011c81d6
                                                            0x011c819d
                                                            0x011c81a6
                                                            0x011c81b5
                                                            0x011c81a8
                                                            0x011c81ab
                                                            0x011c81b1
                                                            0x011c81b1
                                                            0x011c81b9
                                                            0x00000000
                                                            0x011c81bb
                                                            0x011c81be
                                                            0x011c81c0
                                                            0x00000000
                                                            0x011c81c0
                                                            0x011c81b9
                                                            0x011c8175
                                                            0x011c817a
                                                            0x00000000

                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,011C8303,00000000,00000000,?,011C8106,011C8303,00000000,00000000,00000000,?,011C8303,00000006,FlsSetValue), ref: 011C8191
                                                            • GetLastError.KERNEL32(?,011C8106,011C8303,00000000,00000000,00000000,?,011C8303,00000006,FlsSetValue,011F1A28,FlsSetValue,00000000,00000364,?,011C59FB), ref: 011C819D
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,011C8106,011C8303,00000000,00000000,00000000,?,011C8303,00000006,FlsSetValue,011F1A28,FlsSetValue,00000000), ref: 011C81AB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad$ErrorLast
                                                            • String ID: @Mqt
                                                            • API String ID: 3177248105-2740872224
                                                            • Opcode ID: 98bee4363747875fc9a3b0c3994caafb9da259a2379165acb806f0346f98408c
                                                            • Instruction ID: 03ecaafd8b37bf6ca580f642d2a7a4d2e6a3fd4f0d4b3dd34f3aa489d771dee7
                                                            • Opcode Fuzzy Hash: 98bee4363747875fc9a3b0c3994caafb9da259a2379165acb806f0346f98408c
                                                            • Instruction Fuzzy Hash: 2D01F736646222AFC73E8E7DAC84A677BD8AF96FA17110638FD16D3140D720D440C7E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D4199 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011D4199(void* __ecx, WCHAR* _a4, intOrPtr _a8) {
				void* _t4;
				void* _t13;
				void* _t15;
				signed short _t17;

				_t13 = __ecx;
				if(_a4 != 0) {
					_t15 = CreateFileW(_a4, 0x80, 1, 0, 3, 0x80, 0);
					__eflags = _t15 - 0xffffffff;
					if(_t15 != 0xffffffff) {
						_t17 = E011D4224(_t13, _t15, _a8);
						CloseHandle(_t15);
					} else {
						_t17 = GetLastError();
						__eflags = _t17;
						if(__eflags > 0) {
							_t17 = _t17 & 0x0000ffff | 0x80070000;
							__eflags = _t17;
						}
						if(__eflags >= 0) {
							_t17 = 0x80004005;
						}
						E011938BA(_t10, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x230, _t17);
					}
				} else {
					_t17 = 0x80070057;
					E011938BA(_t4, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x22b, 0x80070057);
				}
				return _t17;
			}







                                                            0x011d4199
                                                            0x011d41a1
                                                            0x011d41d3
                                                            0x011d41d5
                                                            0x011d41d8
                                                            0x011d4213
                                                            0x011d4216
                                                            0x011d41da
                                                            0x011d41e0
                                                            0x011d41e2
                                                            0x011d41e4
                                                            0x011d41e9
                                                            0x011d41ef
                                                            0x011d41ef
                                                            0x011d41f1
                                                            0x011d41f3
                                                            0x011d41f3
                                                            0x011d4203
                                                            0x011d4203
                                                            0x011d41a3
                                                            0x011d41a3
                                                            0x011d41b3
                                                            0x011d41b3
                                                            0x011d4221

                                                            APIs
                                                            • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000002C0,00000000,?,011B89B4,00000000,00000088,000002C0,BundleCachePath,00000000), ref: 011D41CD
                                                            • GetLastError.KERNEL32(?,011B89B4,00000000,00000088,000002C0,BundleCachePath,00000000,000002C0,BundleVersion,000000B8,000002C0,EngineVersion,000002C0,000000B0), ref: 011D41DA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CreateErrorFileLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 1214770103-1324176156
                                                            • Opcode ID: 4115088af9afe21ae074e4ecf08d67a66a2bb2d71cc0e1a219b4211b7a86be28
                                                            • Instruction ID: d483dda0110ba16535091bd24fd771e16499726c78b3941e1d5fa8fd958f81b4
                                                            • Opcode Fuzzy Hash: 4115088af9afe21ae074e4ecf08d67a66a2bb2d71cc0e1a219b4211b7a86be28
                                                            • Instruction Fuzzy Hash: E501F937681131B7E73926A8BC08F6A2998AB61B70F014225FF60BF9C0C7755D0097E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119D461 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 45%
                                                            			E0119D461(intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr* _t10;
				long _t15;
				long _t18;
				intOrPtr _t19;

				_t19 = _a4;
				_t18 = 0;
				_t2 = _t19 + 0x18; // 0xd0
				EnterCriticalSection(_t2);
				_t3 = _t19 + 0x30; // 0xe8
				_t15 = 1;
				if(InterlockedCompareExchange(_t3, 1, 0) != 0) {
					_t15 = 0;
					_t18 = 0x8007139f;
				}
				_t4 = _t19 + 0x18; // 0xd0
				LeaveCriticalSection(_t4);
				_t10 = _a8;
				if(_t10 != 0) {
					 *_t10 = _t15;
				}
				if(_t18 < 0) {
					E011938BA(_t10, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\userexperience.cpp", 0xea, _t18);
					_push("Engine active cannot be changed because it was already in that state.");
					_push(_t18);
					E011CFB09();
				}
				return _t18;
			}







                                                            0x0119d466
                                                            0x0119d46a
                                                            0x0119d46c
                                                            0x0119d470
                                                            0x0119d479
                                                            0x0119d47c
                                                            0x0119d487
                                                            0x0119d489
                                                            0x0119d48b
                                                            0x0119d48b
                                                            0x0119d490
                                                            0x0119d494
                                                            0x0119d49a
                                                            0x0119d49f
                                                            0x0119d4a1
                                                            0x0119d4a1
                                                            0x0119d4a5
                                                            0x0119d4b2
                                                            0x0119d4b7
                                                            0x0119d4bc
                                                            0x0119d4bd
                                                            0x0119d4c3
                                                            0x0119d4ca

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,011A6F37,000000B8,00000000,?,00000000,775FA770), ref: 0119D470
                                                            • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 0119D47F
                                                            • LeaveCriticalSection.KERNEL32(000000D0,?,011A6F37,000000B8,00000000,?,00000000,775FA770), ref: 0119D494
                                                            Strings
                                                            • Engine active cannot be changed because it was already in that state., xrefs: 0119D4B7
                                                            • c:\agent\_work\66\s\src\burn\engine\userexperience.cpp, xrefs: 0119D4AD
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                            • String ID: Engine active cannot be changed because it was already in that state.$c:\agent\_work\66\s\src\burn\engine\userexperience.cpp
                                                            • API String ID: 3376869089-1173769119
                                                            • Opcode ID: 45f554bf27b916df9cfb896cf6d1f41d3f5c9363d4e5fee9ff300f791356daad
                                                            • Instruction ID: 2763749a2d1cce6f59d8bd91c49c2228df8526d65d63c743a89f349b9f47bd9b
                                                            • Opcode Fuzzy Hash: 45f554bf27b916df9cfb896cf6d1f41d3f5c9363d4e5fee9ff300f791356daad
                                                            • Instruction Fuzzy Hash: 5EF08C762012066B9B289EFAAC88D9777BDBB95665304042AB626C7640DB64F8058760
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119D88A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 75%
                                                            			E0119D88A(intOrPtr _a4) {
				_Unknown_base(*)()* _t12;
				signed int _t18;
				intOrPtr _t19;
				signed short _t20;

				_t19 = _a4;
				_t20 = 0;
				_t18 =  *(_t19 + 0x10);
				if(_t18 != 0) {
					 *((intOrPtr*)( *_t18 + 8))(_t18);
					 *(_t19 + 0x10) =  *(_t19 + 0x10) & 0;
				}
				if( *(_t19 + 0xc) != _t20) {
					_t12 = GetProcAddress( *(_t19 + 0xc), "BootstrapperApplicationDestroy");
					if(_t12 != 0) {
						 *_t12();
					}
					if(FreeLibrary( *(_t19 + 0xc)) == 0) {
						_t20 = GetLastError();
						if(_t20 > 0) {
							_t20 = _t20 & 0x0000ffff | 0x80070000;
						}
					}
					 *(_t19 + 0xc) =  *(_t19 + 0xc) & 0x00000000;
				}
				return _t20;
			}







                                                            0x0119d88f
                                                            0x0119d892
                                                            0x0119d894
                                                            0x0119d899
                                                            0x0119d89e
                                                            0x0119d8a1
                                                            0x0119d8a1
                                                            0x0119d8a7
                                                            0x0119d8b1
                                                            0x0119d8b9
                                                            0x0119d8bb
                                                            0x0119d8bb
                                                            0x0119d8c8
                                                            0x0119d8d0
                                                            0x0119d8d4
                                                            0x0119d8d9
                                                            0x0119d8d9
                                                            0x0119d8d4
                                                            0x0119d8df
                                                            0x0119d8df
                                                            0x0119d8e8

                                                            APIs
                                                            • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 0119D8B1
                                                            • FreeLibrary.KERNEL32(?,?,01194920,00000000,?,?,011954CB,?,?), ref: 0119D8C0
                                                            • GetLastError.KERNEL32(?,01194920,00000000,?,?,011954CB,?,?), ref: 0119D8CA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressErrorFreeLastLibraryProc
                                                            • String ID: @Mqt$BootstrapperApplicationDestroy
                                                            • API String ID: 1144718084-3333761507
                                                            • Opcode ID: b2393daeccde9634eef1518bdee5b840f5a3ee6467f44c02f4a5c8df763e22d6
                                                            • Instruction ID: 0a1919215a54d26bb9b2f50933c957cd57dd5b78aa06612cc1621a2b2908ba15
                                                            • Opcode Fuzzy Hash: b2393daeccde9634eef1518bdee5b840f5a3ee6467f44c02f4a5c8df763e22d6
                                                            • Instruction Fuzzy Hash: BFF06832601626ABDF299FA9F804B25FBA4FF006627058239E939DB511C725E850DBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B0564 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 19%
                                                            			E011B0564(intOrPtr _a4) {
				signed short _t12;
				signed short _t16;

				_t11 = _a4;
				if(SetEvent( *(_a4 + 0x24)) != 0) {
					_t12 = E011B1286(_t11);
				} else {
					_t12 = GetLastError();
					if(_t12 > 0) {
						_t12 = _t12 & 0x0000ffff | 0x80070000;
						_t16 = _t12;
					}
					if(_t16 >= 0) {
						_t12 = 0x80004005;
					}
					E011938BA(_t6, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x125, _t12);
					_push("Failed to set begin operation event.");
					_push(_t12);
					E011CFB09();
				}
				return _t12;
			}





                                                            0x011b0568
                                                            0x011b0576
                                                            0x011b05bb
                                                            0x011b0578
                                                            0x011b057e
                                                            0x011b0582
                                                            0x011b0587
                                                            0x011b058d
                                                            0x011b058d
                                                            0x011b058f
                                                            0x011b0591
                                                            0x011b0591
                                                            0x011b05a1
                                                            0x011b05a6
                                                            0x011b05ab
                                                            0x011b05ac
                                                            0x011b05b2
                                                            0x011b05c1

                                                            APIs
                                                            • SetEvent.KERNEL32(011DA478,00000000,?,011B14B9,?,00000000,?,0119C24A,?,01195442,?,011A7498,?,?,01195442,?), ref: 011B056E
                                                            • GetLastError.KERNEL32(?,011B14B9,?,00000000,?,0119C24A,?,01195442,?,011A7498,?,?,01195442,?,01195482,00000001), ref: 011B0578
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 011B059C
                                                            • @Mqt, xrefs: 011B0578
                                                            • Failed to set begin operation event., xrefs: 011B05A6
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorEventLast
                                                            • String ID: @Mqt$Failed to set begin operation event.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 3848097054-2932536150
                                                            • Opcode ID: 2a668a909488e05901c4fe01e7827cfbff57291ef08fd39263674dbc84ca5d0d
                                                            • Instruction ID: 15dd897da952ee46e8a0a9926394d2cf2085f9d0300c751bc2ba8ebdc5bffd3c
                                                            • Opcode Fuzzy Hash: 2a668a909488e05901c4fe01e7827cfbff57291ef08fd39263674dbc84ca5d0d
                                                            • Instruction Fuzzy Hash: B8F0A773942A3667832D66A96D04BCB76E89E199657020169FE00FB600F7159C0046E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D56B4 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 162stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 32%
                                                            			E011D56B4(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, WCHAR* _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr* _a36, intOrPtr _a40) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				WCHAR* _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void _v44;
				intOrPtr* _t50;
				signed short _t58;
				intOrPtr _t71;
				signed int _t73;
				intOrPtr* _t75;
				int _t76;
				WCHAR* _t77;
				char _t80;
				WCHAR* _t81;
				intOrPtr* _t82;
				void* _t83;
				signed short _t84;
				WCHAR* _t85;

				_t83 = 0;
				_t76 = 0;
				_t73 = 7;
				_v12 = 0;
				_v8 = 0;
				memset( &_v44, 0, _t73 << 2);
				while(1) {
					_v16 = _t83;
					if(_t76 == 0) {
						_t80 = _v12;
					} else {
						 *0x11fa994(_t76);
						_t80 = _t83;
						_v8 = _t80;
					}
					if(0 != 0) {
						 *0x11fa994(0);
					}
					_t71 = _t83;
					_t84 = E011D8572( *_a8,  &_v44);
					if(_t84 < 0) {
						break;
					}
					_t85 = _a24;
					if(_t85 == 0) {
						L10:
						_t77 = _v28;
						L11:
						_t50 = _a20;
						if(_t50 == 0) {
							L13:
							_t75 = _v32;
							L14:
							_t71 =  *0x11fa974(_a4, _v40, _v36, _t75, _t77, 1 + (0 | _v44 != 0x00000001) * 2, 0, 0);
							if(_t71 == 0) {
								_t84 = GetLastError();
								__eflags = _t84;
								if(__eflags > 0) {
									_t84 = _t84 & 0x0000ffff | 0x80070000;
									__eflags = _t84;
								}
								if(__eflags >= 0) {
									_t84 = 0x80004005;
								}
								E011938BA(_t55, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0x1fe, _t84);
								break;
							}
							_t81 = _a20;
							if(_t81 != 0 &&  *_t81 != 0 && _t85 != 0 &&  *_t85 != 0) {
								_push(lstrlenW(_t81));
								_push(_t81);
								_t82 =  *0x11fa970; // 0x11d9fbb
								_push(0x2b);
								_push(_t71);
								if( *_t82() != 0) {
									 *_t82(_t71, 0x2c, _t85, lstrlenW(_t85));
								}
							}
							_t58 = E011D5854(_t75, _t71, _a12, _v44, _v24, _v20, _a16,  &_v8);
							_t80 = _v8;
							_t84 = _t58;
							if(_t84 >= 0) {
								_v12 = _t80;
								_t84 = E011D5976(_t75, _t80, _a8, _a28,  &_v16, _a40);
								if(_t84 < 0) {
									break;
								}
								if(_v16 != 0) {
									_t76 = _v12;
									_t83 = 0;
									__eflags = 0;
									continue;
								}
								 *_a32 = _t71;
								_t71 = 0;
								 *_a36 = _t80;
								_t80 = 0;
							}
							break;
						}
						_t75 = _t50;
						if( *_t50 != 0) {
							goto L14;
						}
						goto L13;
					}
					_t77 = _t85;
					if( *_t85 != 0) {
						goto L11;
					}
					goto L10;
				}
				E011D859D( &_v44);
				if(_t80 != 0) {
					 *0x11fa994(_t80);
				}
				if(_t71 != 0) {
					 *0x11fa994(_t71);
				}
				return _t84;
			}


























                                                            0x011d56bd
                                                            0x011d56c4
                                                            0x011d56c8
                                                            0x011d56cb
                                                            0x011d56ce
                                                            0x011d56d1
                                                            0x011d56da
                                                            0x011d56da
                                                            0x011d56df
                                                            0x011d56ef
                                                            0x011d56e1
                                                            0x011d56e2
                                                            0x011d56e8
                                                            0x011d56ea
                                                            0x011d56ea
                                                            0x011d56f4
                                                            0x011d56f7
                                                            0x011d56f7
                                                            0x011d5700
                                                            0x011d570d
                                                            0x011d5711
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5717
                                                            0x011d571e
                                                            0x011d5727
                                                            0x011d5727
                                                            0x011d572a
                                                            0x011d572a
                                                            0x011d572f
                                                            0x011d5738
                                                            0x011d5738
                                                            0x011d573b
                                                            0x011d575f
                                                            0x011d5763
                                                            0x011d5804
                                                            0x011d5806
                                                            0x011d5808
                                                            0x011d580d
                                                            0x011d5813
                                                            0x011d5813
                                                            0x011d5815
                                                            0x011d5817
                                                            0x011d5817
                                                            0x011d5827
                                                            0x00000000
                                                            0x011d5827
                                                            0x011d5769
                                                            0x011d576e
                                                            0x011d5787
                                                            0x011d5788
                                                            0x011d5789
                                                            0x011d578f
                                                            0x011d5791
                                                            0x011d5796
                                                            0x011d57a4
                                                            0x011d57a4
                                                            0x011d5796
                                                            0x011d57ba
                                                            0x011d57bf
                                                            0x011d57c2
                                                            0x011d57c6
                                                            0x011d57ce
                                                            0x011d57de
                                                            0x011d57e2
                                                            0x00000000
                                                            0x00000000
                                                            0x011d57e8
                                                            0x011d56d5
                                                            0x011d56d8
                                                            0x011d56d8
                                                            0x00000000
                                                            0x011d56d8
                                                            0x011d57f1
                                                            0x011d57f3
                                                            0x011d57f8
                                                            0x011d57fa
                                                            0x011d57fa
                                                            0x00000000
                                                            0x011d57c6
                                                            0x011d5731
                                                            0x011d5736
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5736
                                                            0x011d5720
                                                            0x011d5725
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5725
                                                            0x011d5830
                                                            0x011d5837
                                                            0x011d583a
                                                            0x011d583a
                                                            0x011d5842
                                                            0x011d5845
                                                            0x011d5845
                                                            0x011d5851

                                                            APIs
                                                            Strings
                                                            • @Mqt, xrefs: 011D57FE
                                                            • c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp, xrefs: 011D5822
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: lstrlen
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 1659193697-3014452495
                                                            • Opcode ID: 4c350ebd6dc0a65943e3e265885e0ae3abfed0c5d749a92e50ce973a7287a2be
                                                            • Instruction ID: 31486a64bbbfc100af0853becc7d7ddaf23de41ff282870c4fb38cf69ac657a2
                                                            • Opcode Fuzzy Hash: 4c350ebd6dc0a65943e3e265885e0ae3abfed0c5d749a92e50ce973a7287a2be
                                                            • Instruction Fuzzy Hash: D551A576D01219EBDB259FA9D880DAF7FBAFF88750B164024EA15A7100D734D940CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D8352 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E011D8352(void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, short* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				char _v268;
				char _v528;
				char _v1044;
				char _v5144;
				char _v9244;
				intOrPtr _v9248;
				intOrPtr _v9252;
				intOrPtr _v9256;
				intOrPtr _v9260;
				intOrPtr* _v9264;
				short* _v9268;
				intOrPtr _v9272;
				char* _v9276;
				intOrPtr _v9280;
				char* _v9284;
				intOrPtr _v9288;
				char* _v9292;
				intOrPtr _v9296;
				char* _v9300;
				short _v9304;
				intOrPtr _v9308;
				char* _v9312;
				intOrPtr _v9316;
				char _v9328;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t57;
				short* _t70;
				long _t76;
				long _t77;
				long _t78;
				long _t79;
				intOrPtr _t89;
				void* _t90;
				intOrPtr* _t93;
				void* _t97;
				intOrPtr _t99;
				void* _t100;
				void* _t103;
				signed int _t105;
				long _t115;

				_t97 = __edx;
				E011D9760();
				_t57 =  *0x11fa008; // 0x295f764a
				_v8 = _t57 ^ _t105;
				_v9260 = _a4;
				_v9264 = _a8;
				_t89 = _a28;
				_v9248 = _a12;
				_v9268 = _a16;
				_t102 = 0;
				_t99 = _a32;
				_v9252 = _a20;
				_v9256 = _a24;
				E011BF600(_t99,  &_v9328, 0, 0x3c);
				_v9328 = 0x3c;
				if(_v9248 != 0) {
					_v9308 = 0x101;
					_v9312 =  &_v1044;
				}
				if(_v9252 != _t102) {
					_v9296 = 0x81;
					_v9300 =  &_v268;
				}
				if(_v9256 != _t102) {
					_v9288 = 0x81;
					_v9292 =  &_v528;
				}
				if(_t89 != 0) {
					_v9280 = 0x801;
					_v9284 =  &_v5144;
				}
				if(_t99 != 0) {
					_v9272 = 0x801;
					_v9276 =  &_v9244;
				}
				_push( &_v9328);
				_push(0x90000000);
				_push(_t102);
				_push(_v9260);
				if( *0x11fa98c() != 0) {
					_t93 = _v9264;
					if(_t93 != 0) {
						 *_t93 = _v9316;
					}
					_t69 = _v9248;
					if(_v9248 == 0) {
						L20:
						_t70 = _v9268;
						if(_t70 != 0) {
							 *_t70 = _v9304;
						}
						_t71 = _v9252;
						if(_v9252 == 0) {
							L24:
							_t72 = _v9256;
							if(_v9256 == 0) {
								L26:
								if(_t89 == 0) {
									L28:
									if(_t99 != 0) {
										_t102 = E0119229E(_t99, _v9276, _v9272);
									}
									goto L30;
								}
								_t76 = E0119229E(_t89, _v9284, _v9280);
								_t102 = _t76;
								if(_t76 < 0) {
									goto L30;
								}
								goto L28;
							}
							_t77 = E0119229E(_t72, _v9292, _v9288);
							_t102 = _t77;
							if(_t77 < 0) {
								goto L30;
							}
							goto L26;
						} else {
							_t78 = E0119229E(_t71, _v9300, _v9296);
							_t102 = _t78;
							if(_t78 < 0) {
								goto L30;
							}
							goto L24;
						}
					} else {
						_t79 = E0119229E(_t69, _v9312, _v9308);
						_t102 = _t79;
						if(_t79 < 0) {
							goto L30;
						}
						goto L20;
					}
				} else {
					_t102 = GetLastError();
					if(_t102 > 0) {
						_t115 = _t102;
					}
					if(_t115 >= 0) {
						_t102 = 0x80004005;
					}
					E011938BA(_t81, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\uriutil.cpp", 0x56, _t102);
					L30:
					_pop(_t100);
					_pop(_t103);
					_pop(_t90);
					return E011BDD1F(_t90, _v8 ^ _t105, _t97, _t100, _t103);
				}
			}














































                                                            0x011d8352
                                                            0x011d835a
                                                            0x011d835f
                                                            0x011d8366
                                                            0x011d836c
                                                            0x011d8375
                                                            0x011d837f
                                                            0x011d8382
                                                            0x011d838c
                                                            0x011d8392
                                                            0x011d8398
                                                            0x011d839b
                                                            0x011d83a6
                                                            0x011d83b4
                                                            0x011d83bc
                                                            0x011d83cc
                                                            0x011d83d4
                                                            0x011d83de
                                                            0x011d83de
                                                            0x011d83ef
                                                            0x011d83f7
                                                            0x011d83fd
                                                            0x011d83fd
                                                            0x011d8409
                                                            0x011d8411
                                                            0x011d8417
                                                            0x011d8417
                                                            0x011d8424
                                                            0x011d842c
                                                            0x011d8432
                                                            0x011d8432
                                                            0x011d843a
                                                            0x011d8442
                                                            0x011d8448
                                                            0x011d8448
                                                            0x011d8454
                                                            0x011d8455
                                                            0x011d845a
                                                            0x011d845b
                                                            0x011d8469
                                                            0x011d849b
                                                            0x011d84a3
                                                            0x011d84ab
                                                            0x011d84ab
                                                            0x011d84ad
                                                            0x011d84b5
                                                            0x011d84d3
                                                            0x011d84d3
                                                            0x011d84db
                                                            0x011d84e4
                                                            0x011d84e4
                                                            0x011d84e7
                                                            0x011d84ef
                                                            0x011d8509
                                                            0x011d8509
                                                            0x011d8511
                                                            0x011d852b
                                                            0x011d852d
                                                            0x011d8547
                                                            0x011d8549
                                                            0x011d855d
                                                            0x011d855d
                                                            0x00000000
                                                            0x011d8549
                                                            0x011d853c
                                                            0x011d8541
                                                            0x011d8545
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d8545
                                                            0x011d8520
                                                            0x011d8525
                                                            0x011d8529
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d84f1
                                                            0x011d84fe
                                                            0x011d8503
                                                            0x011d8507
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d8507
                                                            0x011d84b7
                                                            0x011d84c4
                                                            0x011d84c9
                                                            0x011d84cd
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d84cd
                                                            0x011d846b
                                                            0x011d8471
                                                            0x011d8475
                                                            0x011d8480
                                                            0x011d8480
                                                            0x011d8482
                                                            0x011d8484
                                                            0x011d8484
                                                            0x011d8491
                                                            0x011d855f
                                                            0x011d8564
                                                            0x011d8565
                                                            0x011d8568
                                                            0x011d856f
                                                            0x011d856f

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID: <$@Mqt$Jv_)$c:\agent\_work\66\s\src\libs\dutil\uriutil.cpp
                                                            • API String ID: 1452528299-341857683
                                                            • Opcode ID: 9fe4177648ef69306d579506b7448e3f626d0d980bba07989c4d9b955de22926
                                                            • Instruction ID: dc6f119e4d82b5b08658b4515d5185ec3312a23073f9be6858ee2cc3c204bf4e
                                                            • Opcode Fuzzy Hash: 9fe4177648ef69306d579506b7448e3f626d0d980bba07989c4d9b955de22926
                                                            • Instruction Fuzzy Hash: F151FC75D012299BDB39DF69CC88ADDBBB8AF08714F4141EAEA08E7201D7349E848F51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011989E8 Relevance: 7.6, APIs: 5, Instructions: 117stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 65%
                                                            			E011989E8(void* __ecx, void* __edx, int _a4, short* _a8, short* _a12, intOrPtr* _a16) {
				int _v8;
				short* _t38;
				int _t43;
				int _t46;
				intOrPtr _t49;
				intOrPtr _t53;
				int _t55;
				void* _t57;
				unsigned int _t59;
				void* _t60;
				int _t61;
				int _t67;
				void* _t75;

				_t57 = __edx;
				_t49 = 0;
				_t59 = _a4;
				_v8 = _t59 >> 0x00000011 & 0x00000001;
				_a4 = lstrlenW(_a8);
				_t67 = lstrlenW(_a12);
				if(_t59 > 0x3000a) {
					_t60 = _t59 - 0x3000b;
					if(_t60 == 0) {
						goto L21;
					} else {
						if(_t60 == 1) {
							goto L16;
						} else {
							goto L11;
						}
					}
				} else {
					if(_t59 >= 0x30005) {
						L7:
						_t46 = CompareStringW(0x7f, _v8, _a8, _a4, _a12, _t67);
						asm("cdq");
						_t49 = E011988A0(_t59, _t46, _t57, 2, _t49, _a16);
					} else {
						if(_t59 < 0x10005) {
							L12:
							_t49 = 0x80070057;
						} else {
							if(_t59 <= 0x1000a) {
								goto L7;
							} else {
								if(_t59 == 0x1000b) {
									L21:
									_t61 = _a4;
									if(_t67 > _t61) {
										L25:
										 *_a16 = _t49;
									} else {
										_t38 = _a8;
										_a4 = _t67;
										while(CompareStringW(0x7f, _v8, _t38, _t67, _a12, _t67) != 2) {
											_t38 =  &(_a8[1]);
											_t55 = _a4 + 1;
											_a8 = _t38;
											_a4 = _t55;
											if(_t55 <= _t61) {
												continue;
											} else {
												goto L25;
											}
											goto L26;
										}
										goto L19;
									}
								} else {
									if(_t59 == 0x1000c) {
										L16:
										if(_a4 < _t67) {
											goto L15;
										} else {
											_push(_t67);
											_push(_a12);
											_push(_t67);
											_push(_a8);
											goto L18;
										}
										goto L20;
									} else {
										_t75 = _t59 - 0x1000d;
										L11:
										if(_t75 == 0) {
											_t43 = _a4;
											if(_t43 < _t67) {
												L15:
												_t53 = _t49;
											} else {
												_push(_t67);
												_push(_a12);
												_push(_t67);
												_push( &(_a8[_t43 - _t67]));
												L18:
												if(CompareStringW(0x7f, _v8, ??, ??, ??, ??) != 2) {
													goto L15;
												} else {
													L19:
													_t53 = 1;
												}
											}
											L20:
											 *_a16 = _t53;
										} else {
											goto L12;
										}
									}
								}
							}
						}
					}
				}
				L26:
				return _t49;
			}
















                                                            0x011989e8
                                                            0x011989f4
                                                            0x011989f7
                                                            0x01198a05
                                                            0x01198a0d
                                                            0x01198a12
                                                            0x01198a1a
                                                            0x01198a7b
                                                            0x01198a81
                                                            0x00000000
                                                            0x01198a83
                                                            0x01198a86
                                                            0x00000000
                                                            0x01198a88
                                                            0x00000000
                                                            0x01198a88
                                                            0x01198a86
                                                            0x01198a1c
                                                            0x01198a22
                                                            0x01198a50
                                                            0x01198a5f
                                                            0x01198a68
                                                            0x01198a74
                                                            0x01198a24
                                                            0x01198a2a
                                                            0x01198a8d
                                                            0x01198a8d
                                                            0x01198a2c
                                                            0x01198a32
                                                            0x00000000
                                                            0x01198a34
                                                            0x01198a3a
                                                            0x01198ad6
                                                            0x01198ad6
                                                            0x01198adb
                                                            0x01198b0d
                                                            0x01198b10
                                                            0x01198add
                                                            0x01198add
                                                            0x01198ae0
                                                            0x01198ae3
                                                            0x01198aff
                                                            0x01198b02
                                                            0x01198b03
                                                            0x01198b06
                                                            0x01198b0b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01198b0b
                                                            0x00000000
                                                            0x01198ae3
                                                            0x01198a40
                                                            0x01198a46
                                                            0x01198aaf
                                                            0x01198ab2
                                                            0x00000000
                                                            0x01198ab4
                                                            0x01198ab4
                                                            0x01198ab5
                                                            0x01198ab8
                                                            0x01198ab9
                                                            0x00000000
                                                            0x01198ab9
                                                            0x00000000
                                                            0x01198a48
                                                            0x01198a48
                                                            0x01198a8b
                                                            0x01198a8b
                                                            0x01198a94
                                                            0x01198a99
                                                            0x01198aab
                                                            0x01198aab
                                                            0x01198a9b
                                                            0x01198aa0
                                                            0x01198aa1
                                                            0x01198aa4
                                                            0x01198aa8
                                                            0x01198abc
                                                            0x01198aca
                                                            0x00000000
                                                            0x01198acc
                                                            0x01198acc
                                                            0x01198ace
                                                            0x01198ace
                                                            0x01198aca
                                                            0x01198acf
                                                            0x01198ad2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x01198a8b
                                                            0x01198a46
                                                            0x01198a3a
                                                            0x01198a32
                                                            0x01198a2a
                                                            0x01198a22
                                                            0x01198b12
                                                            0x01198b18

                                                            APIs
                                                            • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,01198BA7,011996F4,?,011996F4,?,?,011996F4,?,?), ref: 01198A08
                                                            • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,01198BA7,011996F4,?,011996F4,?,?,011996F4,?,?), ref: 01198A10
                                                            • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,00000000,?,?,01198BA7,011996F4,?,011996F4,?), ref: 01198A5F
                                                            • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,01198BA7,011996F4,?,011996F4,?), ref: 01198AC1
                                                            • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,01198BA7,011996F4,?,011996F4,?), ref: 01198AEE
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString$lstrlen
                                                            • String ID:
                                                            • API String ID: 1657112622-0
                                                            • Opcode ID: 7ce7ab23895eaebd974d328d3a89ebeb860f8895a141f695929c183c45101fe1
                                                            • Instruction ID: 757b4b5122a05c4de5a5e8b7c0dc724c0b97bc12b2c0c643ef0523882327da3c
                                                            • Opcode Fuzzy Hash: 7ce7ab23895eaebd974d328d3a89ebeb860f8895a141f695929c183c45101fe1
                                                            • Instruction Fuzzy Hash: CE319772A0111DBFCF2D8E5CCC449AE3F66FF46394F058415F9298B110C3398990DBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011974BE Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 31%
                                                            			E011974BE(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t15;
				void* _t22;

				_t20 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t22 = E01195DA8(_t20, _a4, _a8,  &_v8);
				_t15 = _v8;
				if(_t22 < 0 ||  *((intOrPtr*)(_t15 + 0x18)) != 0) {
					if(_t22 != 0x80070490) {
						if(_t22 >= 0) {
							_t22 = E011B0132(_t15 + 8, _a12);
							if(_t22 < 0) {
								_push(_a8);
								_push("Failed to get value as string for variable: %ls");
								goto L8;
							}
						} else {
							_push(_a8);
							_push("Failed to get value of variable: %ls");
							L8:
							_push(_t22);
							E011CFB09();
						}
					}
				} else {
					_t22 = 0x80070490;
				}
				LeaveCriticalSection(_a4);
				return _t22;
			}






                                                            0x011974be
                                                            0x011974c1
                                                            0x011974c2
                                                            0x011974ca
                                                            0x011974df
                                                            0x011974e1
                                                            0x011974e6
                                                            0x011974fb
                                                            0x011974ff
                                                            0x01197517
                                                            0x0119751b
                                                            0x0119751d
                                                            0x01197520
                                                            0x00000000
                                                            0x01197520
                                                            0x01197501
                                                            0x01197501
                                                            0x01197504
                                                            0x01197525
                                                            0x01197525
                                                            0x01197526
                                                            0x0119752b
                                                            0x011974ff
                                                            0x011974ee
                                                            0x011974ee
                                                            0x011974ee
                                                            0x01197531
                                                            0x0119753b

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(011953FA,WixBundleOriginalSource,?,?,011AA50A,840F01E8,WixBundleOriginalSource,?,011FAA6C,?,00000000,01195482,00000001,?,?,01195482), ref: 011974CA
                                                            • LeaveCriticalSection.KERNEL32(011953FA,011953FA,00000000,00000000,?,?,011AA50A,840F01E8,WixBundleOriginalSource,?,011FAA6C,?,00000000,01195482,00000001,?), ref: 01197531
                                                            Strings
                                                            • WixBundleOriginalSource, xrefs: 011974C6
                                                            • Failed to get value as string for variable: %ls, xrefs: 01197520
                                                            • Failed to get value of variable: %ls, xrefs: 01197504
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource
                                                            • API String ID: 3168844106-30613933
                                                            • Opcode ID: e45d52bde91a98144c926d652d306dda97d2ffee99841392ff501cd7699e229f
                                                            • Instruction ID: 3d14585df5a8c4e8a1febd928bec719a657e2874ff7e97872a909e7f79c60cee
                                                            • Opcode Fuzzy Hash: e45d52bde91a98144c926d652d306dda97d2ffee99841392ff501cd7699e229f
                                                            • Instruction Fuzzy Hash: 6301DF76911129FBCF2A5E54CC08A8E7F65EF00764F018024FD24AB251D335DE109BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BCE2C Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011BCE2C(void* __ebx, void* __edi, void** _a4) {
				void* _t13;
				void** _t26;

				_t26 = _a4;
				if(_t26 != 0) {
					if( *_t26 != 0) {
						CloseHandle( *_t26);
						 *_t26 = 0;
					}
					if(_t26[1] != 0) {
						CloseHandle(_t26[1]);
						_t26[1] = 0;
					}
					if(_t26[2] != 0) {
						CloseHandle(_t26[2]);
						_t26[2] = 0;
					}
					if(_t26[3] != 0) {
						CloseHandle(_t26[3]);
						_t26[3] = 0;
					}
					if(_t26[4] != 0) {
						UnmapViewOfFile(_t26[4]);
					}
					return E01193AA4(_t26);
				}
				return _t13;
			}





                                                            0x011bce30
                                                            0x011bce35
                                                            0x011bce43
                                                            0x011bce47
                                                            0x011bce49
                                                            0x011bce49
                                                            0x011bce4e
                                                            0x011bce53
                                                            0x011bce55
                                                            0x011bce55
                                                            0x011bce5b
                                                            0x011bce60
                                                            0x011bce62
                                                            0x011bce62
                                                            0x011bce68
                                                            0x011bce6d
                                                            0x011bce6f
                                                            0x011bce6f
                                                            0x011bce77
                                                            0x011bce7c
                                                            0x011bce7c
                                                            0x00000000
                                                            0x011bce83
                                                            0x011bce8a

                                                            APIs
                                                            • CloseHandle.KERNEL32(?,00000000,?,00000000,?,011BCE24,00000000), ref: 011BCE47
                                                            • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,011BCE24,00000000), ref: 011BCE53
                                                            • CloseHandle.KERNEL32(011DA518,00000000,?,00000000,?,011BCE24,00000000), ref: 011BCE60
                                                            • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,011BCE24,00000000), ref: 011BCE6D
                                                            • UnmapViewOfFile.KERNEL32(011DA4E8,00000000,?,011BCE24,00000000), ref: 011BCE7C
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$FileUnmapView
                                                            • String ID:
                                                            • API String ID: 260491571-0
                                                            • Opcode ID: b31f754ff39708f72d2f2925930964a126a309aa4e51a66636a13e7c2a3cb0e6
                                                            • Instruction ID: befb7acba3f677a6be52298c8920c0af2ddde1856f4d5b330a687c544da4dec4
                                                            • Opcode Fuzzy Hash: b31f754ff39708f72d2f2925930964a126a309aa4e51a66636a13e7c2a3cb0e6
                                                            • Instruction Fuzzy Hash: 9701F632401B26DFDB35AF6AD880957FFE9BF60611315C93EE2A652920C371A880DF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C890A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011C890A(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x11fa708; // 0x11fa700
					if(_t23 != 0) {
						E011C5CE8(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x11fa70c; // 0x11fb570
					if(_t24 != 0) {
						E011C5CE8(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x11fa710; // 0x11fb570
					if(_t25 != 0) {
						E011C5CE8(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x11fa738; // 0x11fa704
					if(_t26 != 0) {
						E011C5CE8(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x11fa73c; // 0x11fb574
					if(_t27 != 0) {
						return E011C5CE8(_t6);
					}
				}
				return _t6;
			}










                                                            0x011c8910
                                                            0x011c8915
                                                            0x011c8919
                                                            0x011c891f
                                                            0x011c8922
                                                            0x011c8927
                                                            0x011c892b
                                                            0x011c8931
                                                            0x011c8934
                                                            0x011c8939
                                                            0x011c893d
                                                            0x011c8943
                                                            0x011c8946
                                                            0x011c894b
                                                            0x011c894f
                                                            0x011c8955
                                                            0x011c8958
                                                            0x011c895d
                                                            0x011c895e
                                                            0x011c8961
                                                            0x011c8967
                                                            0x00000000
                                                            0x011c896f
                                                            0x011c8967
                                                            0x011c8972

                                                            APIs
                                                            • _free.LIBCMT ref: 011C8922
                                                              • Part of subcall function 011C5CE8: HeapFree.KERNEL32(00000000,00000000,?,011C89A1,?,00000000,?,00000000,?,011C89C8,?,00000007,?,?,011C8E2A,?), ref: 011C5CFE
                                                              • Part of subcall function 011C5CE8: GetLastError.KERNEL32(?,?,011C89A1,?,00000000,?,00000000,?,011C89C8,?,00000007,?,?,011C8E2A,?,?), ref: 011C5D10
                                                            • _free.LIBCMT ref: 011C8934
                                                            • _free.LIBCMT ref: 011C8946
                                                            • _free.LIBCMT ref: 011C8958
                                                            • _free.LIBCMT ref: 011C896A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 4253e894c8df81a566a0ca026b6e7b23f907e95d1826d936d913a992ef984994
                                                            • Instruction ID: fae538dbe0b314ab2013b5a4de5b24f06b252a9c14638edebd9db1629668da0c
                                                            • Opcode Fuzzy Hash: 4253e894c8df81a566a0ca026b6e7b23f907e95d1826d936d913a992ef984994
                                                            • Instruction Fuzzy Hash: 53F04932644604AB966CEA68F1C1C4A77EEFE60B243A44A1DE119D7500DB35F8C08A68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D72DE Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E011D72DE(void* __ebx, void* __eflags, intOrPtr* _a4, signed int* _a8) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _v24;
				signed int _t47;
				intOrPtr* _t67;
				signed int _t68;
				signed int* _t69;
				intOrPtr* _t71;
				intOrPtr* _t77;
				void* _t79;
				intOrPtr* _t81;
				signed int _t82;
				signed int _t86;
				signed int _t87;
				signed int _t91;
				intOrPtr* _t92;
				signed int _t96;

				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_t91 = E011939DF(0x14, 1);
				if(_t91 != 0) {
					_t77 = _a4;
					_t47 =  *((intOrPtr*)( *_t77 + 0x9c))(_t77,  &_v12, __ebx);
					__eflags = _t47;
					if(_t47 != 0) {
						_t10 = _t47 - 1; // -1
						asm("sbb esi, esi");
						_t96 =  ~_t10 & _t47;
						__eflags = _t96;
						goto L6;
					} else {
						_t96 = E0119229E(_t91, _v12, 0);
						__eflags = _t96;
						if(_t96 >= 0) {
							L6:
							__eflags = _t96;
							if(_t96 >= 0) {
								_t96 =  *((intOrPtr*)( *_t77 + 0xa4))(_t77,  &_v16);
								__eflags = _t96;
								if(_t96 >= 0) {
									_t14 = _t91 + 4; // 0x4
									_t96 = E0119229E(_t14, _v16, 0);
									__eflags = _t96;
									if(_t96 >= 0) {
										_t96 = E011D2D56(_t77,  &_v20);
										__eflags = _t96;
										if(_t96 >= 0) {
											_t17 = _t91 + 8; // 0x8
											_t96 = E0119229E(_t17, _v20, 0);
											__eflags = _t96;
											if(_t96 >= 0) {
												_t96 =  *((intOrPtr*)( *_t77 + 0x44))(_t77,  &_v24);
												__eflags = _t96;
												if(_t96 >= 0) {
													_t67 = _v24;
													_t68 =  *((intOrPtr*)( *_t67 + 0x38))(_t67,  &_v8);
													__eflags = _t68;
													if(__eflags != 0) {
														L18:
														_t32 = _t68 - 1; // -1
														asm("sbb esi, esi");
														_t96 =  ~_t32 & _t68;
														__eflags = _t96;
														if(_t96 >= 0) {
															_t69 = _a8;
															while(1) {
																_t86 =  *_t69;
																__eflags = _t86;
																if(_t86 == 0) {
																	break;
																}
																_t69 = _t86 + 0x10;
															}
															 *_t69 = _t91;
															_t91 = 0;
															__eflags = 0;
														}
													} else {
														_t23 = _t91 + 0xc; // 0xc
														_t79 = _t23;
														while(1) {
															_t96 = E011D71DB(_t79, __eflags, _v8, _t79);
															__eflags = _t96;
															if(_t96 < 0) {
																goto L23;
															}
															_t87 = _v8;
															__eflags = _t87;
															if(_t87 != 0) {
																 *((intOrPtr*)( *_t87 + 8))(_t87);
																_t27 =  &_v8;
																 *_t27 = _v8 & 0x00000000;
																__eflags =  *_t27;
															}
															_t71 = _v24;
															_t68 =  *((intOrPtr*)( *_t71 + 0x38))(_t71,  &_v8);
															__eflags = _t68;
															if(__eflags == 0) {
																continue;
															} else {
																goto L18;
															}
															goto L23;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
					L23:
				} else {
					_t96 = 0x8007000e;
					E011938BA(_t45, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp", 0x397, 0x8007000e);
				}
				E011D63B1(_t91);
				_t92 = __imp__#6;
				if(_v12 != 0) {
					 *_t92(_v12);
				}
				if(_v16 != 0) {
					 *_t92(_v16);
				}
				if(_v20 != 0) {
					 *_t92(_v20);
				}
				_t81 = _v24;
				if(_t81 != 0) {
					 *((intOrPtr*)( *_t81 + 8))(_t81);
				}
				_t82 = _v8;
				if(_t82 != 0) {
					 *((intOrPtr*)( *_t82 + 8))(_t82);
				}
				return _t96;
			}






















                                                            0x011d72ec
                                                            0x011d72ef
                                                            0x011d72f2
                                                            0x011d72f5
                                                            0x011d72f8
                                                            0x011d7300
                                                            0x011d7304
                                                            0x011d7321
                                                            0x011d732b
                                                            0x011d7331
                                                            0x011d7333
                                                            0x011d734b
                                                            0x011d7350
                                                            0x011d7352
                                                            0x011d7352
                                                            0x00000000
                                                            0x011d7335
                                                            0x011d733f
                                                            0x011d7341
                                                            0x011d7343
                                                            0x011d7354
                                                            0x011d7354
                                                            0x011d7356
                                                            0x011d7369
                                                            0x011d736b
                                                            0x011d736d
                                                            0x011d7378
                                                            0x011d7381
                                                            0x011d7383
                                                            0x011d7385
                                                            0x011d7395
                                                            0x011d7397
                                                            0x011d7399
                                                            0x011d73a4
                                                            0x011d73ad
                                                            0x011d73af
                                                            0x011d73b1
                                                            0x011d73bd
                                                            0x011d73bf
                                                            0x011d73c1
                                                            0x011d73c3
                                                            0x011d73cd
                                                            0x011d73d0
                                                            0x011d73d2
                                                            0x011d7408
                                                            0x011d7408
                                                            0x011d740d
                                                            0x011d740f
                                                            0x011d740f
                                                            0x011d7411
                                                            0x011d7413
                                                            0x011d741b
                                                            0x011d741b
                                                            0x011d741d
                                                            0x011d741f
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7418
                                                            0x011d7418
                                                            0x011d7421
                                                            0x011d7423
                                                            0x011d7423
                                                            0x011d7423
                                                            0x011d73d4
                                                            0x011d73d4
                                                            0x011d73d4
                                                            0x011d73d7
                                                            0x011d73e0
                                                            0x011d73e2
                                                            0x011d73e4
                                                            0x00000000
                                                            0x00000000
                                                            0x011d73e6
                                                            0x011d73e9
                                                            0x011d73eb
                                                            0x011d73f0
                                                            0x011d73f3
                                                            0x011d73f3
                                                            0x011d73f3
                                                            0x011d73f3
                                                            0x011d73f7
                                                            0x011d7401
                                                            0x011d7404
                                                            0x011d7406
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d7406
                                                            0x011d73d7
                                                            0x011d73d2
                                                            0x011d73c1
                                                            0x011d73b1
                                                            0x011d7399
                                                            0x011d7385
                                                            0x011d736d
                                                            0x011d7356
                                                            0x011d7343
                                                            0x011d7425
                                                            0x011d7306
                                                            0x011d7306
                                                            0x011d7316
                                                            0x011d7316
                                                            0x011d7427
                                                            0x011d7430
                                                            0x011d7436
                                                            0x011d743b
                                                            0x011d743b
                                                            0x011d7441
                                                            0x011d7446
                                                            0x011d7446
                                                            0x011d744c
                                                            0x011d7451
                                                            0x011d7451
                                                            0x011d7453
                                                            0x011d7458
                                                            0x011d745d
                                                            0x011d745d
                                                            0x011d7460
                                                            0x011d7465
                                                            0x011d746a
                                                            0x011d746a
                                                            0x011d7472

                                                            APIs
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D743B
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D7446
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D7451
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp, xrefs: 011D7311
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeString$Heap$AllocateProcess
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp
                                                            • API String ID: 2724874077-632479057
                                                            • Opcode ID: 736e8fa632c83be0e08a0d265d49d9d21257fac964e3d2e70522bb2ba240c13b
                                                            • Instruction ID: b5f1117e4ceadd542ecd07a78d168f15f915c39f0bb87b4a4a407d08df8e2ebf
                                                            • Opcode Fuzzy Hash: 736e8fa632c83be0e08a0d265d49d9d21257fac964e3d2e70522bb2ba240c13b
                                                            • Instruction Fuzzy Hash: E3515A31A01226EFDB1ADF64C885EAEBF78EF4475CF154198E915AB150DB70DD04CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D2F2C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E011D2F2C(intOrPtr _a4, signed char _a8, intOrPtr* _a12) {
				void* _v8;
				void* _v12;
				char _v16;
				intOrPtr _v24;
				char _v32;
				short _t29;
				intOrPtr* _t46;
				intOrPtr* _t53;
				intOrPtr* _t54;
				void* _t59;

				_t53 = 0;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				__imp__#8( &_v32);
				_t29 = 8;
				_v32 = _t29;
				__imp__#2(_a4);
				_v24 = _t29;
				if(_t29 != 0) {
					_t59 = E011D28BD(0,  &_v8, 0);
					if(_t59 == 1) {
						_t59 = 0x80004005;
					}
					_t53 = _v8;
					if(_t59 < 0) {
						goto L17;
					}
					if((_a8 & 0x00000001) == 0) {
						L7:
						_t59 =  *((intOrPtr*)( *_t53 + 0x110))(_t53, 0);
						if(_t59 >= 0) {
							_t59 =  *((intOrPtr*)( *_t53 + 0x118))(_t53, 0);
							if(_t59 >= 0) {
								 *((intOrPtr*)( *_t53 + 0xfc))(_t53, 0);
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t59 =  *((intOrPtr*)( *_t53 + 0xe8))(_t53,  &_v16);
								if(_t59 == 1) {
									_t59 = 0x8007006e;
								}
								if(_t59 >= 0) {
									_t46 = _a12;
									if(_t46 != 0) {
										 *_t46 = _t53;
										_t53 = 0;
									}
									_t59 = 0;
								} else {
									_push( &_v12);
									_push(_t53);
									if( *((intOrPtr*)( *_t53 + 0xf0))() == 0) {
										E011D2823( &_v12, _v12);
									}
								}
							}
						}
						goto L17;
					}
					_t59 =  *((intOrPtr*)( *_t53 + 0x120))(_t53, 0xffffffff);
					if(_t59 < 0) {
						goto L17;
					}
					goto L7;
				} else {
					_t59 = 0x8007000e;
					E011938BA(_t29, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x16a, 0x8007000e);
					L17:
					__imp__#9( &_v32);
					if(_t53 != 0) {
						 *((intOrPtr*)( *_t53 + 8))(_t53);
					}
					_t54 = _v12;
					if(_t54 != 0) {
						 *((intOrPtr*)( *_t54 + 8))(_t54);
					}
					return _t59;
				}
			}













                                                            0x011d2f3a
                                                            0x011d2f3c
                                                            0x011d2f40
                                                            0x011d2f43
                                                            0x011d2f46
                                                            0x011d2f4e
                                                            0x011d2f52
                                                            0x011d2f56
                                                            0x011d2f5c
                                                            0x011d2f61
                                                            0x011d2f88
                                                            0x011d2f8d
                                                            0x011d2f8f
                                                            0x011d2f8f
                                                            0x011d2f94
                                                            0x011d2f99
                                                            0x00000000
                                                            0x00000000
                                                            0x011d2fa3
                                                            0x011d2fb6
                                                            0x011d2fc0
                                                            0x011d2fc4
                                                            0x011d2fd0
                                                            0x011d2fd4
                                                            0x011d2fda
                                                            0x011d2fef
                                                            0x011d2ff0
                                                            0x011d2ff1
                                                            0x011d2ff2
                                                            0x011d2ff9
                                                            0x011d2ffe
                                                            0x011d3000
                                                            0x011d3000
                                                            0x011d3007
                                                            0x011d3024
                                                            0x011d3029
                                                            0x011d302b
                                                            0x011d302d
                                                            0x011d302d
                                                            0x011d302f
                                                            0x011d3009
                                                            0x011d300e
                                                            0x011d300f
                                                            0x011d3018
                                                            0x011d301d
                                                            0x011d301d
                                                            0x011d3018
                                                            0x011d3007
                                                            0x011d2fd4
                                                            0x00000000
                                                            0x011d2fc4
                                                            0x011d2fb0
                                                            0x011d2fb4
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d2f63
                                                            0x011d2f63
                                                            0x011d2f73
                                                            0x011d3031
                                                            0x011d3035
                                                            0x011d303d
                                                            0x011d3042
                                                            0x011d3042
                                                            0x011d3045
                                                            0x011d304a
                                                            0x011d304f
                                                            0x011d304f
                                                            0x011d3058
                                                            0x011d3058

                                                            APIs
                                                            • VariantInit.OLEAUT32(000002C0), ref: 011D2F46
                                                            • SysAllocString.OLEAUT32(?), ref: 011D2F56
                                                            • VariantClear.OLEAUT32(?), ref: 011D3035
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp, xrefs: 011D2F6E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Variant$AllocClearInitString
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 2213243845-3017383397
                                                            • Opcode ID: 907522611a7863b15e6faaea1c2b313b23234f1bbd3dcf9129e94b744d6f7bdb
                                                            • Instruction ID: eece1f792c19cec666721a8addde6f2e3a2759a23cbaa87ea8b13ba35b7500da
                                                            • Opcode Fuzzy Hash: 907522611a7863b15e6faaea1c2b313b23234f1bbd3dcf9129e94b744d6f7bdb
                                                            • Instruction Fuzzy Hash: 7441A775D10225ABDB29DFA8C888EAFBBB8BF05750F0541A5FD21EB201D735D940CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C5F23 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 88%
                                                            			E011C5F23(int* _a4, char* _a8, int _a12, short _a16, intOrPtr _a20) {
				int _v8;
				char _v12;
				intOrPtr _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				signed int* _t21;
				intOrPtr _t23;
				intOrPtr* _t26;
				intOrPtr* _t28;
				intOrPtr* _t31;
				char _t32;
				int* _t33;
				intOrPtr* _t35;
				signed int* _t37;
				char* _t39;
				int _t43;
				void* _t46;
				int _t47;

				_t39 = _a8;
				_t47 = _a12;
				if(_t39 == 0 && _t47 != 0) {
					_t37 = _a4;
					if(_t37 != 0) {
						 *_t37 =  *_t37 & 0x00000000;
					}
					return 0;
				}
				_t21 = _a4;
				if(_t21 != 0) {
					 *_t21 =  *_t21 | 0xffffffff;
				}
				if(_t47 <= 0x7fffffff) {
					E011C12A9(_t39,  &_v24, _t46, _a20);
					_t23 = _v20;
					if( *((intOrPtr*)(_t23 + 0xa8)) != 0) {
						_v8 = 0;
						_t43 = WideCharToMultiByte( *(_t23 + 8), 0,  &_a16, 1, _t39, _t47, 0,  &_v8);
						if(_t43 == 0) {
							if(GetLastError() != 0x7a) {
								L14:
								_t26 = E011C3728();
								_push(0x2a);
								_pop(0);
								 *_t26 = 0;
								L15:
								if(_v12 != 0) {
									 *(_v24 + 0x350) =  *(_v24 + 0x350) & 0xfffffffd;
								}
								goto L17;
							}
							if(_t39 != 0 && _t47 != 0) {
								E011BF600(_t47, _t39, 0, _t47);
							}
							L32:
							_t28 = E011C3728();
							_push(0x22);
							_pop(0);
							 *_t28 = 0;
							E011C366C();
							goto L15;
						}
						if(_v8 != 0) {
							goto L14;
						}
						_t31 = _a4;
						if(_t31 != 0) {
							 *_t31 = _t43;
						}
						goto L15;
					}
					_t32 = _a16;
					if(_t32 <= 0xff) {
						if(_t39 == 0) {
							L22:
							_t33 = _a4;
							if(_t33 != 0) {
								 *_t33 = 1;
							}
							goto L15;
						}
						if(_t47 == 0) {
							goto L32;
						}
						 *_t39 = _t32;
						goto L22;
					}
					if(_t39 != 0 && _t47 != 0) {
						E011BF600(_t47, _t39, 0, _t47);
					}
					goto L14;
				} else {
					_t35 = E011C3728();
					_push(0x16);
					_pop(0);
					 *_t35 = 0;
					E011C366C();
					L17:
					return 0;
				}
			}






















                                                            0x011c5f2c
                                                            0x011c5f30
                                                            0x011c5f35
                                                            0x011c5f3b
                                                            0x011c5f40
                                                            0x011c5f42
                                                            0x011c5f42
                                                            0x00000000
                                                            0x011c5f45
                                                            0x011c5f49
                                                            0x011c5f4e
                                                            0x011c5f50
                                                            0x011c5f50
                                                            0x011c5f5a
                                                            0x011c5f73
                                                            0x011c5f78
                                                            0x011c5f83
                                                            0x011c5fe5
                                                            0x011c5ffc
                                                            0x011c6000
                                                            0x011c601b
                                                            0x011c5fa6
                                                            0x011c5fa6
                                                            0x011c5fab
                                                            0x011c5fad
                                                            0x011c5fae
                                                            0x011c5fb0
                                                            0x011c5fb4
                                                            0x011c5fb9
                                                            0x011c5fb9
                                                            0x00000000
                                                            0x011c5fb4
                                                            0x011c601f
                                                            0x011c6028
                                                            0x011c602d
                                                            0x011c6030
                                                            0x011c6030
                                                            0x011c6035
                                                            0x011c6037
                                                            0x011c6038
                                                            0x011c603a
                                                            0x00000000
                                                            0x011c603a
                                                            0x011c6005
                                                            0x00000000
                                                            0x00000000
                                                            0x011c6007
                                                            0x011c600c
                                                            0x011c600e
                                                            0x011c600e
                                                            0x00000000
                                                            0x011c600c
                                                            0x011c5f85
                                                            0x011c5f91
                                                            0x011c5fcb
                                                            0x011c5fd3
                                                            0x011c5fd3
                                                            0x011c5fd8
                                                            0x011c5fda
                                                            0x011c5fda
                                                            0x00000000
                                                            0x011c5fd8
                                                            0x011c5fcf
                                                            0x00000000
                                                            0x00000000
                                                            0x011c5fd1
                                                            0x00000000
                                                            0x011c5fd1
                                                            0x011c5f95
                                                            0x011c5f9e
                                                            0x011c5fa3
                                                            0x00000000
                                                            0x011c5f5c
                                                            0x011c5f5c
                                                            0x011c5f61
                                                            0x011c5f63
                                                            0x011c5f64
                                                            0x011c5f66
                                                            0x011c5fc0
                                                            0x00000000
                                                            0x011c5fc2

                                                            APIs
                                                            • WideCharToMultiByte.KERNEL32(011DA518,00000000,00000006,00000001,comres.dll,?,00000000,?,00000000,?,?,00000000,00000006,?,comres.dll,?), ref: 011C5FF6
                                                            • GetLastError.KERNEL32 ref: 011C6012
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ByteCharErrorLastMultiWide
                                                            • String ID: @Mqt$comres.dll
                                                            • API String ID: 203985260-1881616222
                                                            • Opcode ID: 0972ce128eb163f0de8384f26cf065fd24b2e88db3b97cf16a3cc35ffa4b6d50
                                                            • Instruction ID: cfa7006f2011cbd5b840aee5cf35c005d984da7eb0ba7e396d27de768439b6e5
                                                            • Opcode Fuzzy Hash: 0972ce128eb163f0de8384f26cf065fd24b2e88db3b97cf16a3cc35ffa4b6d50
                                                            • Instruction Fuzzy Hash: 2531D171700213ABDB2D9F5DC884AAB7BAAAF71E50F15002DF9145B280DB31A940C7A3
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D0708 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 88%
                                                            			E011D0708(void* __ecx, void* _a4, int _a8, short** _a12) {
				int _v8;
				short** _t39;
				signed short _t42;
				signed short _t52;
				signed short _t53;

				_t39 = _a12;
				_v8 = 0;
				if(_t39 == 0 ||  *_t39 == 0) {
					L4:
					_v8 = 2;
					_t42 = E01191FE0(_t39, 2);
					if(_t42 >= 0) {
						goto L5;
					}
				} else {
					_t42 = E01192847( *_t39,  &_v8);
					if(_t42 >= 0) {
						if(_v8 >= 2) {
							L5:
							_t22 = RegEnumKeyExW(_a4, _a8,  *_t39,  &_v8, 0, 0, 0, 0);
							if(_t22 != 0xea) {
								__eflags = _t22 - 0x103;
								if(_t22 != 0x103) {
									goto L15;
								} else {
									_t42 = 0x80070103;
								}
							} else {
								_t42 = RegQueryInfoKeyW(_a4, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0, 0, 0);
								_t52 = _t42;
								if(_t52 == 0) {
									_v8 = _v8 + 1;
									_t42 = E01191FE0(_t39, _v8 + 1);
									__eflags = _t42;
									if(_t42 >= 0) {
										_t22 = RegEnumKeyExW(_a4, _a8,  *_t39,  &_v8, 0, 0, 0, 0);
										L15:
										__eflags = _t22;
										if(__eflags == 0) {
											__eflags = 0;
											( *_t39)[_v8] = 0;
										} else {
											if(__eflags > 0) {
												_t42 = _t22 & 0x0000ffff | 0x80070000;
												__eflags = _t42;
											} else {
												_t42 = _t22;
											}
											__eflags = _t42;
											if(_t42 >= 0) {
												_t42 = 0x80004005;
											}
											_push(_t42);
											_push(0x133);
											goto L12;
										}
									}
								} else {
									if(_t52 > 0) {
										_t42 = _t42 & 0x0000ffff | 0x80070000;
										_t53 = _t42;
									}
									if(_t53 >= 0) {
										_t42 = 0x80004005;
									}
									_push(_t42);
									_push(0x127);
									L12:
									_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
									E011938BA(_t22);
								}
							}
						} else {
							goto L4;
						}
					}
				}
				return _t42;
			}








                                                            0x011d070f
                                                            0x011d0714
                                                            0x011d0719
                                                            0x011d073a
                                                            0x011d073d
                                                            0x011d0749
                                                            0x011d074d
                                                            0x00000000
                                                            0x00000000
                                                            0x011d071f
                                                            0x011d072a
                                                            0x011d072e
                                                            0x011d0738
                                                            0x011d0753
                                                            0x011d0763
                                                            0x011d076e
                                                            0x011d07e7
                                                            0x011d07ec
                                                            0x00000000
                                                            0x011d07ee
                                                            0x011d07ee
                                                            0x011d07ee
                                                            0x011d0770
                                                            0x011d0787
                                                            0x011d0789
                                                            0x011d078b
                                                            0x011d07b9
                                                            0x011d07c1
                                                            0x011d07c3
                                                            0x011d07c5
                                                            0x011d07d7
                                                            0x011d07dd
                                                            0x011d07dd
                                                            0x011d07df
                                                            0x011d0811
                                                            0x011d0816
                                                            0x011d07e1
                                                            0x011d07e1
                                                            0x011d07f8
                                                            0x011d07f8
                                                            0x011d07e3
                                                            0x011d07e3
                                                            0x011d07e3
                                                            0x011d07fe
                                                            0x011d0800
                                                            0x011d0802
                                                            0x011d0802
                                                            0x011d0807
                                                            0x011d0808
                                                            0x00000000
                                                            0x011d0808
                                                            0x011d07df
                                                            0x011d078d
                                                            0x011d078d
                                                            0x011d0792
                                                            0x011d0798
                                                            0x011d0798
                                                            0x011d079a
                                                            0x011d079c
                                                            0x011d079c
                                                            0x011d07a1
                                                            0x011d07a2
                                                            0x011d07a7
                                                            0x011d07a7
                                                            0x011d07ac
                                                            0x011d07ac
                                                            0x011d078b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d0738
                                                            0x011d072e
                                                            0x011d0820

                                                            APIs
                                                            • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,011B8B57), ref: 011D0763
                                                            • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,011B8B57,00000000), ref: 011D0781
                                                            • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000003,?,?,011B8B57,00000000,00000000,00000000), ref: 011D07D7
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 011D07A7
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Enum$InfoQuery
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 73471667-3237223240
                                                            • Opcode ID: af87898ea33b312553b93419eac6f90859d476fe6aaf7f681223c73348a9eaa7
                                                            • Instruction ID: a975fe2e47cc297a926968e124d624c7340576bd4f4f9e5fae814a0fa99c40cc
                                                            • Opcode Fuzzy Hash: af87898ea33b312553b93419eac6f90859d476fe6aaf7f681223c73348a9eaa7
                                                            • Instruction Fuzzy Hash: F331A877D0152AFBEB198A98CC45DEFBB6DEF08764F124165BE50AB110D7309E408BE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D71DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 65%
                                                            			E011D71DB(void* __ebx, void* __eflags, intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				char _v16;
				signed int _t26;
				intOrPtr* _t40;
				intOrPtr* _t44;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr* _t50;
				signed int _t54;

				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t49 = E011939DF(0x10, 1);
				if(_t49 != 0) {
					_t44 = _a4;
					_t26 =  *((intOrPtr*)( *_t44 + 0x9c))(_t44,  &_v8, __ebx);
					if(_t26 != 0) {
						_t8 = _t26 - 1; // -1
						asm("sbb esi, esi");
						_t54 =  ~_t8 & _t26;
						goto L6;
					} else {
						_t54 = E0119229E(_t49, _v8, 0);
						if(_t54 >= 0) {
							L6:
							if(_t54 >= 0) {
								_t54 =  *((intOrPtr*)( *_t44 + 0xa4))(_t44,  &_v12);
								if(_t54 >= 0) {
									_t12 = _t49 + 4; // 0x4
									_t54 = E0119229E(_t12, _v12, 0);
									if(_t54 >= 0) {
										_t54 = E011D2D56(_t44,  &_v16);
										if(_t54 >= 0) {
											_t15 = _t49 + 8; // 0x8
											_t54 = E0119229E(_t15, _v16, 0);
											if(_t54 >= 0) {
												_t40 = _a8;
												while(1) {
													_t48 =  *_t40;
													if(_t48 == 0) {
														break;
													}
													_t40 = _t48 + 0xc;
												}
												 *_t40 = _t49;
												_t49 = 0;
											}
										}
									}
								}
							}
						}
					}
				} else {
					_t54 = 0x8007000e;
					E011938BA(_t24, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp", 0x3ea, 0x8007000e);
				}
				E011D6368(_t49);
				_t50 = __imp__#6;
				if(_v8 != 0) {
					 *_t50(_v8);
				}
				if(_v12 != 0) {
					 *_t50(_v12);
				}
				if(_v16 != 0) {
					 *_t50(_v16);
				}
				return _t54;
			}













                                                            0x011d71e9
                                                            0x011d71ec
                                                            0x011d71ef
                                                            0x011d71f7
                                                            0x011d71fb
                                                            0x011d7218
                                                            0x011d7222
                                                            0x011d722a
                                                            0x011d723e
                                                            0x011d7243
                                                            0x011d7245
                                                            0x00000000
                                                            0x011d722c
                                                            0x011d7236
                                                            0x011d723a
                                                            0x011d7247
                                                            0x011d7249
                                                            0x011d7258
                                                            0x011d725c
                                                            0x011d7263
                                                            0x011d726c
                                                            0x011d7270
                                                            0x011d727c
                                                            0x011d7280
                                                            0x011d7287
                                                            0x011d7290
                                                            0x011d7294
                                                            0x011d7296
                                                            0x011d729e
                                                            0x011d729e
                                                            0x011d72a2
                                                            0x00000000
                                                            0x00000000
                                                            0x011d729b
                                                            0x011d729b
                                                            0x011d72a4
                                                            0x011d72a6
                                                            0x011d72a6
                                                            0x011d7294
                                                            0x011d7280
                                                            0x011d7270
                                                            0x011d725c
                                                            0x011d7249
                                                            0x011d723a
                                                            0x011d71fd
                                                            0x011d71fd
                                                            0x011d720d
                                                            0x011d720d
                                                            0x011d72aa
                                                            0x011d72b3
                                                            0x011d72b9
                                                            0x011d72be
                                                            0x011d72be
                                                            0x011d72c4
                                                            0x011d72c9
                                                            0x011d72c9
                                                            0x011d72cf
                                                            0x011d72d4
                                                            0x011d72d4
                                                            0x011d72db

                                                            APIs
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D72BE
                                                            • SysFreeString.OLEAUT32(?), ref: 011D72C9
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D72D4
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp, xrefs: 011D7208
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeString$Heap$AllocateProcess
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp
                                                            • API String ID: 2724874077-632479057
                                                            • Opcode ID: 2afca373bb156d891f0a0543b9508557ef25f16a01397abe16afe0d8911f5d03
                                                            • Instruction ID: 39bfa7906d35ff86a8c8e46f50f202326e3b85d9e8ecc1fe569545925b3a4a72
                                                            • Opcode Fuzzy Hash: 2afca373bb156d891f0a0543b9508557ef25f16a01397abe16afe0d8911f5d03
                                                            • Instruction Fuzzy Hash: 0C31C831D0162ABBDB2AAB95CC44F9EBB78BF40758F114155F910BB180D770ED05CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D8B19 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E011D8B19(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _t57;

				_t54 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_t57 = E011D85F6(__ecx, _a8,  &_v20);
				if(_t57 >= 0) {
					_t57 = E011D04A5(__ecx, _a4, _v20, 0x20006, 0, 0,  &_v12,  &_v24);
					if(_t57 >= 0) {
						_push(_a12);
						_t57 = E01192022( &_v16, L"%ls\\%ls",  *0x11fa7e4);
						if(_t57 >= 0) {
							_t57 = E011D04A5(_t54, _v12, _v16, 0x20006, 0, 0,  &_v8,  &_v24);
							if(_t57 >= 0) {
								_t57 = E011D0D87(_t54, _v8,  *0x11fa7d4, _a16);
								if(_t57 >= 0) {
									_t57 = E011D0D87(_t54, _v8,  *0x11fa7d8, _a20);
									if(_t57 >= 0 && _a24 != 0) {
										_t57 = E011D0D39(_v8,  *0x11fa7dc, _a24);
									}
								}
							}
						}
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = 0;
				}
				if(_v16 != 0) {
					E01192762(_v16);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = 0;
				}
				if(_v20 != 0) {
					E01192762(_v20);
				}
				return _t57;
			}









                                                            0x011d8b19
                                                            0x011d8b2b
                                                            0x011d8b2e
                                                            0x011d8b31
                                                            0x011d8b34
                                                            0x011d8b37
                                                            0x011d8b3f
                                                            0x011d8b43
                                                            0x011d8b64
                                                            0x011d8b68
                                                            0x011d8b6e
                                                            0x011d8b85
                                                            0x011d8b8c
                                                            0x011d8ba4
                                                            0x011d8ba8
                                                            0x011d8bbb
                                                            0x011d8bbf
                                                            0x011d8bd2
                                                            0x011d8bd6
                                                            0x011d8bee
                                                            0x011d8bee
                                                            0x011d8bd6
                                                            0x011d8bbf
                                                            0x011d8ba8
                                                            0x011d8b8c
                                                            0x011d8b68
                                                            0x011d8bf9
                                                            0x011d8bfe
                                                            0x011d8c00
                                                            0x011d8c00
                                                            0x011d8c06
                                                            0x011d8c0b
                                                            0x011d8c0b
                                                            0x011d8c13
                                                            0x011d8c18
                                                            0x011d8c1a
                                                            0x011d8c1a
                                                            0x011d8c20
                                                            0x011d8c25
                                                            0x011d8c25
                                                            0x011d8c30

                                                            APIs
                                                              • Part of subcall function 011D85F6: lstrlenW.KERNEL32(00000100,?,?,?,011D8996,000002C0,00000100,00000100,00000100,?,?,?,011B7AD3,?,?,000001BC), ref: 011D861B
                                                            • RegCloseKey.ADVAPI32(00000000,00000000,crypt32.dll,00000000,00000000,00000000,00000000,crypt32.dll), ref: 011D8BFE
                                                            • RegCloseKey.ADVAPI32(00000001,00000000,crypt32.dll,00000000,00000000,00000000,00000000,crypt32.dll), ref: 011D8C18
                                                              • Part of subcall function 011D04A5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,011A05B1,?,00000000,00020006), ref: 011D04CA
                                                              • Part of subcall function 011D0D87: RegSetValueExW.ADVAPI32(00020006,011DFF38,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0119F2DF,00000000,?,00020006), ref: 011D0DBA
                                                              • Part of subcall function 011D0D87: RegDeleteValueW.ADVAPI32(00020006,011DFF38,00000000,?,?,0119F2DF,00000000,?,00020006,?,011DFF38,00020006,00000000,?,?,?), ref: 011D0DEA
                                                              • Part of subcall function 011D0D39: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,0119F237,011DFF38,Resume,00000005,?,00000000,00000000,00000000), ref: 011D0D4E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Value$Close$CreateDeletelstrlen
                                                            • String ID: %ls\%ls$crypt32.dll
                                                            • API String ID: 3924016894-1754266218
                                                            • Opcode ID: 5067ba93174f29642eae3297595c8623ca64963628c8cbcf2ee5bf5ffd86d8b2
                                                            • Instruction ID: 22f4c5d943fb1353b548fcb61ce8a7d7a6accd175865ff8f35b16d9e6a255aeb
                                                            • Opcode Fuzzy Hash: 5067ba93174f29642eae3297595c8623ca64963628c8cbcf2ee5bf5ffd86d8b2
                                                            • Instruction Fuzzy Hash: BF31F8B2C0152AFFCF269F94D980DDEBFB9EF14654B01416AEA1472120D7329E51EB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CC722 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 81fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E011CC722(intOrPtr* _a4, signed int _a8, signed short* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v10;
				void _v5128;
				intOrPtr _v5132;
				long _v5136;
				void* _v5140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				intOrPtr _t35;
				long _t43;
				signed int _t44;
				signed short* _t47;
				void* _t48;
				void* _t52;
				signed int* _t57;
				long _t59;
				void* _t60;
				intOrPtr* _t62;
				void* _t63;
				signed int _t64;

				E011D9760();
				_t29 =  *0x11fa008; // 0x295f764a
				_v8 = _t29 ^ _t64;
				_t49 = _a8;
				_t47 = _a12;
				_t62 = _a4;
				_t52 =  *( *((intOrPtr*)(0x11fb118 + (_a8 >> 6) * 4)) + 0x18 + (_t49 & 0x0000003f) * 0x30);
				_t35 = _a16 + _t47;
				_v5140 = _t52;
				_v5132 = _t35;
				 *_t62 = 0;
				 *((intOrPtr*)(_t62 + 4)) = 0;
				 *((intOrPtr*)(_t62 + 8)) = 0;
				while(_t47 < _t35) {
					_t57 =  &_v5128;
					while(_t47 < _t35) {
						_t44 =  *_t47 & 0x0000ffff;
						_t47 =  &(_t47[1]);
						if(_t44 == 0xa) {
							 *((intOrPtr*)(_t62 + 8)) =  *((intOrPtr*)(_t62 + 8)) + 2;
							_push(0xd);
							_pop(0);
							 *_t57 = 0;
							_t57 =  &(_t57[0]);
						}
						 *_t57 = _t44;
						_t57 =  &(_t57[0]);
						_t35 = _v5132;
						if(_t57 <  &_v10) {
							continue;
						}
						break;
					}
					_t59 = _t57 -  &_v5128 & 0xfffffffe;
					if(WriteFile(_t52,  &_v5128, _t59,  &_v5136, 0) == 0) {
						 *_t62 = GetLastError();
					} else {
						_t43 = _v5136;
						 *((intOrPtr*)(_t62 + 4)) =  *((intOrPtr*)(_t62 + 4)) + _t43;
						if(_t43 >= _t59) {
							_t35 = _v5132;
							_t52 = _v5140;
							continue;
						}
					}
					L12:
					_pop(_t60);
					_pop(_t63);
					_pop(_t48);
					return E011BDD1F(_t48, _v8 ^ _t64, 0, _t60, _t63);
				}
				goto L12;
			}

























                                                            0x011cc72c
                                                            0x011cc731
                                                            0x011cc738
                                                            0x011cc73b
                                                            0x011cc74a
                                                            0x011cc755
                                                            0x011cc759
                                                            0x011cc760
                                                            0x011cc762
                                                            0x011cc76a
                                                            0x011cc770
                                                            0x011cc772
                                                            0x011cc775
                                                            0x011cc7ef
                                                            0x011cc77a
                                                            0x011cc780
                                                            0x011cc784
                                                            0x011cc787
                                                            0x011cc78d
                                                            0x011cc78f
                                                            0x011cc793
                                                            0x011cc795
                                                            0x011cc796
                                                            0x011cc799
                                                            0x011cc799
                                                            0x011cc79c
                                                            0x011cc7a2
                                                            0x011cc7a7
                                                            0x011cc7ad
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011cc7ad
                                                            0x011cc7c0
                                                            0x011cc7d4
                                                            0x011cc7fb
                                                            0x011cc7d6
                                                            0x011cc7d6
                                                            0x011cc7dc
                                                            0x011cc7e1
                                                            0x011cc7e3
                                                            0x011cc7e9
                                                            0x00000000
                                                            0x011cc7e9
                                                            0x011cc7e1
                                                            0x011cc7fd
                                                            0x011cc802
                                                            0x011cc803
                                                            0x011cc806
                                                            0x011cc80f
                                                            0x011cc80f
                                                            0x00000000

                                                            APIs
                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,011CCB5F,00000000,00000000,00000000,00000000,00000000,011C2718), ref: 011CC7CC
                                                            • GetLastError.KERNEL32(?,011CCB5F,00000000,00000000,00000000,00000000,00000000,011C2718,00000000,011C2718,011F7BB8,00000010,011CB677,006B8EB0,011F7B30,00000010), ref: 011CC7F5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastWrite
                                                            • String ID: @Mqt$Jv_)
                                                            • API String ID: 442123175-3215632469
                                                            • Opcode ID: bc057e31130f91bd2f6128945eb8fe71ef388d419fcc282063582010861a1352
                                                            • Instruction ID: 4ed39e9c943a242c78c74d20960fbaf655363dc6323b7425ff66cad96b1b5fbd
                                                            • Opcode Fuzzy Hash: bc057e31130f91bd2f6128945eb8fe71ef388d419fcc282063582010861a1352
                                                            • Instruction Fuzzy Hash: 0F318F31A007199BCB28CF69D980ADAB3F9EF58710F1484AEE519D7250E730AD81CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CC643 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E011CC643(signed int* _a4, signed int _a8, intOrPtr* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v9;
				void _v5128;
				intOrPtr _v5132;
				long _v5136;
				void* _v5140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				intOrPtr _t37;
				long _t45;
				char _t46;
				intOrPtr* _t49;
				void* _t50;
				void* _t54;
				void* _t57;
				char* _t59;
				long _t60;
				void* _t61;
				signed int* _t63;
				void* _t64;
				signed int _t65;

				E011D9760();
				_t31 =  *0x11fa008; // 0x295f764a
				_v8 = _t31 ^ _t65;
				_t51 = _a8;
				_t49 = _a12;
				_t63 = _a4;
				_t54 =  *( *((intOrPtr*)(0x11fb118 + (_a8 >> 6) * 4)) + 0x18 + (_t51 & 0x0000003f) * 0x30);
				 *_t63 =  *_t63 & 0x00000000;
				_t37 = _a16 + _t49;
				_t63[1] = _t63[1] & 0x00000000;
				_t63[2] = _t63[2] & 0x00000000;
				_v5140 = _t54;
				_v5132 = _t37;
				while(_t49 < _t37) {
					_t59 =  &_v5128;
					while(_t49 < _t37) {
						_t46 =  *_t49;
						_t49 = _t49 + 1;
						if(_t46 == 0xa) {
							_t63[2] = _t63[2] + 1;
							 *_t59 = 0xd;
							_t59 = _t59 + 1;
						}
						 *_t59 = _t46;
						_t59 = _t59 + 1;
						_t37 = _v5132;
						if(_t59 <  &_v9) {
							continue;
						}
						break;
					}
					_t60 = _t59 -  &_v5128;
					if(WriteFile(_t54,  &_v5128, _t60,  &_v5136, 0) == 0) {
						 *_t63 = GetLastError();
					} else {
						_t45 = _v5136;
						_t63[1] = _t63[1] + _t45;
						if(_t45 >= _t60) {
							_t37 = _v5132;
							_t54 = _v5140;
							continue;
						}
					}
					L12:
					_pop(_t61);
					_pop(_t64);
					_pop(_t50);
					return E011BDD1F(_t50, _v8 ^ _t65, _t57, _t61, _t64);
				}
				goto L12;
			}


























                                                            0x011cc64d
                                                            0x011cc652
                                                            0x011cc659
                                                            0x011cc65c
                                                            0x011cc66b
                                                            0x011cc676
                                                            0x011cc67a
                                                            0x011cc681
                                                            0x011cc684
                                                            0x011cc686
                                                            0x011cc68a
                                                            0x011cc68e
                                                            0x011cc694
                                                            0x011cc701
                                                            0x011cc69c
                                                            0x011cc6a2
                                                            0x011cc6a6
                                                            0x011cc6a8
                                                            0x011cc6ab
                                                            0x011cc6ad
                                                            0x011cc6b0
                                                            0x011cc6b3
                                                            0x011cc6b3
                                                            0x011cc6b4
                                                            0x011cc6b9
                                                            0x011cc6bc
                                                            0x011cc6c2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011cc6c2
                                                            0x011cc6ca
                                                            0x011cc6e6
                                                            0x011cc70d
                                                            0x011cc6e8
                                                            0x011cc6e8
                                                            0x011cc6ee
                                                            0x011cc6f3
                                                            0x011cc6f5
                                                            0x011cc6fb
                                                            0x00000000
                                                            0x011cc6fb
                                                            0x011cc6f3
                                                            0x011cc70f
                                                            0x011cc714
                                                            0x011cc715
                                                            0x011cc718
                                                            0x011cc721
                                                            0x011cc721
                                                            0x00000000

                                                            APIs
                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,011CCB7F,00000000,00000000,00000000,00000000,00000000,011C2718), ref: 011CC6DE
                                                            • GetLastError.KERNEL32(?,011CCB7F,00000000,00000000,00000000,00000000,00000000,011C2718,00000000,011C2718,011F7BB8,00000010,011CB677,006B8EB0,011F7B30,00000010), ref: 011CC707
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastWrite
                                                            • String ID: @Mqt$Jv_)
                                                            • API String ID: 442123175-3215632469
                                                            • Opcode ID: 0f26eb5725758f5654c9ded29979a7cf86982ea4cadec1e767f1b6aa268b20f0
                                                            • Instruction ID: 7cc10bdc459300906f7de9c6af6aaed2d00d912afddd73cf0bfae22dffff953e
                                                            • Opcode Fuzzy Hash: 0f26eb5725758f5654c9ded29979a7cf86982ea4cadec1e767f1b6aa268b20f0
                                                            • Instruction Fuzzy Hash: 8F21D175A002199FCB29CF69D980BE9B7F9FB18715F1044AEE94AD3241D730AD85CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011B8857 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 39%
                                                            			E011B8857(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				signed int _v12;
				signed int _t28;
				intOrPtr* _t44;
				signed int _t47;

				_t39 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				if(E011D0823(_a8, _a12, 0x20019,  &_v8) >= 0) {
					_t28 = E011B83E3(_v8, _a16,  &_v12);
					__eflags = _t28;
					if(_t28 < 0) {
						L10:
						_t47 = 0x80070490;
					} else {
						__eflags = _v12;
						if(__eflags == 0) {
							goto L10;
						} else {
							_t44 = _a20;
							_t47 = E01193A01(_t39, __eflags, _t44,  *(_t44 + 4) + 1, 0xf8, 5);
							__eflags = _t47;
							if(_t47 >= 0) {
								_t47 = E011B8922(_t39, _a12, _v8, _a4, _v12,  *(_t44 + 4) * 0xf8 +  *_t44);
								__eflags = _t47;
								if(_t47 >= 0) {
									 *(_t44 + 4) =  *(_t44 + 4) + 1;
								} else {
									_push(_a12);
									_push("Failed to initialize package from related bundle id: %ls");
									goto L2;
								}
							} else {
								_push("Failed to ensure there is space for related bundles.");
								_push(_t47);
								E011CFB09();
							}
						}
					}
				} else {
					_push(_a12);
					_push("Failed to open uninstall key for potential related bundle: %ls");
					L2:
					_push(_t47);
					E011CFB09();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t47;
			}








                                                            0x011b8857
                                                            0x011b885a
                                                            0x011b885b
                                                            0x011b885c
                                                            0x011b8863
                                                            0x011b887e
                                                            0x011b889d
                                                            0x011b88a2
                                                            0x011b88a4
                                                            0x011b8906
                                                            0x011b8906
                                                            0x011b88a6
                                                            0x011b88a6
                                                            0x011b88aa
                                                            0x00000000
                                                            0x011b88ac
                                                            0x011b88ac
                                                            0x011b88c1
                                                            0x011b88c3
                                                            0x011b88c5
                                                            0x011b88f1
                                                            0x011b88f3
                                                            0x011b88f5
                                                            0x011b8901
                                                            0x011b88f7
                                                            0x011b88f7
                                                            0x011b88fa
                                                            0x00000000
                                                            0x011b88fa
                                                            0x011b88c7
                                                            0x011b88c7
                                                            0x011b88cc
                                                            0x011b88cd
                                                            0x011b88d3
                                                            0x011b88c5
                                                            0x011b88aa
                                                            0x011b8880
                                                            0x011b8880
                                                            0x011b8883
                                                            0x011b8888
                                                            0x011b8888
                                                            0x011b8889
                                                            0x011b888e
                                                            0x011b890f
                                                            0x011b8914
                                                            0x011b8914
                                                            0x011b891f

                                                            APIs
                                                              • Part of subcall function 011D0823: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,011FAA7C,00000000,?,011D4FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 011D0837
                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,011B8B93,00000000,00000000), ref: 011B8914
                                                            Strings
                                                            • Failed to initialize package from related bundle id: %ls, xrefs: 011B88FA
                                                            • Failed to open uninstall key for potential related bundle: %ls, xrefs: 011B8883
                                                            • Failed to ensure there is space for related bundles., xrefs: 011B88C7
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseOpen
                                                            • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                            • API String ID: 47109696-1717420724
                                                            • Opcode ID: f259e3c871ba94aa6962fe5f5ee7b5faa7aea39021c1f400a084f375b608ad25
                                                            • Instruction ID: f377b56ccb4a7ae771b193de760cca77ae2c2de53d91ddf9c133aff6fc7f3fbb
                                                            • Opcode Fuzzy Hash: f259e3c871ba94aa6962fe5f5ee7b5faa7aea39021c1f400a084f375b608ad25
                                                            • Instruction Fuzzy Hash: 2921CF7290061AFBDF1A8E90EC85FEEBB7DEF44B14F104064F910A6150E771AE21DB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01193BA1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E01193BA1(void* _a4, long _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* _t26;
				char* _t28;
				char _t30;
				void* _t31;
				void* _t32;
				void* _t33;
				char _t34;

				_t30 = 0;
				_t33 = HeapReAlloc(GetProcessHeap(), 0x10 + (0 | _a12 != 0x00000000) * 8, _a4, _a8);
				if(_t33 != 0) {
					L10:
					 *_a16 = _t33;
					_t34 = _t30;
					L11:
					if(_t34 != 0) {
						E01193AA4(_t34);
					}
					L13:
					return _t30;
				}
				_t34 = E011939DF(_a8, _a12);
				if(_t34 == 0) {
					_t30 = 0x8007000e;
					E011938BA(_t23, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\memutil.cpp", 0x61, 0x8007000e);
					goto L13;
				}
				_t32 = E01193C5F(_a4);
				if(_t32 != 0xffffffff) {
					_t26 = E01193C5F(_t34);
					if(_t26 == 0xffffffff) {
						goto L3;
					}
					_t31 = _t26;
					if(_t26 > _t32) {
						_t31 = _t32;
					}
					E01193C78(_t34, _t26, _a4, _t31);
					_t28 = _a4;
					if(_t32 == 0) {
						L9:
						E01193AA4(_a4);
						goto L10;
					} else {
						do {
							 *_t28 = _t30;
							_t28 = _t28 + 1;
							_t32 = _t32 - 1;
						} while (_t32 != 0);
						goto L9;
					}
				}
				L3:
				_t30 = 0x80070057;
				goto L11;
			}










                                                            0x01193ba7
                                                            0x01193bcc
                                                            0x01193bd0
                                                            0x01193c31
                                                            0x01193c34
                                                            0x01193c36
                                                            0x01193c38
                                                            0x01193c3a
                                                            0x01193c3d
                                                            0x01193c3d
                                                            0x01193c44
                                                            0x01193c48
                                                            0x01193c48
                                                            0x01193bdd
                                                            0x01193be1
                                                            0x01193c4b
                                                            0x01193c58
                                                            0x00000000
                                                            0x01193c58
                                                            0x01193beb
                                                            0x01193bf0
                                                            0x01193bfa
                                                            0x01193c02
                                                            0x00000000
                                                            0x00000000
                                                            0x01193c04
                                                            0x01193c08
                                                            0x01193c0a
                                                            0x01193c0a
                                                            0x01193c12
                                                            0x01193c17
                                                            0x01193c1f
                                                            0x01193c29
                                                            0x01193c2c
                                                            0x00000000
                                                            0x01193c21
                                                            0x01193c21
                                                            0x01193c21
                                                            0x01193c23
                                                            0x01193c24
                                                            0x01193c24
                                                            0x00000000
                                                            0x01193c21
                                                            0x01193c1f
                                                            0x01193bf2
                                                            0x01193bf2
                                                            0x00000000

                                                            APIs
                                                            • GetProcessHeap.KERNEL32(00000000,00000000,80004005,00000000,00000000,00000100,?,0119146A,00000000,80004005,00000000,80004005,00000000,000001C7,?,011913B0), ref: 01193BBF
                                                            • HeapReAlloc.KERNEL32(00000000,?,0119146A,00000000,80004005,00000000,80004005,00000000,000001C7,?,011913B0,000001C7,00000100,?,80004005,00000000), ref: 01193BC6
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                              • Part of subcall function 01193C5F: GetProcessHeap.KERNEL32(00000000,000001C7,?,011922D5,000001C7,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01193C67
                                                              • Part of subcall function 01193C5F: HeapSize.KERNEL32(00000000,?,011922D5,000001C7,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 01193C6E
                                                            • _memcpy_s.LIBCMT ref: 01193C12
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\memutil.cpp, xrefs: 01193C53
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$Process$AllocAllocateSize_memcpy_s
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\memutil.cpp
                                                            • API String ID: 3406509257-1758765531
                                                            • Opcode ID: 1c0ea34c2503042476417e3529ed7f7f3ce24f24bd884124780ae721eedd064a
                                                            • Instruction ID: 88a2f626f4c1e9148bd6c14a7f7bde623d4ed778a917f4f92b648fef9ab64ebd
                                                            • Opcode Fuzzy Hash: 1c0ea34c2503042476417e3529ed7f7f3ce24f24bd884124780ae721eedd064a
                                                            • Instruction Fuzzy Hash: CC115931521A9ABBCF2E6E7DDC4496E3B5AFF40664B054612FD349B250C736CD109390
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BCE8D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 56%
                                                            			E011BCE8D(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t32;
				intOrPtr _t37;
				intOrPtr _t38;

				_t37 = _a4;
				_t38 = 0;
				WaitForSingleObject( *(_t37 + 0xc), 0xffffffff);
				_t31 = _a8;
				_t30 = _a12;
				 *_t31 =  *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x10)) + 0x424));
				 *_t30 = 0;
				 *_a16 = 0;
				if( *_t31 != 0) {
					_t32 = E011939DF( *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x10)) + 0x42c)), 1);
					 *_t30 = _t32;
					if(_t32 != 0) {
						E011BEB00(_t32,  *((intOrPtr*)(_t37 + 0x10)) + 0x430,  *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x10)) + 0x42c)));
						 *_a16 =  *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x10)) + 0x42c));
					} else {
						_t38 = 0x8007000e;
						E011938BA(_t23, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x9b, 0x8007000e);
						_push("Failed to allocate memory for message data");
						_push(0x8007000e);
						E011CFB09();
					}
				}
				ReleaseMutex( *(_t37 + 0xc));
				return _t38;
			}








                                                            0x011bce93
                                                            0x011bce96
                                                            0x011bce9d
                                                            0x011bcea6
                                                            0x011bcea9
                                                            0x011bceb2
                                                            0x011bceb7
                                                            0x011bceb9
                                                            0x011bcebd
                                                            0x011bcecf
                                                            0x011bced1
                                                            0x011bced5
                                                            0x011bcf0b
                                                            0x011bcf1f
                                                            0x011bced7
                                                            0x011bced7
                                                            0x011bcee7
                                                            0x011bceec
                                                            0x011bcef1
                                                            0x011bcef2
                                                            0x011bcef8
                                                            0x011bced5
                                                            0x011bcf24
                                                            0x011bcf30

                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,000000FF,00000000,7476F750,?,?,011BD0C2,00000000,00000000,00000000,00000000), ref: 011BCE9D
                                                            • ReleaseMutex.KERNEL32(?,?,011BD0C2,00000000,00000000,00000000,00000000), ref: 011BCF24
                                                              • Part of subcall function 011939DF: GetProcessHeap.KERNEL32(?,000001C7,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F0
                                                              • Part of subcall function 011939DF: RtlAllocateHeap.NTDLL(00000000,?,0119237C,?,00000001,80004005,8007139F,?,?,011CFB39,8007139F,?,00000000,00000000,8007139F), ref: 011939F7
                                                            Strings
                                                            • Failed to allocate memory for message data, xrefs: 011BCEEC
                                                            • c:\agent\_work\66\s\src\burn\engine\netfxchainer.cpp, xrefs: 011BCEE2
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait
                                                            • String ID: Failed to allocate memory for message data$c:\agent\_work\66\s\src\burn\engine\netfxchainer.cpp
                                                            • API String ID: 2993511968-3819074818
                                                            • Opcode ID: 6c8718da7bb7a923c36497764e3d947f22d2258b55b48dc44a7613be519a0bdd
                                                            • Instruction ID: 38a88bbe4fd2cb9316875b3ada7f590958a04807e06ed92a181d1b7a9600e5c1
                                                            • Opcode Fuzzy Hash: 6c8718da7bb7a923c36497764e3d947f22d2258b55b48dc44a7613be519a0bdd
                                                            • Instruction Fuzzy Hash: A611BCB1301216AFCB199F68E894E9ABBE5FF09724B104268F9259B351C731AC10CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01191578 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E01191578(short** _a4, intOrPtr _a8, int _a12, int _a16) {
				short** _t14;
				int _t15;
				signed short _t16;
				signed short _t23;

				_t14 = _a4;
				_t15 = _a12;
				_t16 = E0119229E(_t14, _a8, _t15);
				if(_t16 < 0) {
					L10:
					return _t16;
				}
				if(_t15 != 0) {
					L4:
					if(LCMapStringW(0x7f, _a16,  *_t14, _t15,  *_t14, _t15) == 0) {
						_t16 = GetLastError();
						if(_t16 > 0) {
							_t16 = _t16 & 0x0000ffff | 0x80070000;
							_t23 = _t16;
						}
						if(_t23 >= 0) {
							_t16 = 0x80004005;
						}
						E011938BA(_t10, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\strutil.cpp", 0xa71, _t16);
					}
					goto L10;
				}
				_t16 = E01191CA7( *_t14, 0x7fffffff,  &_a12);
				if(_t16 < 0) {
					goto L10;
				}
				_t15 = _a12;
				goto L4;
			}







                                                            0x0119157c
                                                            0x01191581
                                                            0x0119158e
                                                            0x01191592
                                                            0x011915f5
                                                            0x011915fa
                                                            0x011915fa
                                                            0x01191596
                                                            0x011915b1
                                                            0x011915c4
                                                            0x011915cc
                                                            0x011915d0
                                                            0x011915d5
                                                            0x011915db
                                                            0x011915db
                                                            0x011915dd
                                                            0x011915df
                                                            0x011915df
                                                            0x011915ef
                                                            0x011915ef
                                                            0x00000000
                                                            0x011915c4
                                                            0x011915a8
                                                            0x011915ac
                                                            0x00000000
                                                            0x00000000
                                                            0x011915ae
                                                            0x00000000

                                                            APIs
                                                            • LCMapStringW.KERNEL32(0000007F,00000000,00000000,011A6FDF,00000000,011A6FDF,00000000,00000000,011A6FDF,00000000,00000000,00000000,?,01192420,00000000,00000000), ref: 011915BC
                                                            • GetLastError.KERNEL32(?,01192420,00000000,00000000,011A6FDF,00000200,?,011D4ABC,00000000,011A6FDF,00000000,011A6FDF,00000000,00000000,00000000), ref: 011915C6
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\strutil.cpp, xrefs: 011915EA
                                                            • @Mqt, xrefs: 011915C6
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastString
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\strutil.cpp
                                                            • API String ID: 3728238275-178104475
                                                            • Opcode ID: 39e0923fb5db8eda6d0aa5ddcda8f2ffe1e245f6fec222de7da688c85ebaef6c
                                                            • Instruction ID: 98bc731b558696a4e4f671263216f6a89d368dfcbdffd03c6311b8dd0d75251c
                                                            • Opcode Fuzzy Hash: 39e0923fb5db8eda6d0aa5ddcda8f2ffe1e245f6fec222de7da688c85ebaef6c
                                                            • Instruction Fuzzy Hash: C601F13390126777DF268A9A9C00E9B7B68BF46A70B060224FE34AF240D720DC5087E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CCC34 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E011CCC34(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16) {
				signed int _v8;
				void* _v12;
				void* _t15;
				signed int _t19;
				signed int _t32;
				signed int _t33;
				signed int _t36;

				_t36 = _a4;
				_push(_t32);
				_t15 = E011C877C(_t36);
				_t33 = _t32 | 0xffffffff;
				if(_t15 != _t33) {
					_push(_a16);
					if(SetFilePointerEx(_t15, _a8, _a12,  &_v12) != 0) {
						if((_v12 & _v8) == _t33) {
							goto L2;
						} else {
							_t19 = _v12;
							_t39 = (_t36 & 0x0000003f) * 0x30;
							 *( *((intOrPtr*)(0x11fb118 + (_t36 >> 6) * 4)) + _t39 + 0x28) =  *( *((intOrPtr*)(0x11fb118 + (_t36 >> 6) * 4)) + 0x28 + (_t36 & 0x0000003f) * 0x30) & 0x000000fd;
						}
					} else {
						E011C36F2(GetLastError());
						goto L2;
					}
				} else {
					 *((intOrPtr*)(E011C3728())) = 9;
					L2:
					_t19 = _t33;
				}
				return _t19;
			}










                                                            0x011ccc3c
                                                            0x011ccc3f
                                                            0x011ccc41
                                                            0x011ccc46
                                                            0x011ccc4c
                                                            0x011ccc5f
                                                            0x011ccc75
                                                            0x011ccc90
                                                            0x00000000
                                                            0x011ccc92
                                                            0x011ccc92
                                                            0x011ccc9d
                                                            0x011ccca7
                                                            0x011ccca7
                                                            0x011ccc77
                                                            0x011ccc7e
                                                            0x00000000
                                                            0x011ccc83
                                                            0x011ccc4e
                                                            0x011ccc53
                                                            0x011ccc59
                                                            0x011ccc59
                                                            0x011ccc5b
                                                            0x011cccb1

                                                            APIs
                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,011C2718,00000000,00000000,00000000,00000000,00000000,?,011CCCC8,011C2718,00000000,00000002,00000000), ref: 011CCC6D
                                                            • GetLastError.KERNEL32(?,011CCCC8,011C2718,00000000,00000002,00000000,?,011CCAE0,00000000,00000000,00000000,00000002,00000000,011C2718,00000000,011C2718), ref: 011CCC77
                                                            • __dosmaperr.LIBCMT ref: 011CCC7E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer__dosmaperr
                                                            • String ID: @Mqt
                                                            • API String ID: 2336955059-2740872224
                                                            • Opcode ID: 92c51894f136e5f3a39654a6fae7edf5954ba8f54782b7e1883d9c6830dc3d9d
                                                            • Instruction ID: 9d511f1c8a24e712605fa16cb042d1969c708beed51fe33cb965c2117466672f
                                                            • Opcode Fuzzy Hash: 92c51894f136e5f3a39654a6fae7edf5954ba8f54782b7e1883d9c6830dc3d9d
                                                            • Instruction Fuzzy Hash: EE012832610515ABCB1D9F9DEC0596E3B29EB99A30B25424DE82497280EB72DD4187D4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011934C4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011934C4(WCHAR** _a4, struct HINSTANCE__* _a8) {
				long _t6;
				WCHAR** _t9;
				long _t10;
				signed short _t11;

				_t9 = _a4;
				_t10 = 0x104;
				while(1) {
					_t11 = E01191FE0(_t9, _t10);
					if(_t11 < 0) {
						break;
					}
					_t6 = GetModuleFileNameW(_a8,  *_t9, _t10);
					if(_t6 == 0) {
						_t11 = GetLastError();
						__eflags = _t11;
						if(__eflags > 0) {
							_t11 = _t11 & 0x0000ffff | 0x80070000;
							__eflags = _t11;
						}
						if(__eflags >= 0) {
							_t11 = 0x80004005;
						}
						E011938BA(_t7, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\pathutil.cpp", 0x1d4, _t11);
					} else {
						if(_t6 != _t10) {
							_t11 = 0;
						} else {
							_t3 = _t6 + 1; // 0x1
							_t10 = _t3;
							continue;
						}
					}
					break;
				}
				return _t11;
			}







                                                            0x011934c8
                                                            0x011934cd
                                                            0x011934d2
                                                            0x011934d9
                                                            0x011934dd
                                                            0x00000000
                                                            0x00000000
                                                            0x011934e5
                                                            0x011934ed
                                                            0x01193502
                                                            0x01193504
                                                            0x01193506
                                                            0x0119350b
                                                            0x01193511
                                                            0x01193511
                                                            0x01193513
                                                            0x01193515
                                                            0x01193515
                                                            0x01193525
                                                            0x011934ef
                                                            0x011934f1
                                                            0x011934f8
                                                            0x011934f3
                                                            0x011934f3
                                                            0x011934f3
                                                            0x00000000
                                                            0x011934f3
                                                            0x011934f1
                                                            0x00000000
                                                            0x011934ed
                                                            0x01193530

                                                            APIs
                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,011910DD,?,00000000), ref: 011934E5
                                                            • GetLastError.KERNEL32(?,?,?,?,011910DD,?,00000000), ref: 011934FC
                                                            Strings
                                                            • @Mqt, xrefs: 011934FC
                                                            • c:\agent\_work\66\s\src\libs\dutil\pathutil.cpp, xrefs: 01193520
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastModuleName
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\pathutil.cpp
                                                            • API String ID: 2776309574-3527269390
                                                            • Opcode ID: bfb8ab51b0f77691f671fdcc9c8c18785a36700f8905d2288a1d86fdeceadaec
                                                            • Instruction ID: 7ab70adfa5ad543690cbec182ded1e1eaf3ecc23803dbaf8dcfc2c222f6a2a2b
                                                            • Opcode Fuzzy Hash: bfb8ab51b0f77691f671fdcc9c8c18785a36700f8905d2288a1d86fdeceadaec
                                                            • Instruction Fuzzy Hash: CBF0C877A51531679B3A95B95C08E87BA58BF55BA07070121FE34AB100D765DC0082E2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D4224 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E011D4224(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v12;
				char* _t8;
				void* _t15;
				intOrPtr* _t16;
				void* _t18;
				signed short _t19;
				signed short _t24;

				_t16 = _a8;
				_t8 =  &_v12;
				_t19 = 0;
				 *_t16 = 0;
				 *((intOrPtr*)(_t16 + 4)) = 0;
				__imp__GetFileSizeEx(_a4, _t8, _t15, _t18, __ecx, __ecx);
				if(_t8 != 0) {
					 *_t16 = _v12;
					 *((intOrPtr*)(_t16 + 4)) = _v8;
				} else {
					_t19 = GetLastError();
					if(_t19 > 0) {
						_t19 = _t19 & 0x0000ffff | 0x80070000;
						_t24 = _t19;
					}
					if(_t24 >= 0) {
						_t19 = 0x80004005;
					}
					E011938BA(_t10, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x24e, _t19);
				}
				return _t19;
			}











                                                            0x011d422b
                                                            0x011d422e
                                                            0x011d4235
                                                            0x011d4237
                                                            0x011d4239
                                                            0x011d423c
                                                            0x011d4244
                                                            0x011d4279
                                                            0x011d427e
                                                            0x011d4246
                                                            0x011d424c
                                                            0x011d4250
                                                            0x011d4255
                                                            0x011d425b
                                                            0x011d425b
                                                            0x011d425d
                                                            0x011d425f
                                                            0x011d425f
                                                            0x011d426f
                                                            0x011d426f
                                                            0x011d4286

                                                            APIs
                                                            • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,7476FB40,?,?,?,0119B9EC,?,?,?,00000000,00000000), ref: 011D423C
                                                            • GetLastError.KERNEL32(?,?,?,0119B9EC,?,?,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 011D4246
                                                            Strings
                                                            • @Mqt, xrefs: 011D4246
                                                            • c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp, xrefs: 011D426A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastSize
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 464720113-1324176156
                                                            • Opcode ID: 01054ff11fa7dd045aaebfdcb2213dd0492d9d26cc45a65deb3131846327a022
                                                            • Instruction ID: d17511c1c7fd66627ff629e6877b84946fff863bd846f35f25f750f180050f83
                                                            • Opcode Fuzzy Hash: 01054ff11fa7dd045aaebfdcb2213dd0492d9d26cc45a65deb3131846327a022
                                                            • Instruction Fuzzy Hash: DDF062B2911236BBDB288B89D90599AFFACEF54B60B024119BD55A7B40E374AD00C7D4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C63C9 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 75%
                                                            			E011C63C9(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E011C12A9(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E011BDFC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E011BDFC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0x11c271a
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E011BF600(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E011BDFC0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E011D9570();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E011D9570();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E011D9570();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E011C66CC(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E011D9790(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E011C3728();
					_t183 = 0x22;
					 *_t129 = _t183;
					E011C366C();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                                                            0x011c63c9
                                                            0x011c63d4
                                                            0x011c63db
                                                            0x011c63dd
                                                            0x011c63dd
                                                            0x011c63df
                                                            0x011c63e8
                                                            0x011c63ea
                                                            0x011c63ef
                                                            0x011c63f5
                                                            0x011c640b
                                                            0x011c6410
                                                            0x011c6413
                                                            0x011c6420
                                                            0x011c6425
                                                            0x011c6479
                                                            0x011c6481
                                                            0x011c6483
                                                            0x011c6485
                                                            0x011c6488
                                                            0x011c6488
                                                            0x011c6488
                                                            0x011c648e
                                                            0x011c6496
                                                            0x011c64a9
                                                            0x011c64ac
                                                            0x011c64ae
                                                            0x011c64b1
                                                            0x011c64b2
                                                            0x011c64d3
                                                            0x011c64d6
                                                            0x011c64d6
                                                            0x011c64b4
                                                            0x011c64b4
                                                            0x011c64b6
                                                            0x011c64c1
                                                            0x011c64c1
                                                            0x011c64c3
                                                            0x011c64ca
                                                            0x011c64c5
                                                            0x011c64c5
                                                            0x011c64c5
                                                            0x011c64c3
                                                            0x011c64d7
                                                            0x011c64d9
                                                            0x011c64da
                                                            0x011c64dd
                                                            0x011c64df
                                                            0x011c64f3
                                                            0x011c64e1
                                                            0x011c64e1
                                                            0x011c64e1
                                                            0x011c64f8
                                                            0x011c64f8
                                                            0x011c64fd
                                                            0x011c6500
                                                            0x011c650b
                                                            0x011c650b
                                                            0x011c650b
                                                            0x011c650b
                                                            0x011c650f
                                                            0x011c6516
                                                            0x011c6517
                                                            0x011c651a
                                                            0x011c651d
                                                            0x011c651d
                                                            0x011c651f
                                                            0x00000000
                                                            0x00000000
                                                            0x011c6537
                                                            0x011c653e
                                                            0x011c6542
                                                            0x011c6545
                                                            0x011c6548
                                                            0x011c654a
                                                            0x011c654a
                                                            0x011c654a
                                                            0x011c654c
                                                            0x011c654f
                                                            0x011c6552
                                                            0x011c6554
                                                            0x011c655c
                                                            0x011c6562
                                                            0x011c6565
                                                            0x011c6568
                                                            0x011c6569
                                                            0x011c656c
                                                            0x011c656f
                                                            0x011c656f
                                                            0x011c6574
                                                            0x011c6577
                                                            0x00000000
                                                            0x00000000
                                                            0x011c658f
                                                            0x011c6594
                                                            0x011c6598
                                                            0x00000000
                                                            0x00000000
                                                            0x011c659c
                                                            0x011c659c
                                                            0x011c659f
                                                            0x011c65a0
                                                            0x011c65a0
                                                            0x011c65a2
                                                            0x011c65a5
                                                            0x00000000
                                                            0x00000000
                                                            0x011c65a7
                                                            0x011c65aa
                                                            0x011c65b1
                                                            0x011c65b4
                                                            0x011c65b7
                                                            0x011c65cd
                                                            0x011c65cd
                                                            0x011c65cd
                                                            0x011c65b9
                                                            0x011c65b9
                                                            0x011c65bb
                                                            0x011c65be
                                                            0x011c65c9
                                                            0x011c65c0
                                                            0x011c65c3
                                                            0x011c65c3
                                                            0x011c65be
                                                            0x00000000
                                                            0x011c65b7
                                                            0x011c65ac
                                                            0x011c65ac
                                                            0x011c65ae
                                                            0x011c65ae
                                                            0x011c6502
                                                            0x011c6502
                                                            0x011c6505
                                                            0x011c65d0
                                                            0x011c65d0
                                                            0x011c65d2
                                                            0x011c65d4
                                                            0x011c65d7
                                                            0x011c65d8
                                                            0x011c65d9
                                                            0x011c65da
                                                            0x011c65e2
                                                            0x011c65e2
                                                            0x011c65e2
                                                            0x011c65e4
                                                            0x011c65e7
                                                            0x011c65ea
                                                            0x011c65ec
                                                            0x011c65ec
                                                            0x011c65ee
                                                            0x011c6600
                                                            0x011c6604
                                                            0x011c6607
                                                            0x011c660e
                                                            0x011c6616
                                                            0x011c6616
                                                            0x011c6619
                                                            0x011c661b
                                                            0x011c662c
                                                            0x011c662c
                                                            0x011c6630
                                                            0x011c6630
                                                            0x011c6633
                                                            0x011c6635
                                                            0x011c6638
                                                            0x00000000
                                                            0x011c661d
                                                            0x011c661d
                                                            0x011c6623
                                                            0x011c6623
                                                            0x011c6627
                                                            0x011c663a
                                                            0x011c663a
                                                            0x011c663e
                                                            0x011c663f
                                                            0x011c6641
                                                            0x011c6643
                                                            0x011c6684
                                                            0x011c6684
                                                            0x011c6686
                                                            0x011c6693
                                                            0x011c6693
                                                            0x011c6695
                                                            0x011c6697
                                                            0x011c6698
                                                            0x011c6699
                                                            0x011c66a0
                                                            0x011c66a3
                                                            0x011c66a5
                                                            0x011c66a5
                                                            0x011c66a6
                                                            0x011c66a8
                                                            0x011c66ab
                                                            0x011c66ab
                                                            0x011c66ad
                                                            0x011c66af
                                                            0x00000000
                                                            0x011c66af
                                                            0x011c6688
                                                            0x011c668a
                                                            0x00000000
                                                            0x00000000
                                                            0x011c668c
                                                            0x00000000
                                                            0x00000000
                                                            0x011c668e
                                                            0x011c6691
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c6691
                                                            0x011c664a
                                                            0x011c6650
                                                            0x011c6650
                                                            0x011c6652
                                                            0x011c6653
                                                            0x011c6654
                                                            0x011c6655
                                                            0x011c665c
                                                            0x011c665f
                                                            0x011c6661
                                                            0x011c6662
                                                            0x011c6664
                                                            0x011c6671
                                                            0x011c6671
                                                            0x011c6673
                                                            0x011c6675
                                                            0x011c6676
                                                            0x011c6677
                                                            0x011c667e
                                                            0x011c6681
                                                            0x011c6683
                                                            0x011c6683
                                                            0x00000000
                                                            0x011c6683
                                                            0x011c6666
                                                            0x011c6666
                                                            0x011c6668
                                                            0x00000000
                                                            0x00000000
                                                            0x011c666a
                                                            0x00000000
                                                            0x00000000
                                                            0x011c666c
                                                            0x011c666f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c666f
                                                            0x011c664c
                                                            0x011c664e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c664e
                                                            0x011c661f
                                                            0x011c6621
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c6621
                                                            0x011c661b
                                                            0x00000000
                                                            0x011c6505
                                                            0x011c6500
                                                            0x011c6427
                                                            0x011c6429
                                                            0x00000000
                                                            0x011c642b
                                                            0x011c6441
                                                            0x011c6446
                                                            0x011c6448
                                                            0x011c6454
                                                            0x011c645a
                                                            0x011c645b
                                                            0x011c645d
                                                            0x011c645f
                                                            0x011c646a
                                                            0x011c646a
                                                            0x011c646d
                                                            0x011c646f
                                                            0x011c646f
                                                            0x011c6472
                                                            0x011c644a
                                                            0x011c644a
                                                            0x011c644a
                                                            0x00000000
                                                            0x011c6448
                                                            0x011c63f7
                                                            0x011c63f7
                                                            0x011c63fe
                                                            0x011c63ff
                                                            0x011c6401
                                                            0x011c66b3
                                                            0x011c66b7
                                                            0x011c66bc
                                                            0x011c66bc
                                                            0x011c66cb
                                                            0x011c66cb

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: __alldvrm$_strrchr
                                                            • String ID:
                                                            • API String ID: 1036877536-0
                                                            • Opcode ID: ad949144aaf5d9b16d0cabd91b61aa8499d9bd64d722724cfcb4a13481783838
                                                            • Instruction ID: 72b6cb70afb4b1aa23d76e94e97c59fa2a67686ad60e0042ca20c12d8cc6d414
                                                            • Opcode Fuzzy Hash: ad949144aaf5d9b16d0cabd91b61aa8499d9bd64d722724cfcb4a13481783838
                                                            • Instruction Fuzzy Hash: 0BA15672A003969FEB2ECF28C8807AEBFE1EF35654F28416DD5859B381C7388941C751
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D5976 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 62%
                                                            			E011D5976(signed int __ecx, intOrPtr _a4, signed int _a8, signed short _a12, signed int* _a16, signed int* _a20) {
				signed int _v8;
				signed short _t28;
				signed short _t29;
				signed short _t33;
				signed short _t35;
				signed short _t36;
				signed short _t37;
				signed short _t39;
				signed short _t44;
				signed short _t45;
				void* _t50;
				signed int* _t51;
				void* _t52;
				void* _t54;
				intOrPtr* _t61;
				signed int* _t64;
				intOrPtr _t68;
				signed short _t71;
				void* _t74;
				void* _t79;
				void* _t80;
				void* _t81;

				_t63 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t61 = _a8;
				_t68 = _a4;
				do {
					_a8 = _a8 & 0x00000000;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(_t68);
					if( *0x11fa984() != 0) {
						_t71 = E011D8222(_t63, _t68, 0x13,  &_v8);
						__eflags = _t71;
						L6:
						if(_t79 < 0) {
							break;
						}
						_t63 = _v8;
						_t80 = _t63 - 0x194;
						if(_t80 > 0) {
							__eflags = _t63 - 0x19e;
							if(__eflags > 0) {
								_t28 = _t63 - 0x1f6;
								__eflags = _t28;
								if(_t28 == 0) {
									L44:
									_t71 = 0x80070003;
									goto L45;
								}
								_t29 = _t28 - 1;
								__eflags = _t29;
								if(_t29 == 0) {
									goto L44;
								}
								__eflags = _t29 == 1;
								if(_t29 == 1) {
									L43:
									_t71 = 0x80070102;
									goto L45;
								}
								L40:
								__eflags = _t71;
								if(_t71 >= 0) {
									_t71 = 0x8000ffff;
								}
								_push( *_t61);
								E011CFB09(_t71, "Unknown HTTP status code %d, returned from URL: %ls", _t63);
								_t74 = _t74 + 0x10;
								goto L45;
							}
							if(__eflags == 0) {
								_t71 = 0x80010135;
								goto L45;
							}
							_t33 = _t63 - 0x195;
							__eflags = _t33;
							if(_t33 == 0) {
								_t71 = 0x80070032;
								goto L45;
							}
							_t35 = _t33;
							__eflags = _t35;
							if(_t35 == 0) {
								L32:
								_t64 = _a16;
								_t71 = 0x80070005;
								_a8 = _a8 & 0x00000000;
								_t36 = _a12;
								 *_t64 =  *_t64 & 0x00000000;
								__eflags = _t36;
								if(_t36 != 0) {
									_t37 =  *_t36;
									__eflags = _t37;
									if(_t37 != 0) {
										_t63 = _a12;
										_t71 =  *_t37( *((intOrPtr*)(_a12 + 4)), _t68, _t63,  &_a8, _t64);
									}
								}
								goto L45;
							}
							_t39 = _t35 - 1;
							__eflags = _t39;
							if(_t39 == 0) {
								goto L43;
							}
							__eflags = _t39 != 0;
							if(_t39 != 0) {
								goto L40;
							}
							L31:
							_t71 = 0x80070002;
							goto L45;
						}
						if(_t80 == 0) {
							goto L31;
						}
						_t81 = _t63 - 0x12f;
						if(_t81 > 0) {
							_t44 = _t63 - 0x190;
							__eflags = _t44;
							if(_t44 == 0) {
								_t71 = 0x800700a1;
								goto L45;
							}
							_t45 = _t44 - 1;
							__eflags = _t45;
							if(_t45 == 0) {
								goto L32;
							}
							__eflags = _t45 != 0;
							if(_t45 != 0) {
								goto L40;
							}
							_t71 = 0x80070005;
							goto L45;
						}
						if(_t81 == 0) {
							L15:
							_t71 = E011D828A(_t63, _t68, 0x33, _t61);
							if(_t71 < 0) {
								break;
							}
							 *_a16 = 1;
							goto L45;
						}
						_t50 = _t63 - 0xc8;
						if(_t50 == 0) {
							_t51 = _a20;
							 *_t51 =  *_t51 & 0x00000000;
							__eflags =  *_t51;
							L19:
							_t71 = 0;
							goto L45;
						}
						_t52 = _t50 - 6;
						if(_t52 == 0) {
							 *_a20 = 1;
							goto L19;
						}
						_t54 = _t52 - 0x5f;
						if(_t54 == 0 || _t54 == 1) {
							goto L15;
						} else {
							goto L40;
						}
					}
					_t71 = GetLastError();
					if(_t71 > 0) {
						_t71 = _t71 & 0x0000ffff | 0x80070000;
					}
					E011CFB09(_t71, "Failed to send request to URL: %ls, trying to process HTTP status code anyway.",  *_t61);
					_t74 = _t74 + 0xc;
					_t79 = E011D8222(_t63, _t68, 0x13,  &_v8);
					goto L6;
					L45:
				} while (_a8 != 0);
				return _t71;
			}

























                                                            0x011d5976
                                                            0x011d5979
                                                            0x011d597a
                                                            0x011d597f
                                                            0x011d5984
                                                            0x011d5987
                                                            0x011d5987
                                                            0x011d598b
                                                            0x011d598d
                                                            0x011d598f
                                                            0x011d5991
                                                            0x011d5993
                                                            0x011d599c
                                                            0x011d59df
                                                            0x011d59e1
                                                            0x011d59e3
                                                            0x011d59e3
                                                            0x00000000
                                                            0x00000000
                                                            0x011d59e9
                                                            0x011d59f1
                                                            0x011d59f3
                                                            0x011d5a8e
                                                            0x011d5a90
                                                            0x011d5af4
                                                            0x011d5af4
                                                            0x011d5af9
                                                            0x011d5b28
                                                            0x011d5b28
                                                            0x00000000
                                                            0x011d5b28
                                                            0x011d5afb
                                                            0x011d5afb
                                                            0x011d5afe
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5b00
                                                            0x011d5b03
                                                            0x011d5b21
                                                            0x011d5b21
                                                            0x00000000
                                                            0x011d5b21
                                                            0x011d5b05
                                                            0x011d5b05
                                                            0x011d5b07
                                                            0x011d5b09
                                                            0x011d5b09
                                                            0x011d5b0e
                                                            0x011d5b17
                                                            0x011d5b1c
                                                            0x00000000
                                                            0x011d5b1c
                                                            0x011d5a92
                                                            0x011d5aeb
                                                            0x00000000
                                                            0x011d5aeb
                                                            0x011d5a96
                                                            0x011d5a96
                                                            0x011d5a9b
                                                            0x011d5ae4
                                                            0x00000000
                                                            0x011d5ae4
                                                            0x011d5a9e
                                                            0x011d5a9e
                                                            0x011d5aa1
                                                            0x011d5ab5
                                                            0x011d5ab5
                                                            0x011d5ab8
                                                            0x011d5abd
                                                            0x011d5ac1
                                                            0x011d5ac4
                                                            0x011d5ac7
                                                            0x011d5ac9
                                                            0x011d5acb
                                                            0x011d5acd
                                                            0x011d5acf
                                                            0x011d5ad7
                                                            0x011d5ae0
                                                            0x011d5ae0
                                                            0x011d5acf
                                                            0x00000000
                                                            0x011d5ac9
                                                            0x011d5aa3
                                                            0x011d5aa3
                                                            0x011d5aa6
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5aa9
                                                            0x011d5aac
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5aae
                                                            0x011d5aae
                                                            0x00000000
                                                            0x011d5aae
                                                            0x011d59f9
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5a02
                                                            0x011d5a04
                                                            0x011d5a5f
                                                            0x011d5a5f
                                                            0x011d5a64
                                                            0x011d5a7f
                                                            0x00000000
                                                            0x011d5a7f
                                                            0x011d5a66
                                                            0x011d5a66
                                                            0x011d5a69
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5a6c
                                                            0x011d5a6f
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5a75
                                                            0x00000000
                                                            0x011d5a75
                                                            0x011d5a06
                                                            0x011d5a24
                                                            0x011d5a2d
                                                            0x011d5a31
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5a3a
                                                            0x00000000
                                                            0x011d5a3a
                                                            0x011d5a0a
                                                            0x011d5a0f
                                                            0x011d5a50
                                                            0x011d5a53
                                                            0x011d5a53
                                                            0x011d5a56
                                                            0x011d5a56
                                                            0x00000000
                                                            0x011d5a56
                                                            0x011d5a11
                                                            0x011d5a14
                                                            0x011d5a48
                                                            0x00000000
                                                            0x011d5a48
                                                            0x011d5a16
                                                            0x011d5a19
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5a19
                                                            0x011d59a4
                                                            0x011d59a8
                                                            0x011d59ad
                                                            0x011d59ad
                                                            0x011d59bb
                                                            0x011d59c0
                                                            0x011d59cf
                                                            0x00000000
                                                            0x011d5b2d
                                                            0x011d5b2d
                                                            0x011d5b3d

                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,011D57DE,00000000,00000000,011D5D94,00000000,00000000,00000000,00000000,00000001,?), ref: 011D599E
                                                            Strings
                                                            • @Mqt, xrefs: 011D599E
                                                            • Unknown HTTP status code %d, returned from URL: %ls, xrefs: 011D5B11
                                                            • Failed to send request to URL: %ls, trying to process HTTP status code anyway., xrefs: 011D59B5
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID: @Mqt$Failed to send request to URL: %ls, trying to process HTTP status code anyway.$Unknown HTTP status code %d, returned from URL: %ls
                                                            • API String ID: 1452528299-869793082
                                                            • Opcode ID: a4c17f5440f09bfc26d3d27ad1e08c3de95da68a471082c6f21f9e73e20384b0
                                                            • Instruction ID: f47f4970a0c0a87dad55898da515bd5f44d27848a483619a9c75f65fc8db9cb7
                                                            • Opcode Fuzzy Hash: a4c17f5440f09bfc26d3d27ad1e08c3de95da68a471082c6f21f9e73e20384b0
                                                            • Instruction Fuzzy Hash: 2F4128725012269BEB6D4E6CDD84B7A3B77EB013A0F054225FE01DF280E368DD018BA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01194FE1 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E01194FE1(void* __ebx, void* __ecx, void* __edi, struct _CRITICAL_SECTION* _a4) {
				void* __esi;
				void* _t38;
				long _t66;
				void* _t79;
				void* _t80;
				void* _t81;
				struct _CRITICAL_SECTION* _t82;

				_t81 = __edi;
				_t80 = __ecx;
				_t79 = __ebx;
				_t82 = _a4;
				_t31 =  *((intOrPtr*)(_t82 + 0x4e0));
				if( *((intOrPtr*)(_t82 + 0x4e0)) != 0) {
					E0119115F(_t31);
				}
				_t32 =  *((intOrPtr*)(_t82 + 0x4d8));
				if( *((intOrPtr*)(_t82 + 0x4d8)) != 0) {
					E01192762(_t32);
				}
				E011A4CA8(_t82 + 0x4b8);
				E011A4CA8(_t82 + 0x4a0);
				_t37 =  *((intOrPtr*)(_t82 + 0x49c));
				if( *((intOrPtr*)(_t82 + 0x49c)) != 0) {
					E01192762(_t37);
				}
				_t38 =  *(_t82 + 0x3e4);
				if(_t38 != 0) {
					CloseHandle(_t38);
					 *(_t82 + 0x3e4) =  *(_t82 + 0x3e4) & 0x00000000;
				}
				DeleteCriticalSection(_t82 + 0xd0);
				E0119D85A(_t81, _t82 + 0xb8);
				E0119C024(_t79, _t82 + 0x3d8);
				E0119E862(_t79, _t80, _t81, _t82 + 0x2f0);
				E01198845(_t79, _t82 + 0x88);
				E0119B108(_t82, _t82 + 0xb0);
				E011A0837(_t82 + 0x100);
				E0119D1F1(_t82, _t82 + 0x2b8);
				E0119E700(_t79, _t82 + 0x2c0);
				E0119C9B5(_t81, _t82 + 0x2b0);
				E0119BBDA(_t81, _t82 + 0x48);
				E0119C7E9(_t81, _t82 + 0x2a8);
				if( *((intOrPtr*)(_t82 + 0x40)) != 0) {
					E01192762( *((intOrPtr*)(_t82 + 0x40)));
				}
				if( *((intOrPtr*)(_t82 + 0x28)) != 0) {
					E01192762( *((intOrPtr*)(_t82 + 0x28)));
				}
				_t62 =  *((intOrPtr*)(_t82 + 0x408));
				if( *((intOrPtr*)(_t82 + 0x408)) != 0) {
					E01192762(_t62);
				}
				_t63 =  *((intOrPtr*)(_t82 + 0x404));
				if( *((intOrPtr*)(_t82 + 0x404)) != 0) {
					E01192762(_t63);
				}
				_t64 =  *((intOrPtr*)(_t82 + 0x400));
				if( *((intOrPtr*)(_t82 + 0x400)) != 0) {
					E01192762(_t64);
				}
				_t65 =  *((intOrPtr*)(_t82 + 0x3f8));
				if( *((intOrPtr*)(_t82 + 0x3f8)) != 0) {
					E01192762(_t65);
				}
				_t66 =  *(_t82 + 0x498);
				if(_t66 != 0xffffffff) {
					TlsFree(_t66);
				}
				DeleteCriticalSection(_t82);
				return E011BF600(_t81, _t82, 0, 0x4e8);
			}










                                                            0x01194fe1
                                                            0x01194fe1
                                                            0x01194fe1
                                                            0x01194fe5
                                                            0x01194fe8
                                                            0x01194ff0
                                                            0x01194ff3
                                                            0x01194ff3
                                                            0x01194ff8
                                                            0x01195000
                                                            0x01195003
                                                            0x01195003
                                                            0x0119500f
                                                            0x0119501b
                                                            0x01195020
                                                            0x01195028
                                                            0x0119502b
                                                            0x0119502b
                                                            0x01195030
                                                            0x01195038
                                                            0x0119503b
                                                            0x01195041
                                                            0x01195041
                                                            0x0119504f
                                                            0x0119505c
                                                            0x01195068
                                                            0x01195074
                                                            0x01195080
                                                            0x0119508c
                                                            0x01195098
                                                            0x011950a4
                                                            0x011950b0
                                                            0x011950bc
                                                            0x011950c5
                                                            0x011950d1
                                                            0x011950da
                                                            0x011950df
                                                            0x011950df
                                                            0x011950e8
                                                            0x011950ed
                                                            0x011950ed
                                                            0x011950f2
                                                            0x011950fa
                                                            0x011950fd
                                                            0x011950fd
                                                            0x01195102
                                                            0x0119510a
                                                            0x0119510d
                                                            0x0119510d
                                                            0x01195112
                                                            0x0119511a
                                                            0x0119511d
                                                            0x0119511d
                                                            0x01195122
                                                            0x0119512a
                                                            0x0119512d
                                                            0x0119512d
                                                            0x01195132
                                                            0x0119513b
                                                            0x0119513e
                                                            0x0119513e
                                                            0x01195145
                                                            0x0119515d

                                                            APIs
                                                            • CloseHandle.KERNEL32(?,?,?,00000000,?,0119558F,?,?,?,?,?,?), ref: 0119503B
                                                            • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,0119558F,?,?,?,?,?,?), ref: 0119504F
                                                            • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0119558F,?,?), ref: 0119513E
                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0119558F,?,?), ref: 01195145
                                                              • Part of subcall function 0119115F: LocalFree.KERNEL32(?,?,01194FF8,?,00000000,?,0119558F,?,?,?,?,?,?), ref: 01191169
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalDeleteFreeSection$CloseHandleLocal
                                                            • String ID:
                                                            • API String ID: 3671900028-0
                                                            • Opcode ID: 63590352893176196869fa22c25035518d587748f03911bfc8e6aade32f53bd3
                                                            • Instruction ID: 91ab0b9a60580116d87de67ee54e9d45c040c6bfa8c5c3723f90cf9bf5597fee
                                                            • Opcode Fuzzy Hash: 63590352893176196869fa22c25035518d587748f03911bfc8e6aade32f53bd3
                                                            • Instruction Fuzzy Hash: DC411DB1500B06ABDF79EBB4C888F9B77EDAF24644F44482AA2B9E3040DB34F144C765
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D5854 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 62%
                                                            			E011D5854(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20, signed short _a24, signed short* _a28) {
				char _v8;
				intOrPtr* _t20;
				signed short _t22;
				signed short _t25;
				void* _t37;
				signed short _t44;
				signed short _t46;
				signed short _t57;

				_v8 = 0;
				_t37 = ((0 | _a12 == 0x00000004) - 0x00000001 & 0xff800000) + 0x84c00200;
				_t46 = E0119229E( &_v8, _a16, 0);
				if(_t46 < 0) {
					L21:
					if(_v8 != 0) {
						E01192762(_v8);
					}
					return _t46;
				}
				_t20 = _a20;
				if(_t20 == 0 ||  *_t20 == 0) {
					L4:
					_t44 =  *0x11fa978(_a4, _a8, _v8, 0, 0, 0x11fa7c4, _t37, 0);
					if(_t44 != 0) {
						_t22 = _a24;
						__eflags = _t22;
						if(_t22 == 0) {
							L18:
							 *_a28 = _t44;
							_t44 = 0;
							L19:
							__eflags = _t44;
							if(_t44 != 0) {
								 *0x11fa994(_t44);
							}
							goto L21;
						}
						__eflags =  *_t22;
						if( *_t22 == 0) {
							goto L18;
						}
						_t25 =  *0x11fa980(_t44, _t22, 0xffffffff, 0x40000000);
						__eflags = _t25;
						if(_t25 != 0) {
							goto L18;
						}
						_t46 = GetLastError();
						__eflags = _t46;
						if(__eflags > 0) {
							_t46 = _t46 & 0x0000ffff | 0x80070000;
							__eflags = _t46;
						}
						if(__eflags >= 0) {
							_t46 = 0x80004005;
						}
						E011938BA(_t26, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0x244, _t46);
						goto L19;
					}
					_t46 = GetLastError();
					if(_t46 > 0) {
						_t46 = _t46 & 0x0000ffff | 0x80070000;
						_t57 = _t46;
					}
					if(_t57 >= 0) {
						_t46 = 0x80004005;
					}
					E011938BA(_t28, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0x23e, _t46);
					goto L21;
				} else {
					_t46 = E01191FF4( &_v8, _t20, 0);
					if(_t46 < 0) {
						goto L21;
					}
					goto L4;
				}
			}











                                                            0x011d586d
                                                            0x011d5878
                                                            0x011d5883
                                                            0x011d5887
                                                            0x011d595f
                                                            0x011d5963
                                                            0x011d5968
                                                            0x011d5968
                                                            0x011d5973
                                                            0x011d5973
                                                            0x011d588d
                                                            0x011d5892
                                                            0x011d58ae
                                                            0x011d58c6
                                                            0x011d58ca
                                                            0x011d58fc
                                                            0x011d5901
                                                            0x011d5903
                                                            0x011d594d
                                                            0x011d5950
                                                            0x011d5952
                                                            0x011d5954
                                                            0x011d5954
                                                            0x011d5956
                                                            0x011d5959
                                                            0x011d5959
                                                            0x00000000
                                                            0x011d5956
                                                            0x011d5905
                                                            0x011d5908
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5913
                                                            0x011d5919
                                                            0x011d591b
                                                            0x00000000
                                                            0x00000000
                                                            0x011d5923
                                                            0x011d5925
                                                            0x011d5927
                                                            0x011d592c
                                                            0x011d5932
                                                            0x011d5932
                                                            0x011d5934
                                                            0x011d5936
                                                            0x011d5936
                                                            0x011d5946
                                                            0x00000000
                                                            0x011d5946
                                                            0x011d58d2
                                                            0x011d58d6
                                                            0x011d58db
                                                            0x011d58e1
                                                            0x011d58e1
                                                            0x011d58e3
                                                            0x011d58e5
                                                            0x011d58e5
                                                            0x011d58f5
                                                            0x00000000
                                                            0x011d5899
                                                            0x011d58a4
                                                            0x011d58a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011d58a8

                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,011D57BF,00000000,00000000,00000001), ref: 011D58CC
                                                            • GetLastError.KERNEL32(?,?,011D57BF,00000000,00000000,00000001), ref: 011D591D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 1452528299-3014452495
                                                            • Opcode ID: ee8850c6a83469d4a2783859ff20b600cd351eaaf0fd47a50d1a29323b1dd0b2
                                                            • Instruction ID: cb3af7f7fc66c76dead460ba4d959bb99617c5141182fd90aad377af39b9b56f
                                                            • Opcode Fuzzy Hash: ee8850c6a83469d4a2783859ff20b600cd351eaaf0fd47a50d1a29323b1dd0b2
                                                            • Instruction Fuzzy Hash: DB310737901626F7DB3E9A998D44F9B7E7AAF42A74B020128FE14BB140F774DC40D6A0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D4ED0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 61%
                                                            			E011D4ED0(void* __ecx, intOrPtr _a4, intOrPtr _a8, signed short* _a12, signed short _a16) {
				char _v8;
				signed short _t16;
				signed short _t27;
				signed short _t29;
				signed short _t32;
				signed short _t38;

				_t32 = 0;
				_push( &_v8);
				_push(0);
				_push(_a8);
				_v8 = 0;
				_push(_a4);
				if( *0x11fa938() != 0) {
					_t29 = E011939DF(_v8, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						_t16 =  *0x11fa938(_a4, _a8, _t29,  &_v8);
						__eflags = _t16;
						if(_t16 != 0) {
							_t27 = _a16;
							 *_a12 = _t29;
							_t29 = 0;
							__eflags = _t27;
							if(_t27 == 0) {
								L18:
								L19:
								return _t32;
							}
							 *_t27 = _v8;
							L16:
							__eflags = _t29;
							if(_t29 != 0) {
								E01193AA4(_t29);
							}
							goto L18;
						}
						_t32 = GetLastError();
						__eflags = _t32;
						if(__eflags > 0) {
							_t32 = _t32 & 0x0000ffff | 0x80070000;
							__eflags = _t32;
						}
						if(__eflags >= 0) {
							_t32 = 0x80004005;
						}
						E011938BA(_t21, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\certutil.cpp", 0x1f, _t32);
						goto L16;
					}
					_t32 = 0x8007000e;
					E011938BA(_t14, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\certutil.cpp", 0x1b, 0x8007000e);
					goto L18;
				}
				_t32 = GetLastError();
				if(_t32 > 0) {
					_t32 = _t32 & 0x0000ffff | 0x80070000;
					_t38 = _t32;
				}
				if(_t38 >= 0) {
					_t32 = 0x80004005;
				}
				E011938BA(_t24, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\certutil.cpp", 0x17, _t32);
				goto L19;
			}









                                                            0x011d4ed8
                                                            0x011d4eda
                                                            0x011d4edb
                                                            0x011d4edc
                                                            0x011d4edf
                                                            0x011d4ee2
                                                            0x011d4eed
                                                            0x011d4f2a
                                                            0x011d4f2c
                                                            0x011d4f2e
                                                            0x011d4f4f
                                                            0x011d4f55
                                                            0x011d4f57
                                                            0x011d4f89
                                                            0x011d4f8c
                                                            0x011d4f8e
                                                            0x011d4f90
                                                            0x011d4f92
                                                            0x011d4fa3
                                                            0x011d4fa4
                                                            0x011d4fa8
                                                            0x011d4fa8
                                                            0x011d4f97
                                                            0x011d4f99
                                                            0x011d4f99
                                                            0x011d4f9b
                                                            0x011d4f9e
                                                            0x011d4f9e
                                                            0x00000000
                                                            0x011d4f9b
                                                            0x011d4f5f
                                                            0x011d4f61
                                                            0x011d4f63
                                                            0x011d4f68
                                                            0x011d4f6e
                                                            0x011d4f6e
                                                            0x011d4f70
                                                            0x011d4f72
                                                            0x011d4f72
                                                            0x011d4f7f
                                                            0x00000000
                                                            0x011d4f7f
                                                            0x011d4f30
                                                            0x011d4f3d
                                                            0x00000000
                                                            0x011d4f3d
                                                            0x011d4ef5
                                                            0x011d4ef9
                                                            0x011d4efe
                                                            0x011d4f04
                                                            0x011d4f04
                                                            0x011d4f06
                                                            0x011d4f08
                                                            0x011d4f08
                                                            0x011d4f15
                                                            0x00000000

                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,011A920B,?,00000003,011954C6,?), ref: 011D4EEF
                                                            • GetLastError.KERNEL32(?,?,011A920B,?,00000003,011954C6,?), ref: 011D4F59
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\certutil.cpp
                                                            • API String ID: 1452528299-1585992098
                                                            • Opcode ID: c1816eb99bbe4f358e950085760bc99748548ea31e71db3560811d73d3a6e25e
                                                            • Instruction ID: cb5a7d420bb1f4fa4d7559f7f56cf0cf49377dbaedc988ac9795c1991f8234e4
                                                            • Opcode Fuzzy Hash: c1816eb99bbe4f358e950085760bc99748548ea31e71db3560811d73d3a6e25e
                                                            • Instruction Fuzzy Hash: BE21C876501126B7DB299A598D09F9B7E79EF41750F020064BD24BBA20E774CD00D6E2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D828A Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 39%
                                                            			E011D828A(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				unsigned int _v8;
				char _v12;
				intOrPtr* _t33;
				signed short _t36;
				signed short _t47;

				_t33 = _a12;
				_v8 = 0;
				_v12 = 0;
				if( *_t33 != 0) {
					L2:
					_t36 = E011928D4( *_t33,  &_v8);
					if(_t36 < 0) {
						L13:
						return _t36;
					}
					_push( &_v12);
					_push( &_v8);
					_push( *_t33);
					_push(_a8);
					_push(_a4);
					if( *0x11fa988() != 0) {
						goto L13;
					}
					_t36 = GetLastError();
					if(_t36 != 0x7a) {
						L9:
						if(_t36 > 0) {
							_t36 = _t36 & 0x0000ffff | 0x80070000;
							_t47 = _t36;
						}
						if(_t47 < 0) {
							E011938BA(_t22, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\inetutil.cpp", 0x6c, _t36);
						}
						goto L13;
					}
					_t25 = _v8 + 2;
					_v8 = _v8 + 2;
					_t36 = E01191FE0(_t33, _t25 >> 1);
					if(_t36 < 0) {
						goto L13;
					} else {
						_push( &_v12);
						_push( &_v8);
						_push( *_t33);
						_push(_a8);
						_push(_a4);
						if( *0x11fa988() != 0) {
							_t36 = 0;
						} else {
							_t36 = GetLastError();
						}
						goto L9;
					}
				}
				_t36 = E01191FE0(_t33, 0x40);
				if(_t36 < 0) {
					goto L13;
				}
				goto L2;
			}








                                                            0x011d8291
                                                            0x011d8296
                                                            0x011d8299
                                                            0x011d829e
                                                            0x011d82b2
                                                            0x011d82bd
                                                            0x011d82c1
                                                            0x011d834a
                                                            0x011d834f
                                                            0x011d834f
                                                            0x011d82ca
                                                            0x011d82ce
                                                            0x011d82cf
                                                            0x011d82d1
                                                            0x011d82d4
                                                            0x011d82df
                                                            0x00000000
                                                            0x00000000
                                                            0x011d82e7
                                                            0x011d82ec
                                                            0x011d832c
                                                            0x011d832e
                                                            0x011d8333
                                                            0x011d8339
                                                            0x011d8339
                                                            0x011d833b
                                                            0x011d8345
                                                            0x011d8345
                                                            0x00000000
                                                            0x011d833b
                                                            0x011d82f1
                                                            0x011d82f4
                                                            0x011d8300
                                                            0x011d8304
                                                            0x00000000
                                                            0x011d8306
                                                            0x011d8309
                                                            0x011d830d
                                                            0x011d830e
                                                            0x011d8310
                                                            0x011d8313
                                                            0x011d831e
                                                            0x011d832a
                                                            0x011d8320
                                                            0x011d8326
                                                            0x011d8326
                                                            0x00000000
                                                            0x011d831e
                                                            0x011d8304
                                                            0x011d82a8
                                                            0x011d82ac
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • GetLastError.KERNEL32(?,011D5A2D,?,00000033,00000000,?,00000013,00000000,?,?,011D57DE,00000000,00000000,011D5D94,00000000,00000000), ref: 011D82E1
                                                            • GetLastError.KERNEL32(?,011D5A2D,?,00000033,00000000,?,00000013,00000000,?,?,011D57DE,00000000,00000000,011D5D94,00000000,00000000), ref: 011D8320
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\inetutil.cpp
                                                            • API String ID: 1452528299-1391240214
                                                            • Opcode ID: 861bf1aaad42728fccade3849897879cb0462520f0ae865e1afa41cb811ca55c
                                                            • Instruction ID: 0c417b0929e7b14a918b2bc00f163d6242466f48b65460e15c57f4b552a1b3d5
                                                            • Opcode Fuzzy Hash: 861bf1aaad42728fccade3849897879cb0462520f0ae865e1afa41cb811ca55c
                                                            • Instruction Fuzzy Hash: AE21847790112AFBCB2A9BA8C844E9EBBB8AF04690B110125FD15E7110EB30DE50DBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D2AB1 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 44%
                                                            			E011D2AB1(void* __eax, intOrPtr* _a4, intOrPtr _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v20;
				char _v28;
				intOrPtr* _t36;
				intOrPtr* _t39;
				signed int _t40;
				signed int _t41;
				signed int* _t43;
				void* _t46;
				void* _t47;
				void* _t51;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				__imp__#2(_a8);
				_t46 = __eax;
				__imp__#8( &_v28);
				_t39 = _a4;
				_t47 =  *((intOrPtr*)( *_t39 + 0x44))(_t39,  &_v8);
				if(_t47 >= 0) {
					_t47 = E011D2CFC( &_v12, _v8, __eax,  &_v12);
					if(_t47 != 1 && _t47 >= 0) {
						_t36 = _v12;
						_t47 =  *((intOrPtr*)( *_t36 + 0x20))(_t36,  &_v28);
						_t51 = _t47;
						if(_t51 >= 0 && _t51 == 0) {
							_t43 = _a12;
							if(_t43 != 0) {
								_v20 = _v20 & 0x00000000;
								 *_t43 = _v20;
							}
						}
					}
				}
				_t40 = _v8;
				if(_t40 != 0) {
					 *((intOrPtr*)( *_t40 + 8))(_t40);
				}
				_t41 = _v12;
				if(_t41 != 0) {
					 *((intOrPtr*)( *_t41 + 8))(_t41);
				}
				__imp__#9( &_v28);
				if(_t46 != 0) {
					__imp__#6(_t46);
				}
				return _t47;
			}















                                                            0x011d2ab7
                                                            0x011d2abb
                                                            0x011d2ac4
                                                            0x011d2aca
                                                            0x011d2ad0
                                                            0x011d2ad6
                                                            0x011d2ae3
                                                            0x011d2ae7
                                                            0x011d2af6
                                                            0x011d2afb
                                                            0x011d2b01
                                                            0x011d2b0e
                                                            0x011d2b10
                                                            0x011d2b12
                                                            0x011d2b16
                                                            0x011d2b1b
                                                            0x011d2b20
                                                            0x011d2b24
                                                            0x011d2b24
                                                            0x011d2b1b
                                                            0x011d2b12
                                                            0x011d2afb
                                                            0x011d2b26
                                                            0x011d2b2b
                                                            0x011d2b30
                                                            0x011d2b30
                                                            0x011d2b33
                                                            0x011d2b38
                                                            0x011d2b3d
                                                            0x011d2b3d
                                                            0x011d2b44
                                                            0x011d2b4c
                                                            0x011d2b4f
                                                            0x011d2b4f
                                                            0x011d2b5a

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 011D2AC4
                                                            • VariantInit.OLEAUT32(?), ref: 011D2AD0
                                                            • VariantClear.OLEAUT32(?), ref: 011D2B44
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D2B4F
                                                              • Part of subcall function 011D2CFC: SysAllocString.OLEAUT32(?), ref: 011D2D11
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocVariant$ClearFreeInit
                                                            • String ID:
                                                            • API String ID: 347726874-0
                                                            • Opcode ID: f582bfffb50a182514b87b79f4e589925c669872919e26a30dbca00cc6bc2216
                                                            • Instruction ID: 07c34ed9116601139f6731f05830bd07634e4003a6d2c00109c944b20b8fdce5
                                                            • Opcode Fuzzy Hash: f582bfffb50a182514b87b79f4e589925c669872919e26a30dbca00cc6bc2216
                                                            • Instruction Fuzzy Hash: 65216231902219EFCB19DFA8D888EAEBBB9FF45715F100168E911DB210DB70DD45CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119753E Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 26%
                                                            			E0119753E(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void* _t21;

				_t19 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t21 = E01195DA8(_t19, _a4, _a8,  &_v8);
				if(_t21 != 0x80070490) {
					if(_t21 >= 0) {
						_t21 = E011AFFCA(_v8 + 8, _a12);
						if(_t21 < 0) {
							_push(_a8);
							_push("Failed to copy value of variable: %ls");
							goto L5;
						}
					} else {
						_push(_a8);
						_push("Failed to get value of variable: %ls");
						L5:
						_push(_t21);
						E011CFB09();
					}
				}
				LeaveCriticalSection(_a4);
				return _t21;
			}





                                                            0x0119753e
                                                            0x01197541
                                                            0x01197542
                                                            0x0119754a
                                                            0x0119755f
                                                            0x01197567
                                                            0x0119756b
                                                            0x01197586
                                                            0x0119758a
                                                            0x0119758c
                                                            0x0119758f
                                                            0x00000000
                                                            0x0119758f
                                                            0x0119756d
                                                            0x0119756d
                                                            0x01197570
                                                            0x01197594
                                                            0x01197594
                                                            0x01197595
                                                            0x0119759a
                                                            0x0119756b
                                                            0x011975a0
                                                            0x011975aa

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000006,?,0119985C,00000000,?,00000000,00000000,00000000,?,0119969D,00000000,?,00000000,00000000), ref: 0119754A
                                                            • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,0119985C,00000000,?,00000000,00000000,00000000,?,0119969D,00000000,?,00000000), ref: 011975A0
                                                            Strings
                                                            • Failed to copy value of variable: %ls, xrefs: 0119758F
                                                            • Failed to get value of variable: %ls, xrefs: 01197570
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
                                                            • API String ID: 3168844106-2936390398
                                                            • Opcode ID: 74d74695fa2239157d68e253d9c96e9494dfa2a01b1a12c385db743c2b16f1c2
                                                            • Instruction ID: be93df54dc026ba71d0b0a598943f3e58d8707ef4fcf1ab4686004d12b8eb724
                                                            • Opcode Fuzzy Hash: 74d74695fa2239157d68e253d9c96e9494dfa2a01b1a12c385db743c2b16f1c2
                                                            • Instruction Fuzzy Hash: 92F0FF7280022ABBCF0A6F60CC04E9E7F69EF05264F408020FC24A6220C33ADF119B90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011CFA47 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011CFA47() {
				void* _t1;
				signed int _t2;
				signed int _t3;

				EnterCriticalSection(0x11fb5d4);
				_t1 =  *0x11fa774; // 0xffffffff
				 *0x11fb5c8 = 1;
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x11fa774 =  *0x11fa774 | 0xffffffff;
				}
				_t2 =  *0x11fb5cc; // 0x0
				if(_t2 != 0) {
					E01192762(_t2);
					 *0x11fb5cc =  *0x11fb5cc & 0x00000000;
				}
				_t3 =  *0x11fb5d0; // 0x6f2c60
				if(_t3 != 0) {
					_t3 = E01192762(_t3);
					 *0x11fb5d0 =  *0x11fb5d0 & 0x00000000;
				}
				LeaveCriticalSection(0x11fb5d4);
				return _t3;
			}






                                                            0x011cfa4e
                                                            0x011cfa54
                                                            0x011cfa59
                                                            0x011cfa66
                                                            0x011cfa69
                                                            0x011cfa6f
                                                            0x011cfa6f
                                                            0x011cfa76
                                                            0x011cfa7d
                                                            0x011cfa80
                                                            0x011cfa85
                                                            0x011cfa85
                                                            0x011cfa8c
                                                            0x011cfa93
                                                            0x011cfa96
                                                            0x011cfa9b
                                                            0x011cfa9b
                                                            0x011cfaa3
                                                            0x011cfaaa

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(011FB5D4,00000000,011A40BF,feclient.dll,?,00000000,?,?,?,01194B57,?,?,011DA488,?,00000001,00000000), ref: 011CFA4E
                                                            • CloseHandle.KERNEL32(FFFFFFFF,?,?,01194B57,?,?,011DA488,?,00000001,00000000,00000000,?,?,011954CB,?,?), ref: 011CFA69
                                                            • LeaveCriticalSection.KERNEL32(011FB5D4,?,?,01194B57,?,?,011DA488,?,00000001,00000000,00000000,?,?,011954CB,?,?), ref: 011CFAA3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$CloseEnterHandleLeave
                                                            • String ID: `,o
                                                            • API String ID: 2394387412-1403651413
                                                            • Opcode ID: 4c7d8632cbc240b4d3493b3e5e9bb866370d85790be0e82676eaf895498840dc
                                                            • Instruction ID: 8b8fe34d96e86d4b52891bdfaad3e9d563e4ee424d401dcf2d2322543d67f5ec
                                                            • Opcode Fuzzy Hash: 4c7d8632cbc240b4d3493b3e5e9bb866370d85790be0e82676eaf895498840dc
                                                            • Instruction Fuzzy Hash: BCF0FEB0509A129BD73C9E39F91CB553AA9BF24765F04432CE031D31E8D77D84868B54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D0517 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 81%
                                                            			E011D0517(void* __ecx, void* _a4, short* _a8, intOrPtr _a12, signed short _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed short _t35;
				signed short _t36;
				signed int _t37;
				void* _t55;
				signed short _t57;
				signed short _t58;
				signed int _t59;
				signed short _t60;
				signed int _t63;
				signed short _t64;
				void* _t65;

				_t55 = __ecx;
				_v12 = _v12 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t63 = 0;
				_t65 =  *0x11fb634 - _t63; // 0x1
				if(_t65 != 0 || _a12 == 0) {
					_t35 = _a12 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						_t63 = 0x200;
					} else {
						__eflags = _t35 == 1;
						if(_t35 == 1) {
							_t63 = 0x100;
						}
					}
					__eflags = _a16;
					if(_a16 == 0) {
						L16:
						_t36 =  *0x11fb628;
						__eflags = _t36;
						if(_t36 == 0) {
							_t37 = RegDeleteKeyW(_a4, _a8);
							_t59 = _t37 & 0x0000ffff;
							__eflags = _t37;
							if(_t37 > 0) {
								_t57 = _t59 | 0x80070000;
								__eflags = _t57;
								_t60 = _t57;
							} else {
								_t57 = _t37;
								_t60 = _t59 | 0x80070000;
							}
							__eflags = _t57 - 0x80070002;
							if(_t57 != 0x80070002) {
								_t64 = 0;
								__eflags = _t37;
								if(__eflags == 0) {
									goto L39;
								}
								_t64 = _t37;
								if(__eflags > 0) {
									_t64 = _t60;
								}
								__eflags = _t64;
								if(_t64 >= 0) {
									_t64 = 0x80004005;
								}
								_push(_t64);
								_push(0xfb);
								L38:
								_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
								E011938BA(_t37);
							} else {
								_t64 = _t57;
							}
							goto L39;
						}
						_t64 =  *_t36(_a4, _a8, _t63, 0);
						_t58 = _t64;
						_t37 = _t64 & 0x0000ffff | 0x80070000;
						__eflags = _t64;
						if(_t64 > 0) {
							_t58 = _t37;
						}
						__eflags = _t58 - 0x80070002;
						if(_t58 != 0x80070002) {
							__eflags = _t64;
							if(__eflags == 0) {
								goto L9;
							}
							if(__eflags > 0) {
								_t64 = _t37;
								__eflags = _t64;
							}
							if(__eflags >= 0) {
								_t64 = 0x80004005;
							}
							_push(_t64);
							_push(0xf2);
							goto L38;
						} else {
							_t64 = 0x80070002;
							goto L39;
						}
					} else {
						_t64 = E011D0823(_a4, _a8, _t63 | 0x00020019,  &_v8);
						__eflags = _t64 - 0x80070002;
						if(_t64 != 0x80070002) {
							while(1) {
								__eflags = _t64;
								if(_t64 < 0) {
									break;
								}
								_t64 = E011D0708(_t55, _v8, 0,  &_v12);
								__eflags = _t64 - 0x80070103;
								if(_t64 == 0x80070103) {
									goto L16;
								}
								__eflags = _t64;
								if(_t64 < 0) {
									L39:
									__eflags = _v8;
									if(_v8 != 0) {
										RegCloseKey(_v8);
										_t28 =  &_v8;
										 *_t28 = _v8 & 0x00000000;
										__eflags =  *_t28;
									}
									__eflags = _v12;
									if(_v12 != 0) {
										E01192762(_v12);
									}
									__eflags = _v16;
									if(_v16 != 0) {
										E01192762(_v16);
									}
									goto L45;
								}
								_t64 = E01192E55(_t55, _a8, _v12,  &_v16);
								__eflags = _t64;
								if(_t64 < 0) {
									goto L39;
								}
								_t64 = E011D0517(_t55, _a4, _v16, _a12, _a16);
							}
							goto L39;
						}
						L9:
						_t64 = 0;
						goto L39;
					}
				} else {
					_t64 = 0x80070057;
					L45:
					return _t64;
				}
			}

















                                                            0x011d0517
                                                            0x011d051d
                                                            0x011d0521
                                                            0x011d0525
                                                            0x011d052b
                                                            0x011d052d
                                                            0x011d0533
                                                            0x011d0547
                                                            0x011d0547
                                                            0x011d054a
                                                            0x011d0558
                                                            0x011d054c
                                                            0x011d054c
                                                            0x011d054f
                                                            0x011d0551
                                                            0x011d0551
                                                            0x011d054f
                                                            0x011d055d
                                                            0x011d0561
                                                            0x011d05e1
                                                            0x011d05e1
                                                            0x011d05e6
                                                            0x011d05e8
                                                            0x011d0637
                                                            0x011d063d
                                                            0x011d0640
                                                            0x011d0642
                                                            0x011d0650
                                                            0x011d0650
                                                            0x011d0656
                                                            0x011d0644
                                                            0x011d0644
                                                            0x011d0646
                                                            0x011d0646
                                                            0x011d0658
                                                            0x011d065e
                                                            0x011d0664
                                                            0x011d0666
                                                            0x011d0668
                                                            0x00000000
                                                            0x00000000
                                                            0x011d066a
                                                            0x011d066c
                                                            0x011d066e
                                                            0x011d066e
                                                            0x011d0670
                                                            0x011d0672
                                                            0x011d0674
                                                            0x011d0674
                                                            0x011d0679
                                                            0x011d067a
                                                            0x011d067f
                                                            0x011d067f
                                                            0x011d0684
                                                            0x011d0660
                                                            0x011d0660
                                                            0x011d0660
                                                            0x00000000
                                                            0x011d065e
                                                            0x011d05f5
                                                            0x011d05fa
                                                            0x011d05fc
                                                            0x011d0601
                                                            0x011d0603
                                                            0x011d0605
                                                            0x011d0605
                                                            0x011d060c
                                                            0x011d060e
                                                            0x011d0614
                                                            0x011d0616
                                                            0x00000000
                                                            0x00000000
                                                            0x011d061c
                                                            0x011d061e
                                                            0x011d0620
                                                            0x011d0620
                                                            0x011d0622
                                                            0x011d0624
                                                            0x011d0624
                                                            0x011d0629
                                                            0x011d062a
                                                            0x00000000
                                                            0x011d0610
                                                            0x011d0610
                                                            0x00000000
                                                            0x011d0610
                                                            0x011d0563
                                                            0x011d057a
                                                            0x011d0581
                                                            0x011d0583
                                                            0x011d05d8
                                                            0x011d05d8
                                                            0x011d05da
                                                            0x00000000
                                                            0x00000000
                                                            0x011d059a
                                                            0x011d059c
                                                            0x011d05a2
                                                            0x00000000
                                                            0x00000000
                                                            0x011d05a4
                                                            0x011d05a6
                                                            0x011d0689
                                                            0x011d0689
                                                            0x011d068d
                                                            0x011d0692
                                                            0x011d0698
                                                            0x011d0698
                                                            0x011d0698
                                                            0x011d0698
                                                            0x011d069c
                                                            0x011d06a0
                                                            0x011d06a5
                                                            0x011d06a5
                                                            0x011d06aa
                                                            0x011d06ae
                                                            0x011d06b3
                                                            0x011d06b3
                                                            0x00000000
                                                            0x011d06ae
                                                            0x011d05bb
                                                            0x011d05bd
                                                            0x011d05bf
                                                            0x00000000
                                                            0x00000000
                                                            0x011d05d6
                                                            0x011d05d6
                                                            0x00000000
                                                            0x011d05dc
                                                            0x011d0585
                                                            0x011d0585
                                                            0x00000000
                                                            0x011d0585
                                                            0x011d053a
                                                            0x011d053a
                                                            0x011d06b9
                                                            0x011d06bd
                                                            0x011d06bd

                                                            APIs
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 011D0692
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 011D067F
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 3535843008-3237223240
                                                            • Opcode ID: 547e425462c9ccd3da2bb79a58f6a0fc368130d4253505ea00b96e8f53ea827e
                                                            • Instruction ID: 4f21760dd65589e1979dda75a05fe399669e77ef272262ef7db99226bc174a94
                                                            • Opcode Fuzzy Hash: 547e425462c9ccd3da2bb79a58f6a0fc368130d4253505ea00b96e8f53ea827e
                                                            • Instruction Fuzzy Hash: 4141D432D01126EBDF3E8A68C804BAD7E61AB98760F2A8165FD14AB154D775CE40DBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D095E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E011D095E(void* _a4, short* _a8, char** _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				void* _v20;
				signed int _t37;
				long _t41;
				signed int _t57;
				long _t59;
				char** _t61;
				long _t62;

				_t61 = _a12;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_t61 == 0 ||  *_t61 == 0) {
					L4:
					_v8 = 2;
					_t62 = E01191FE0(_t61, 2);
					if(_t62 < 0) {
						goto L26;
					} else {
						_t37 = _v8;
						goto L6;
					}
				} else {
					_t62 = E01192847( *_t61,  &_v8);
					if(_t62 < 0) {
						L26:
						if(_v20 != 0) {
							E01192762(_v20);
						}
						return _t62;
					}
					_t37 = _v8;
					if(_t37 >= 2) {
						L6:
						_v16 = _t37 * 2 - 2;
						_t41 = RegQueryValueExW(_a4, _a8, 0,  &_v12,  *_t61,  &_v16);
						if(_t41 != 0xea) {
							L9:
							_t59 = _t41;
							_t57 = _t41 & 0x0000ffff | 0x80070000;
							if(_t41 > 0) {
								_t59 = _t57;
							}
							if(_t59 != 0x80070002) {
								__eflags = _t41;
								if(__eflags == 0) {
									__eflags = _v12 - 1;
									if(_v12 == 1) {
										L23:
										( *_t61)[_v8 * 2 - 2] = 0;
										__eflags = _v12 - 2;
										if(_v12 == 2) {
											_t62 = E0119229E( &_v20,  *_t61, 0);
											__eflags = _t62;
											if(_t62 >= 0) {
												_t62 = E01193171(_t61, _v20, 1);
											}
										}
										goto L26;
									}
									__eflags = _v12 - 2;
									if(_v12 == 2) {
										goto L23;
									}
									_t62 = 0x8007070c;
									_push(0x8007070c);
									_push(0x1ef);
									L19:
									_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
									E011938BA(_t41);
									goto L26;
								}
								_t62 = _t41;
								if(__eflags > 0) {
									_t62 = _t57;
								}
								__eflags = _t62;
								if(_t62 >= 0) {
									_t62 = 0x80004005;
								}
								_push(_t62);
								_push(0x1dc);
								goto L19;
							} else {
								_t62 = _t59;
								goto L26;
							}
						}
						_v8 = (_v16 >> 1) + 1;
						_t62 = E01191FE0(_t61, (_v16 >> 1) + 1);
						if(_t62 < 0) {
							goto L26;
						}
						_t41 = RegQueryValueExW(_a4, _a8, 0,  &_v12,  *_t61,  &_v16);
						goto L9;
					}
					goto L4;
				}
			}













                                                            0x011d0969
                                                            0x011d096c
                                                            0x011d096f
                                                            0x011d0972
                                                            0x011d0975
                                                            0x011d097a
                                                            0x011d099d
                                                            0x011d09a0
                                                            0x011d09ac
                                                            0x011d09b0
                                                            0x00000000
                                                            0x011d09b6
                                                            0x011d09b6
                                                            0x00000000
                                                            0x011d09b6
                                                            0x011d0980
                                                            0x011d098b
                                                            0x011d098f
                                                            0x011d0a9e
                                                            0x011d0aa1
                                                            0x011d0aa6
                                                            0x011d0aa6
                                                            0x011d0ab1
                                                            0x011d0ab1
                                                            0x011d0995
                                                            0x011d099b
                                                            0x011d09b9
                                                            0x011d09c0
                                                            0x011d09d4
                                                            0x011d09df
                                                            0x011d0a12
                                                            0x011d0a15
                                                            0x011d0a17
                                                            0x011d0a1f
                                                            0x011d0a21
                                                            0x011d0a21
                                                            0x011d0a29
                                                            0x011d0a2f
                                                            0x011d0a31
                                                            0x011d0a54
                                                            0x011d0a58
                                                            0x011d0a6d
                                                            0x011d0a74
                                                            0x011d0a79
                                                            0x011d0a7d
                                                            0x011d0a8b
                                                            0x011d0a8d
                                                            0x011d0a8f
                                                            0x011d0a9c
                                                            0x011d0a9c
                                                            0x011d0a8f
                                                            0x00000000
                                                            0x011d0a7d
                                                            0x011d0a5a
                                                            0x011d0a5e
                                                            0x00000000
                                                            0x00000000
                                                            0x011d0a60
                                                            0x011d0a65
                                                            0x011d0a66
                                                            0x011d0a48
                                                            0x011d0a48
                                                            0x011d0a4d
                                                            0x00000000
                                                            0x011d0a4d
                                                            0x011d0a33
                                                            0x011d0a35
                                                            0x011d0a37
                                                            0x011d0a37
                                                            0x011d0a39
                                                            0x011d0a3b
                                                            0x011d0a3d
                                                            0x011d0a3d
                                                            0x011d0a42
                                                            0x011d0a43
                                                            0x00000000
                                                            0x011d0a2b
                                                            0x011d0a2b
                                                            0x00000000
                                                            0x011d0a2b
                                                            0x011d0a29
                                                            0x011d09e9
                                                            0x011d09f1
                                                            0x011d09f5
                                                            0x00000000
                                                            0x00000000
                                                            0x011d0a0c
                                                            0x00000000
                                                            0x011d0a0c
                                                            0x00000000
                                                            0x011d099b

                                                            APIs
                                                            • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 011D09D4
                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 011D0A0C
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 011D0A48
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: QueryValue
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 3660427363-3237223240
                                                            • Opcode ID: 305a5432a55b06ddfab5da7e3d3fc187a7569aca37b6d6d0aab9bb1e968cb4ed
                                                            • Instruction ID: 8cb10fc2608b7d3c3224f9be2e6c33a3d00b597345eb3da111490fca634609e3
                                                            • Opcode Fuzzy Hash: 305a5432a55b06ddfab5da7e3d3fc187a7569aca37b6d6d0aab9bb1e968cb4ed
                                                            • Instruction Fuzzy Hash: D541B636D0011BFBDF29DE98C8809AEBBB9EF18754F11426AF914AB151D7309E50CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D8705 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E011D8705(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				void* _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* __ebx;
				void* _t60;
				void* _t61;

				_t57 = __ecx;
				_v24 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_t61 = E011D85F6(__ecx, _a8,  &_v24);
				if(_t61 >= 0) {
					_t61 = E011D0823(_a4, _v24, 0x20019,  &_v16);
					if(_t61 >= 0) {
						_t61 = E011D0823(_v16,  *0x11fa7e4, 0x20019,  &_v12);
						if(_t61 == 0x80070002) {
							L12:
							_t61 = 0;
						} else {
							if(_t61 >= 0) {
								_t60 = 0;
								_push( &_v8);
								_push(0);
								while(1) {
									_push(_v12);
									_t61 = E011D0708(_t57);
									if(_t61 == 0x80070103) {
										goto L12;
									}
									__eflags = _t61;
									if(_t61 >= 0) {
										_t61 = E011D4DF6(_t57, _a16, _v8);
										__eflags = _t61 - 0x80070490;
										if(_t61 != 0x80070490) {
											L9:
											__eflags = _t61;
											if(_t61 >= 0) {
												_t60 = _t60 + 1;
												__eflags = _t60;
												_push( &_v8);
												_push(_t60);
												continue;
											}
										} else {
											_t61 = E011D867F(0, _t57, _a4, _v8,  &_v20);
											__eflags = _t61;
											if(__eflags >= 0) {
												_t61 = E011D882D(_t57, __eflags, _a20, _a24, _v8, _v20);
												goto L9;
											}
										}
									}
									goto L13;
								}
								goto L12;
							}
						}
					}
				}
				L13:
				if(_v20 != 0) {
					E01192762(_v20);
				}
				if(_v8 != 0) {
					E01192762(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = 0;
				}
				if(_v16 != 0) {
					RegCloseKey(_v16);
					_v16 = 0;
				}
				if(_v24 != 0) {
					E01192762(_v24);
				}
				return _t61;
			}











                                                            0x011d8705
                                                            0x011d8717
                                                            0x011d871a
                                                            0x011d871d
                                                            0x011d8720
                                                            0x011d8723
                                                            0x011d872b
                                                            0x011d872f
                                                            0x011d874a
                                                            0x011d874e
                                                            0x011d8767
                                                            0x011d876f
                                                            0x011d87db
                                                            0x011d87db
                                                            0x011d8771
                                                            0x011d8773
                                                            0x011d8778
                                                            0x011d877a
                                                            0x011d877b
                                                            0x011d87c9
                                                            0x011d87c9
                                                            0x011d87d1
                                                            0x011d87d9
                                                            0x00000000
                                                            0x00000000
                                                            0x011d877e
                                                            0x011d8780
                                                            0x011d878d
                                                            0x011d878f
                                                            0x011d8795
                                                            0x011d87bf
                                                            0x011d87bf
                                                            0x011d87c1
                                                            0x011d87c6
                                                            0x011d87c6
                                                            0x011d87c7
                                                            0x011d87c8
                                                            0x00000000
                                                            0x011d87c8
                                                            0x011d8797
                                                            0x011d87a6
                                                            0x011d87a8
                                                            0x011d87aa
                                                            0x011d87bd
                                                            0x00000000
                                                            0x011d87bd
                                                            0x011d87aa
                                                            0x011d8795
                                                            0x00000000
                                                            0x011d8780
                                                            0x00000000
                                                            0x011d87c9
                                                            0x011d8773
                                                            0x011d876f
                                                            0x011d874e
                                                            0x011d87dd
                                                            0x011d87e0
                                                            0x011d87e5
                                                            0x011d87e5
                                                            0x011d87ed
                                                            0x011d87f2
                                                            0x011d87f2
                                                            0x011d8800
                                                            0x011d8805
                                                            0x011d8807
                                                            0x011d8807
                                                            0x011d880d
                                                            0x011d8812
                                                            0x011d8814
                                                            0x011d8814
                                                            0x011d881a
                                                            0x011d881f
                                                            0x011d881f
                                                            0x011d882a

                                                            APIs
                                                              • Part of subcall function 011D85F6: lstrlenW.KERNEL32(00000100,?,?,?,011D8996,000002C0,00000100,00000100,00000100,?,?,?,011B7AD3,?,?,000001BC), ref: 011D861B
                                                            • RegCloseKey.ADVAPI32(00000000,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,011DA500,wininet.dll,?), ref: 011D8805
                                                            • RegCloseKey.ADVAPI32(?,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,011DA500,wininet.dll,?), ref: 011D8812
                                                              • Part of subcall function 011D0823: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,011FAA7C,00000000,?,011D4FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 011D0837
                                                              • Part of subcall function 011D0708: RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,011B8B57), ref: 011D0763
                                                              • Part of subcall function 011D0708: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,011B8B57,00000000), ref: 011D0781
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Close$EnumInfoOpenQuerylstrlen
                                                            • String ID: wininet.dll
                                                            • API String ID: 2680864210-3354682871
                                                            • Opcode ID: 3345fb27247a4156bb808698c6eafca2da650662285cd5d55186ddce883e5ec8
                                                            • Instruction ID: 20fe246466d1a725946b9ea478ca4ad4219c9c1c2b79a793f5769279c524aec4
                                                            • Opcode Fuzzy Hash: 3345fb27247a4156bb808698c6eafca2da650662285cd5d55186ddce883e5ec8
                                                            • Instruction Fuzzy Hash: C6310A76C0152AFBCF26AFA8D9808AEBF79EF14754F164179EA1076120D7318E60DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01193ADB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E01193ADB(void* __ecx, signed int* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24) {
				intOrPtr _v8;
				void* __edi;
				intOrPtr _t21;
				signed int _t23;
				intOrPtr _t25;
				void* _t29;
				signed int _t31;
				intOrPtr _t34;
				signed int _t43;
				signed int _t45;
				intOrPtr _t48;
				signed int _t50;
				void* _t52;

				_push(__ecx);
				_t45 = _a12;
				if(_t45 != 0) {
					_t50 = _a20;
					_t29 = _a16 + _t45;
					_t21 = E01193A01(__ecx, __eflags, _a4, _t29, _t50, _a24);
					_v8 = _t21;
					__eflags = _t21;
					if(_t21 >= 0) {
						_t43 =  *_a4;
						_t8 = _t29 - 1; // 0x11da49f
						_t23 = _t8;
						_t31 = _a8;
						_a20 = _t43;
						__eflags = _t23 - _t31;
						if(_t23 > _t31) {
							_a24 = _t23 * _t50 + _t43;
							_t12 = _t23 - 1; // 0x11da49e
							_t41 = _t12 * _t50 + _t43;
							_t25 = _t23 - _t31;
							__eflags = _t25;
							_t34 = _a24;
							_t48 = _t25;
							_a4 = _t12 * _t50 + _t43;
							do {
								E01193C78(_t34, _t50, _t41, _t50);
								_t52 = _t52 + 0x10;
								_t41 = _a4 - _t50;
								_t34 = _t34 - _t50;
								_a4 = _a4 - _t50;
								_t48 = _t48 - 1;
								__eflags = _t48;
							} while (_t48 != 0);
							_t45 = _a12;
							_t31 = _a8;
							_t43 = _a20;
						}
						__eflags = _t31 * _t50 + _t43;
						E011BF600(_t45 * _t50, _t31 * _t50 + _t43, 0, _t45 * _t50);
						_t21 = _v8;
					}
				} else {
					_t21 = 0;
				}
				return _t21;
			}
















                                                            0x01193ade
                                                            0x01193ae0
                                                            0x01193ae5
                                                            0x01193af6
                                                            0x01193af9
                                                            0x01193b00
                                                            0x01193b05
                                                            0x01193b08
                                                            0x01193b0a
                                                            0x01193b0f
                                                            0x01193b11
                                                            0x01193b11
                                                            0x01193b14
                                                            0x01193b17
                                                            0x01193b1a
                                                            0x01193b1c
                                                            0x01193b25
                                                            0x01193b28
                                                            0x01193b2e
                                                            0x01193b30
                                                            0x01193b30
                                                            0x01193b32
                                                            0x01193b35
                                                            0x01193b37
                                                            0x01193b3a
                                                            0x01193b3e
                                                            0x01193b46
                                                            0x01193b49
                                                            0x01193b4b
                                                            0x01193b4d
                                                            0x01193b50
                                                            0x01193b50
                                                            0x01193b50
                                                            0x01193b55
                                                            0x01193b58
                                                            0x01193b5b
                                                            0x01193b5b
                                                            0x01193b65
                                                            0x01193b6a
                                                            0x01193b6f
                                                            0x01193b72
                                                            0x01193ae7
                                                            0x01193ae7
                                                            0x01193ae7
                                                            0x01193b79

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _memcpy_s
                                                            • String ID: crypt32.dll$wininet.dll
                                                            • API String ID: 2001391462-82500532
                                                            • Opcode ID: 4ae1699a8e0cffef73e401e02ee7f8f13826bdea54519662f1ff0bf1fc8a425b
                                                            • Instruction ID: 34156dd6a80ba1c530e7c8ac1ac5cd61110cbfcd3352511afbc1d4f8f2e650f6
                                                            • Opcode Fuzzy Hash: 4ae1699a8e0cffef73e401e02ee7f8f13826bdea54519662f1ff0bf1fc8a425b
                                                            • Instruction Fuzzy Hash: 2A116371610219AFCF08DF29CCD59DF7F69EF95294B148019ED268B351D231E9108BE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011A3A2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011A3A2C(void* __ecx, void* __edi, void* __esi, signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _t14;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				signed short* _t22;
				signed int* _t23;
				signed short* _t26;
				signed int _t28;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t14 = E011D0823(0x80000002, L"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer", 0x20019,  &_v8);
				if(_t14 < 0) {
					L12:
					_t22 = _v12;
				} else {
					_t14 = E011D095E(_v8, L"Logging",  &_v12);
					if(_t14 < 0) {
						goto L12;
					} else {
						_t22 = _v12;
						_t26 = _t22;
						_t14 =  *_t22 & 0x0000ffff;
						if(_t14 != 0) {
							_t23 = _a4;
							_t28 = _t14;
							do {
								_t17 = 0x76;
								if(_t17 == _t28) {
									L9:
									 *_t23 =  *_t23 | 0x00000002;
								} else {
									_t18 = 0x56;
									if(_t18 == _t28) {
										goto L9;
									} else {
										_t19 = 0x78;
										if(_t19 == _t28) {
											L8:
											 *_t23 =  *_t23 | 0x00000004;
										} else {
											_t20 = 0x58;
											if(_t20 == _t28) {
												goto L8;
											}
										}
									}
								}
								_t26 =  &(_t26[1]);
								_t14 =  *_t26 & 0x0000ffff;
								_t28 = _t14;
							} while (_t14 != 0);
						}
					}
				}
				if(_t22 != 0) {
					_t14 = E01192762(_t22);
				}
				if(_v8 != 0) {
					return RegCloseKey(_v8);
				}
				return _t14;
			}














                                                            0x011a3a31
                                                            0x011a3a38
                                                            0x011a3a4d
                                                            0x011a3a54
                                                            0x011a3ab6
                                                            0x011a3ab6
                                                            0x011a3a56
                                                            0x011a3a62
                                                            0x011a3a69
                                                            0x00000000
                                                            0x011a3a6b
                                                            0x011a3a6b
                                                            0x011a3a6e
                                                            0x011a3a70
                                                            0x011a3a76
                                                            0x011a3a78
                                                            0x011a3a7c
                                                            0x011a3a7e
                                                            0x011a3a80
                                                            0x011a3a84
                                                            0x011a3aa3
                                                            0x011a3aa3
                                                            0x011a3a86
                                                            0x011a3a88
                                                            0x011a3a8c
                                                            0x00000000
                                                            0x011a3a8e
                                                            0x011a3a90
                                                            0x011a3a94
                                                            0x011a3a9e
                                                            0x011a3a9e
                                                            0x011a3a96
                                                            0x011a3a98
                                                            0x011a3a9c
                                                            0x00000000
                                                            0x00000000
                                                            0x011a3a9c
                                                            0x011a3a94
                                                            0x011a3a8c
                                                            0x011a3aa6
                                                            0x011a3aa9
                                                            0x011a3aac
                                                            0x011a3aae
                                                            0x011a3ab3
                                                            0x011a3a76
                                                            0x011a3a69
                                                            0x011a3abc
                                                            0x011a3abf
                                                            0x011a3abf
                                                            0x011a3ac8
                                                            0x00000000
                                                            0x011a3acd
                                                            0x011a3ad4

                                                            APIs
                                                              • Part of subcall function 011D0823: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,011FAA7C,00000000,?,011D4FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 011D0837
                                                            • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000000,?,?,?,?,011A3F3C,feclient.dll,?,00000000,?,?,?,01194B57), ref: 011A3ACD
                                                              • Part of subcall function 011D095E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 011D09D4
                                                              • Part of subcall function 011D095E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 011D0A0C
                                                            Strings
                                                            • SOFTWARE\Policies\Microsoft\Windows\Installer, xrefs: 011A3A43
                                                            • Logging, xrefs: 011A3A5A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$CloseOpen
                                                            • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer
                                                            • API String ID: 1586453840-387823766
                                                            • Opcode ID: 623b58ec533c76bd8a4db6352d1681ba28224fe50689a4d3f8de6e77c524523b
                                                            • Instruction ID: b3e3244587f2dc5027f25eb9b308f089cbbc9bff9ab912a26ccb84da81c16246
                                                            • Opcode Fuzzy Hash: 623b58ec533c76bd8a4db6352d1681ba28224fe50689a4d3f8de6e77c524523b
                                                            • Instruction Fuzzy Hash: 58113B3AE10226BBFB2DDA94D92AFFABF64BB00604FD04055E911E7090C7709E418750
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C31CA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011C31CA(void* __ecx, void* __edx) {
				signed int _v8;
				char _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				intOrPtr _t31;
				signed int _t32;
				void* _t35;
				void* _t39;
				void* _t45;
				signed short* _t46;
				void* _t47;
				signed int _t48;
				void* _t49;

				_t45 = __edx;
				_t25 =  *0x11fa008; // 0x295f764a
				_v8 = _t25 ^ _t48;
				_t47 = __ecx;
				if( *((char*)(__ecx + 0x3c)) == 0) {
					L8:
					E011C32FC(_t47 + 0x448,  *((intOrPtr*)(_t47 + 0x34)),  *((intOrPtr*)(_t47 + 0x38)), _t47 + 0x18,  *((intOrPtr*)(_t47 + 0xc)));
				} else {
					_t31 =  *((intOrPtr*)(__ecx + 0x38));
					if(_t31 <= 0) {
						goto L8;
					} else {
						_t46 =  *(__ecx + 0x34);
						_t39 = 0;
						if(_t31 != 0) {
							while(1) {
								_t32 =  *_t46 & 0x0000ffff;
								_t46 =  &(_t46[1]);
								_v20 = _v20 & 0x00000000;
								_t35 = E011C6044( &_v20,  &_v16, 6, _t32);
								_t49 = _t49 + 0x10;
								if(_t35 != 0 || _v20 == _t35) {
									break;
								}
								E011C32FC(_t47 + 0x448,  &_v16, _v20, _t47 + 0x18,  *((intOrPtr*)(_t47 + 0xc)));
								_t39 = _t39 + 1;
								if(_t39 !=  *((intOrPtr*)(_t47 + 0x38))) {
									continue;
								} else {
								}
								goto L9;
							}
							 *(_t47 + 0x18) =  *(_t47 + 0x18) | 0xffffffff;
						}
					}
				}
				L9:
				return E011BDD1F(_t39, _v8 ^ _t48, _t45, _t46, _t47);
			}



















                                                            0x011c31ca
                                                            0x011c31d2
                                                            0x011c31d9
                                                            0x011c31de
                                                            0x011c31e5
                                                            0x011c3244
                                                            0x011c3257
                                                            0x011c31e7
                                                            0x011c31e7
                                                            0x011c31ec
                                                            0x00000000
                                                            0x011c31ee
                                                            0x011c31ee
                                                            0x011c31f1
                                                            0x011c31f5
                                                            0x011c31f7
                                                            0x011c31f7
                                                            0x011c31fa
                                                            0x011c31fd
                                                            0x011c320c
                                                            0x011c3211
                                                            0x011c3216
                                                            0x00000000
                                                            0x00000000
                                                            0x011c3231
                                                            0x011c3236
                                                            0x011c323a
                                                            0x00000000
                                                            0x00000000
                                                            0x011c323c
                                                            0x00000000
                                                            0x011c323a
                                                            0x011c323e
                                                            0x011c323e
                                                            0x011c31f5
                                                            0x011c31ec
                                                            0x011c325c
                                                            0x011c326e

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: __cftof
                                                            • String ID: Jv_)$comres.dll
                                                            • API String ID: 1622813385-411709878
                                                            • Opcode ID: cdfc369efd623081b52f58de56a91e5f6f59a23c9621efae5e7cc11cc501a3c7
                                                            • Instruction ID: e9258775e7cf8df8959e7c804e0bea2e7c05bdc75a0088fc9b2adb03b267bfb4
                                                            • Opcode Fuzzy Hash: cdfc369efd623081b52f58de56a91e5f6f59a23c9621efae5e7cc11cc501a3c7
                                                            • Instruction Fuzzy Hash: B821C33140061A9FDF28DA95C840ABBB7B9FF24614B00492ED67292550E730F949CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C80C3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 90%
                                                            			E011C80C3(signed int _a4, CHAR* _a8, intOrPtr* _a12, intOrPtr _a16) {
				struct HINSTANCE__* _t13;
				signed int* _t20;
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t33;
				intOrPtr* _t34;

				_t20 = 0x11fb4e8 + _a4 * 4;
				_t27 =  *0x11fa008; // 0x295f764a
				_t29 = _t28 | 0xffffffff;
				_t33 = _t27 ^  *_t20;
				asm("ror esi, cl");
				if(_t33 == _t29) {
					L14:
					return 0;
				}
				if(_t33 == 0) {
					_t34 = _a12;
					if(_t34 == _a16) {
						L7:
						_t13 = 0;
						L8:
						if(_t13 == 0) {
							L13:
							_push(0x20);
							asm("ror edi, cl");
							 *_t20 = _t29 ^ _t27;
							goto L14;
						}
						_t33 = GetProcAddress(_t13, _a8);
						if(_t33 == 0) {
							_t27 =  *0x11fa008; // 0x295f764a
							goto L13;
						}
						 *_t20 = E011BE1C9(_t33);
						goto L2;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = E011C815F( *_t34);
						if(_t13 != 0) {
							break;
						}
						_t34 = _t34 + 4;
						if(_t34 != _a16) {
							continue;
						}
						_t27 =  *0x11fa008; // 0x295f764a
						goto L7;
					}
					_t27 =  *0x11fa008; // 0x295f764a
					goto L8;
				}
				L2:
				return _t33;
			}










                                                            0x011c80ce
                                                            0x011c80d7
                                                            0x011c80dd
                                                            0x011c80e7
                                                            0x011c80e9
                                                            0x011c80ed
                                                            0x011c8158
                                                            0x00000000
                                                            0x011c8158
                                                            0x011c80f1
                                                            0x011c80f7
                                                            0x011c80fd
                                                            0x011c8119
                                                            0x011c8119
                                                            0x011c811b
                                                            0x011c811d
                                                            0x011c8148
                                                            0x011c814a
                                                            0x011c8152
                                                            0x011c8156
                                                            0x00000000
                                                            0x011c8156
                                                            0x011c8129
                                                            0x011c812d
                                                            0x011c8142
                                                            0x00000000
                                                            0x011c8142
                                                            0x011c8136
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011c80ff
                                                            0x011c80ff
                                                            0x011c8101
                                                            0x011c8109
                                                            0x00000000
                                                            0x00000000
                                                            0x011c810b
                                                            0x011c8111
                                                            0x00000000
                                                            0x00000000
                                                            0x011c8113
                                                            0x00000000
                                                            0x011c8113
                                                            0x011c813a
                                                            0x00000000
                                                            0x011c813a
                                                            0x011c80f3
                                                            0x00000000

                                                            APIs
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 011C8123
                                                            • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 011C8130
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressProc__crt_fast_encode_pointer
                                                            • String ID: Jv_)
                                                            • API String ID: 2279764990-4194347600
                                                            • Opcode ID: b0289cf68151b11b7cc8f2f943725706e95e32c3063cf0ad9bd14dbfacc5d9c6
                                                            • Instruction ID: ebe5a3f7f7820e74950a864cc1db471a6f4ccdc69e41e9e1ac1c8768a32e57e3
                                                            • Opcode Fuzzy Hash: b0289cf68151b11b7cc8f2f943725706e95e32c3063cf0ad9bd14dbfacc5d9c6
                                                            • Instruction Fuzzy Hash: FF11CA37A045219F9B3D9E1CF8C099A77D5AFD0A247168238ED2DAB248D731EC8587D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D0D87 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 84%
                                                            			E011D0D87(void* __ecx, void* _a4, short* _a8, char* _a12) {
				signed int _v8;
				signed short _t12;
				signed int _t19;
				signed short _t25;

				_t19 = 0;
				_v8 = _v8 & 0;
				if(_a12 == 0) {
					_t12 = RegDeleteValueW(_a4, _a8);
					__eflags = _t12 - 2;
					if(_t12 == 2) {
						L11:
						_t12 = 0;
						__eflags = 0;
					} else {
						__eflags = _t12 - 3;
						if(_t12 == 3) {
							goto L11;
						}
					}
					__eflags = _t12;
					if(__eflags != 0) {
						if(__eflags > 0) {
							_t19 = _t12 & 0x0000ffff | 0x80070000;
							__eflags = _t19;
						} else {
							_t19 = _t12;
						}
						__eflags = _t19;
						if(_t19 >= 0) {
							_t19 = 0x80004005;
						}
						_push(_t19);
						_push(0x2fe);
						goto L19;
					}
				} else {
					_t19 = E011D03F8(_a12, 0xffffffff,  &_v8);
					if(_t19 >= 0) {
						_t12 = RegSetValueExW(_a4, _a8, 0, 1, _a12, _v8);
						_t25 = _t12;
						if(_t25 != 0) {
							if(_t25 > 0) {
								_t19 = _t12 & 0x0000ffff | 0x80070000;
								__eflags = _t19;
							} else {
								_t19 = _t12;
							}
							if(_t19 >= 0) {
								_t19 = 0x80004005;
							}
							_push(_t19);
							_push(0x2f5);
							L19:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
							E011938BA(_t12);
						}
					}
				}
				return _t19;
			}







                                                            0x011d0d8c
                                                            0x011d0d8e
                                                            0x011d0d94
                                                            0x011d0dea
                                                            0x011d0df0
                                                            0x011d0df3
                                                            0x011d0dfa
                                                            0x011d0dfa
                                                            0x011d0dfa
                                                            0x011d0df5
                                                            0x011d0df5
                                                            0x011d0df8
                                                            0x00000000
                                                            0x00000000
                                                            0x011d0df8
                                                            0x011d0dfc
                                                            0x011d0dfe
                                                            0x011d0e00
                                                            0x011d0e09
                                                            0x011d0e09
                                                            0x011d0e02
                                                            0x011d0e02
                                                            0x011d0e02
                                                            0x011d0e0f
                                                            0x011d0e11
                                                            0x011d0e13
                                                            0x011d0e13
                                                            0x011d0e18
                                                            0x011d0e19
                                                            0x00000000
                                                            0x011d0e19
                                                            0x011d0d96
                                                            0x011d0da4
                                                            0x011d0da8
                                                            0x011d0dba
                                                            0x011d0dc0
                                                            0x011d0dc2
                                                            0x011d0dc4
                                                            0x011d0dcd
                                                            0x011d0dcd
                                                            0x011d0dc6
                                                            0x011d0dc6
                                                            0x011d0dc6
                                                            0x011d0dd5
                                                            0x011d0dd7
                                                            0x011d0dd7
                                                            0x011d0ddc
                                                            0x011d0ddd
                                                            0x011d0e1e
                                                            0x011d0e1e
                                                            0x011d0e23
                                                            0x011d0e23
                                                            0x011d0dc2
                                                            0x011d0da8
                                                            0x011d0e2c

                                                            APIs
                                                            • RegSetValueExW.ADVAPI32(00020006,011DFF38,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0119F2DF,00000000,?,00020006), ref: 011D0DBA
                                                            • RegDeleteValueW.ADVAPI32(00020006,011DFF38,00000000,?,?,0119F2DF,00000000,?,00020006,?,011DFF38,00020006,00000000,?,?,?), ref: 011D0DEA
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 011D0E1E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Value$Delete
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 1738766685-3237223240
                                                            • Opcode ID: 5470eff2b0b570623c77085a47b23898d805e4b632db414c3642ce001c9ac8ea
                                                            • Instruction ID: a10cebeddfba6754095b381de41fc4d6e76a8ecd0caebcbf4ffa7683915ce4ef
                                                            • Opcode Fuzzy Hash: 5470eff2b0b570623c77085a47b23898d805e4b632db414c3642ce001c9ac8ea
                                                            • Instruction Fuzzy Hash: 3811733794163ABBEB394A588D04BEFBD65EB0C760F054229FE10BA190D770DD1097E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0119DD59 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 61%
                                                            			E0119DD59(signed int _a4, short* _a8, intOrPtr _a12) {
				signed int _t15;
				signed int _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				short** _t26;
				void* _t27;

				_t15 = _a4;
				_t23 =  *((intOrPtr*)(_t15 + 0x8c));
				_t26 = 0;
				_t22 = 0;
				_t27 = 0x80070490;
				if(_t23 != 2) {
					if(_t23 == 3) {
						_t26 =  *(_t15 + 0x9c);
						_t22 =  *((intOrPtr*)(_t15 + 0xa0));
					}
				} else {
					_t26 =  *(_t15 + 0xb4);
					_t22 =  *((intOrPtr*)(_t15 + 0xb8));
				}
				_a4 = _a4 & 0x00000000;
				if(_t22 == 0) {
					L12:
					return _t27;
				} else {
					while(CompareStringW(0, 0,  *_t26, 0xffffffff, _a8, 0xffffffff) != 2) {
						_t26 =  &(_t26[3]);
						_t21 = _a4 + 1;
						_a4 = _t21;
						if(_t21 < _t22) {
							continue;
						}
						goto L12;
					}
					if(_a12 == 0) {
						L11:
						_t27 = 0;
						goto L12;
					}
					_t27 = E0119229E(_a12, _t26[1], 0);
					if(_t27 >= 0) {
						goto L11;
					}
					_push("Failed to copy the property value.");
					_push(_t27);
					E011CFB09();
					goto L12;
				}
			}









                                                            0x0119dd5c
                                                            0x0119dd62
                                                            0x0119dd68
                                                            0x0119dd6a
                                                            0x0119dd6c
                                                            0x0119dd74
                                                            0x0119dd87
                                                            0x0119dd89
                                                            0x0119dd8f
                                                            0x0119dd8f
                                                            0x0119dd76
                                                            0x0119dd76
                                                            0x0119dd7c
                                                            0x0119dd7c
                                                            0x0119dd95
                                                            0x0119dd9b
                                                            0x0119ddf0
                                                            0x0119ddf5
                                                            0x0119dd9d
                                                            0x0119dd9d
                                                            0x0119ddb8
                                                            0x0119ddbb
                                                            0x0119ddbc
                                                            0x0119ddc1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119ddc3
                                                            0x0119ddc9
                                                            0x0119dded
                                                            0x0119dded
                                                            0x00000000
                                                            0x0119dded
                                                            0x0119ddd8
                                                            0x0119dddc
                                                            0x00000000
                                                            0x00000000
                                                            0x0119ddde
                                                            0x0119dde3
                                                            0x0119dde4
                                                            0x00000000
                                                            0x0119ddea

                                                            APIs
                                                            • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,IGNOREDEPENDENCIES,00000000,?,?,011B73ED,00000000,IGNOREDEPENDENCIES,00000000,?,011DA518), ref: 0119DDAA
                                                            Strings
                                                            • Failed to copy the property value., xrefs: 0119DDDE
                                                            • IGNOREDEPENDENCIES, xrefs: 0119DD61
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
                                                            • API String ID: 1825529933-1412343224
                                                            • Opcode ID: 7cb027baba3de319984b91f10b5b09becf2ce14e2b951b33350c86ac3c5b876f
                                                            • Instruction ID: 437112a1893f3f143f1ead8fc8c5a5c4554dfdbe943311fed0276d2f6235c32e
                                                            • Opcode Fuzzy Hash: 7cb027baba3de319984b91f10b5b09becf2ce14e2b951b33350c86ac3c5b876f
                                                            • Instruction Fuzzy Hash: 2811C632201215AFDF198F98EC84FADB7E6AF04324F254175EA389B2D1CB70A850C791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BDD1F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 67%
                                                            			E011BDD1F(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				intOrPtr* _t4;
				void* _t6;
				void* _t14;
				void* _t26;
				void* _t27;
				void* _t29;
				void* _t32;

				_t29 = __edi;
				_t28 = __edx;
				_t23 = __ebx;
				asm("repne jnz 0x5");
				asm("repne ret");
				asm("repne jmp 0x3a6");
				L011C3904(2);
				L011C4284(L011BE502());
				_t4 = L011C43B5();
				 *_t4 = L011BE4FB();
				_t6 = L011BE295(__ebx, __edx, 1);
				_pop(_t32);
				_t36 = _t6;
				if(_t6 == 0) {
					L8:
					L011BE574(_t6, _t28, _t29, _t32, 7);
					asm("int3");
					L011BE53F();
					__eflags = 0;
					return 0;
				} else {
					asm("fclex");
					L011BE75C();
					L011BE44E(_t36, 0x11be788);
					_push(L011BE4FE());
					_t6 = L011C3CB7(__edx);
					_pop(_t26);
					if(_t6 != 0) {
						goto L8;
					} else {
						L011BE508(_t6);
						_t14 = L011BE55C();
						_t38 = _t14;
						if(_t14 != 0) {
							_t14 = L011C39A8(L011BE4FB);
							_pop(_t26);
						}
						E011BE538(E011BE538(_t14));
						L011BE517(_t28, _t29, _t32, _t38);
						L011C431E(_t26, _t28, L011BE4FB());
						_pop(_t27);
						if(L011BE514() != 0) {
							L011C3EEC(_t23, _t27);
						}
						L011BE4FB();
						_t6 = L011BE6BF();
						if(_t6 != 0) {
							goto L8;
						} else {
							return _t6;
						}
					}
				}
			}










                                                            0x011bdd1f
                                                            0x011bdd1f
                                                            0x011bdd1f
                                                            0x011bdd25
                                                            0x011bdd28
                                                            0x011bdd2a
                                                            0x011bdd33
                                                            0x011bdd3e
                                                            0x011bdd43
                                                            0x011bdd51
                                                            0x011bdd53
                                                            0x011bdd5b
                                                            0x011bdd5c
                                                            0x011bdd5e
                                                            0x011bddd3
                                                            0x011bddd5
                                                            0x011bddda
                                                            0x011bdddb
                                                            0x011bdde0
                                                            0x011bdde2
                                                            0x011bdd60
                                                            0x011bdd60
                                                            0x011bdd62
                                                            0x011bdd6c
                                                            0x011bdd76
                                                            0x011bdd77
                                                            0x011bdd7d
                                                            0x011bdd80
                                                            0x00000000
                                                            0x011bdd82
                                                            0x011bdd82
                                                            0x011bdd87
                                                            0x011bdd8c
                                                            0x011bdd8e
                                                            0x011bdd95
                                                            0x011bdd9a
                                                            0x011bdd9a
                                                            0x011bdda0
                                                            0x011bdda5
                                                            0x011bddb0
                                                            0x011bddb5
                                                            0x011bddbd
                                                            0x011bddbf
                                                            0x011bddbf
                                                            0x011bddc4
                                                            0x011bddc9
                                                            0x011bddd0
                                                            0x00000000
                                                            0x011bddd2
                                                            0x011bddd2
                                                            0x011bddd2
                                                            0x011bddd0
                                                            0x011bdd80

                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 011BE0DB
                                                            • ___raise_securityfailure.LIBCMT ref: 011BE1C2
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FeaturePresentProcessor___raise_securityfailure
                                                            • String ID: Jv_)
                                                            • API String ID: 3761405300-4194347600
                                                            • Opcode ID: e09cf7596b16b8bf186a9a23a6a771105c8f1886a2b54cc5a6c4e96732d3f4fe
                                                            • Instruction ID: f6f71c86193c46baa4becfcad998f9e17cf3e131b43d2998d536e9622e810e9f
                                                            • Opcode Fuzzy Hash: e09cf7596b16b8bf186a9a23a6a771105c8f1886a2b54cc5a6c4e96732d3f4fe
                                                            • Instruction Fuzzy Hash: 9921C4B85002089EE72DCF59F5A66553BA6BF08314F10583EE92D8B798E3B864C9CF45
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D3183 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 25%
                                                            			E011D3183(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t6;
				void* _t11;
				void* _t13;
				intOrPtr _t14;
				intOrPtr* _t16;
				void* _t17;

				_t16 = _a4;
				if(_t16 != 0) {
					if(_a12 != 0) {
						_t6 = _a8;
						if(_t6 == 0) {
							_t6 = 0x11da534;
						}
						__imp__#2(_t6, _t13);
						_t14 = _t6;
						if(_t14 != 0) {
							_t17 =  *((intOrPtr*)( *_t16 + 0x90))(_t16, _t14, _a12);
							__imp__#6(_t14);
						} else {
							_t17 = 0x8007000e;
							E011938BA(_t6, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x412, 0x8007000e);
						}
					} else {
						_t11 = 0x8000ffff;
						_push(0x8000ffff);
						_push(0x40f);
						goto L2;
					}
				} else {
					_t11 = 0x8000ffff;
					_push(0x8000ffff);
					_push(0x40e);
					L2:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp");
					_t17 = _t11;
					E011938BA(_t11);
				}
				return _t17;
			}









                                                            0x011d3187
                                                            0x011d318c
                                                            0x011d31ab
                                                            0x011d31ba
                                                            0x011d31bf
                                                            0x011d31c1
                                                            0x011d31c1
                                                            0x011d31c8
                                                            0x011d31ce
                                                            0x011d31d2
                                                            0x011d31f8
                                                            0x011d31fb
                                                            0x011d31d4
                                                            0x011d31d4
                                                            0x011d31e4
                                                            0x011d31e4
                                                            0x011d31ad
                                                            0x011d31ad
                                                            0x011d31b2
                                                            0x011d31b3
                                                            0x00000000
                                                            0x011d31b3
                                                            0x011d318e
                                                            0x011d318e
                                                            0x011d3193
                                                            0x011d3194
                                                            0x011d3199
                                                            0x011d3199
                                                            0x011d319e
                                                            0x011d31a0
                                                            0x011d31a0
                                                            0x011d3206

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 011D31C8
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D31FB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocFree
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 344208780-3017383397
                                                            • Opcode ID: 8cdf7e61b04f5888ffb2484f990fbd23ea5c840282326f6be81fc345f83a7241
                                                            • Instruction ID: 56937f5bb37ad310da042eec4e2c2b3a4c5b6a134f90c40f4679302ef7b5eb87
                                                            • Opcode Fuzzy Hash: 8cdf7e61b04f5888ffb2484f990fbd23ea5c840282326f6be81fc345f83a7241
                                                            • Instruction Fuzzy Hash: AC01F2B1655226BBEB294A695C08F6A76BAFF41661F014039FD24EB301C7B4CC0582A2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D3209 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 25%
                                                            			E011D3209(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t6;
				void* _t11;
				void* _t13;
				intOrPtr _t14;
				intOrPtr* _t16;
				void* _t17;

				_t16 = _a4;
				if(_t16 != 0) {
					if(_a12 != 0) {
						_t6 = _a8;
						if(_t6 == 0) {
							_t6 = 0x11da534;
						}
						__imp__#2(_t6, _t13);
						_t14 = _t6;
						if(_t14 != 0) {
							_t17 =  *((intOrPtr*)( *_t16 + 0x94))(_t16, _t14, _a12);
							__imp__#6(_t14);
						} else {
							_t17 = 0x8007000e;
							E011938BA(_t6, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x226, 0x8007000e);
						}
					} else {
						_t11 = 0x8000ffff;
						_push(0x8000ffff);
						_push(0x223);
						goto L2;
					}
				} else {
					_t11 = 0x8000ffff;
					_push(0x8000ffff);
					_push(0x222);
					L2:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp");
					_t17 = _t11;
					E011938BA(_t11);
				}
				return _t17;
			}









                                                            0x011d320d
                                                            0x011d3212
                                                            0x011d3231
                                                            0x011d3240
                                                            0x011d3245
                                                            0x011d3247
                                                            0x011d3247
                                                            0x011d324e
                                                            0x011d3254
                                                            0x011d3258
                                                            0x011d327e
                                                            0x011d3281
                                                            0x011d325a
                                                            0x011d325a
                                                            0x011d326a
                                                            0x011d326a
                                                            0x011d3233
                                                            0x011d3233
                                                            0x011d3238
                                                            0x011d3239
                                                            0x00000000
                                                            0x011d3239
                                                            0x011d3214
                                                            0x011d3214
                                                            0x011d3219
                                                            0x011d321a
                                                            0x011d321f
                                                            0x011d321f
                                                            0x011d3224
                                                            0x011d3226
                                                            0x011d3226
                                                            0x011d328c

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 011D324E
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D3281
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocFree
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 344208780-3017383397
                                                            • Opcode ID: 0d0d4fba536cce207d81ed82d28e34cae716a99b03ddda0f916248b8b7dadec6
                                                            • Instruction ID: e9ccf393c167f6e9aa5c5f0603f2858b77ea699e003aa2d730ada517760da3c3
                                                            • Opcode Fuzzy Hash: 0d0d4fba536cce207d81ed82d28e34cae716a99b03ddda0f916248b8b7dadec6
                                                            • Instruction Fuzzy Hash: 2501DB75A55216B7DB295A9D9C08F7B76A9FF51750F014129FD24EB301C778CC00C692
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011C8397 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 39%
                                                            			E011C8397(void* __ebx, void* __ecx, void* __edi, void* __eflags, intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				void* __esi;
				signed int _t18;
				void* _t31;
				intOrPtr* _t34;
				void* _t35;
				signed int _t36;

				_t32 = __edi;
				_t27 = __ecx;
				_t26 = __ebx;
				_push(__ecx);
				_t18 =  *0x11fa008; // 0x295f764a
				_v8 = _t18 ^ _t36;
				_t34 = E011C80C3(0x16, "LCMapStringEx", 0x11f1a7c, "LCMapStringEx");
				if(_t34 == 0) {
					LCMapStringW(E011C841F(__ebx, _t27, _t31, __edi, __eflags, _a4, 0), _a8, _a12, _a16, _a20, _a24);
				} else {
					 *0x11da3e0(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					 *_t34();
				}
				_pop(_t35);
				return E011BDD1F(_t26, _v8 ^ _t36, _t31, _t32, _t35);
			}










                                                            0x011c8397
                                                            0x011c8397
                                                            0x011c8397
                                                            0x011c839c
                                                            0x011c839d
                                                            0x011c83a4
                                                            0x011c83be
                                                            0x011c83c5
                                                            0x011c8408
                                                            0x011c83c7
                                                            0x011c83e4
                                                            0x011c83ea
                                                            0x011c83ea
                                                            0x011c8413
                                                            0x011c841c

                                                            APIs
                                                            • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,BCE85006,00000001,?,000000FF), ref: 011C8408
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String
                                                            • String ID: Jv_)$LCMapStringEx
                                                            • API String ID: 2568140703-2268619174
                                                            • Opcode ID: f597ea573b567948b52ccbbb5193010ce86a326b0d3efd18e663201624733031
                                                            • Instruction ID: 7753f426efa0e7e8f2d625359f2ac5a04cf11e5564dadf1ff8570933f1d04180
                                                            • Opcode Fuzzy Hash: f597ea573b567948b52ccbbb5193010ce86a326b0d3efd18e663201624733031
                                                            • Instruction Fuzzy Hash: E8011332541209BBCF1A9FA1DC01EEE7FA2FF18760F014118FE1826160CB728971AB80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 01195160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E01195160(signed short* _a4) {
				signed int _t8;
				int _t9;
				signed int _t13;
				short* _t15;
				signed int _t16;
				signed short* _t17;
				int _t19;

				_t8 =  *0x11faa28; // 0x1
				_t15 = L"burn.clean.room";
				_t19 = 1;
				if((_t8 & 0x00000001) != 0) {
					_t9 =  *0x11faa24; // 0xf
				} else {
					 *0x11faa28 = _t8 | 1;
					_t9 = lstrlenW(_t15);
					 *0x11faa24 = _t9;
				}
				_t17 = _a4;
				if(_t17 == 0) {
					L8:
					_t19 = 0;
				} else {
					_t16 =  *_t17 & 0x0000ffff;
					if(_t16 == 0x2d || _t16 == 0x2f) {
						if(CompareStringW(0x7f, _t19,  &(_t17[1]), _t9, _t15, _t9) != 2) {
							goto L8;
						} else {
							_t13 =  *0x11faa24; // 0xf
							if( *((short*)(_t17 + 2 + _t13 * 2)) != 0x3d) {
								goto L8;
							}
						}
					} else {
						goto L8;
					}
				}
				return _t19;
			}










                                                            0x01195163
                                                            0x0119516c
                                                            0x01195171
                                                            0x01195175
                                                            0x0119518c
                                                            0x01195177
                                                            0x0119517a
                                                            0x0119517f
                                                            0x01195185
                                                            0x01195185
                                                            0x01195191
                                                            0x01195196
                                                            0x011951c7
                                                            0x011951c7
                                                            0x01195198
                                                            0x01195198
                                                            0x0119519e
                                                            0x011951b8
                                                            0x00000000
                                                            0x011951ba
                                                            0x011951ba
                                                            0x011951c5
                                                            0x00000000
                                                            0x00000000
                                                            0x011951c5
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0119519e
                                                            0x011951cf

                                                            APIs
                                                            • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,01191104,?,?,00000000), ref: 0119517F
                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,01191104,?,?,00000000), ref: 011951AF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareStringlstrlen
                                                            • String ID: burn.clean.room
                                                            • API String ID: 1433953587-3055529264
                                                            • Opcode ID: 55768edbe7a6e6183d57c52db76416a87fdfa7021e8c97e63dd160887b42963d
                                                            • Instruction ID: 5e695e2889fa506cde30bd670859c9fcca910c8d351ec261e35ee1e0d66fd3f0
                                                            • Opcode Fuzzy Hash: 55768edbe7a6e6183d57c52db76416a87fdfa7021e8c97e63dd160887b42963d
                                                            • Instruction Fuzzy Hash: 0B018BB25112306B9B7D8A5CF984D73BBEDEF0D650710413BF529D3504C365A8D4C790
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D608D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E011D608D(void* __ecx, struct _FILETIME* _a4, intOrPtr _a8) {
				char _v8;
				void* _t10;
				struct _FILETIME* _t21;
				DWORD _t24;
				DWORD _t28;

				_t21 = _a4;
				_v8 = 0;
				if(_t21->dwHighDateTime != 0 ||  *_t21 != 0) {
					_t24 = 0x8007000d;
					E011938BA(_t10, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp", 0x427, 0x8007000d);
				} else {
					_t24 = E011D2D56(_a8,  &_v8);
					_t28 = _t24;
					if(_t28 >= 0) {
						if(_t28 != 0) {
							 *_t21 = 0;
							_t24 = 0;
							_t21->dwHighDateTime = 0;
						} else {
							_t24 = E011D7ED3(_v8, _t21);
						}
					}
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				return _t24;
			}








                                                            0x011d6094
                                                            0x011d6099
                                                            0x011d609f
                                                            0x011d60cf
                                                            0x011d60df
                                                            0x011d60a5
                                                            0x011d60b1
                                                            0x011d60b3
                                                            0x011d60b5
                                                            0x011d60b7
                                                            0x011d60c6
                                                            0x011d60c8
                                                            0x011d60ca
                                                            0x011d60b9
                                                            0x011d60c2
                                                            0x011d60c2
                                                            0x011d60b7
                                                            0x011d60b5
                                                            0x011d60e7
                                                            0x011d60ec
                                                            0x011d60ec
                                                            0x011d60f8

                                                            APIs
                                                            • SysFreeString.OLEAUT32(?), ref: 011D60EC
                                                              • Part of subcall function 011D7ED3: SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 011D7FE0
                                                              • Part of subcall function 011D7ED3: GetLastError.KERNEL32 ref: 011D7FEA
                                                            Strings
                                                            • clbcatq.dll, xrefs: 011D60B9
                                                            • c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp, xrefs: 011D60DA
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Time$ErrorFileFreeLastStringSystem
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp$clbcatq.dll
                                                            • API String ID: 211557998-2486263986
                                                            • Opcode ID: a40772b635dbd8d67caa53349c6a807a27574db5d3732f83ea5572d2316fe30c
                                                            • Instruction ID: f368c393e1e5777a49c5c02e334e89084d4f7ca4e69d3f5e2a8837c1bf0f04fe
                                                            • Opcode Fuzzy Hash: a40772b635dbd8d67caa53349c6a807a27574db5d3732f83ea5572d2316fe30c
                                                            • Instruction Fuzzy Hash: B1018172901227FFCB299F998D4089EFBB8FF14664B11817AE604A7111D7719E04D7A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011BDFDF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 64%
                                                            			E011BDFDF(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				char _v20;
				void* _t9;
				intOrPtr _t10;
				intOrPtr _t14;
				void* _t19;
				void* _t20;
				char* _t21;
				void* _t23;
				void* _t25;
				void* _t28;

				_t23 = __edx;
				_t19 = __ecx;
				_t25 = _t28;
				while(1) {
					_push(_a4);
					_t9 = E011C4465(_t19);
					_pop(_t20);
					if(_t9 != 0) {
						break;
					}
					_t10 = E011C43CF(_t20, _t23, __eflags, _a4);
					_pop(_t19);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags = _a4 - 0xffffffff;
						if(_a4 != 0xffffffff) {
							_push(_t25);
							_t25 = _t28;
							_t28 = _t28 - 0xc;
							E011BE836( &_v20);
							E011C0AD1( &_v20, 0x11f7854);
							asm("int3");
						}
						_push(_t25);
						_t21 =  &_v20;
						E011BE869(_t21);
						E011C0AD1( &_v20, 0x11f78a8);
						asm("int3");
						_t14 =  *((intOrPtr*)(_t21 + 4));
						__eflags = _t14;
						if(_t14 == 0) {
							return "Unknown exception";
						}
						return _t14;
					} else {
						continue;
					}
					L10:
				}
				return _t9;
				goto L10;
			}













                                                            0x011bdfdf
                                                            0x011bdfdf
                                                            0x011bdfe0
                                                            0x011bdff1
                                                            0x011bdff1
                                                            0x011bdff4
                                                            0x011bdff9
                                                            0x011bdffc
                                                            0x00000000
                                                            0x00000000
                                                            0x011bdfe7
                                                            0x011bdfec
                                                            0x011bdfed
                                                            0x011bdfef
                                                            0x011be000
                                                            0x011be004
                                                            0x011be8eb
                                                            0x011be8ec
                                                            0x011be8ee
                                                            0x011be8f4
                                                            0x011be902
                                                            0x011be907
                                                            0x011be907
                                                            0x011be908
                                                            0x011be90e
                                                            0x011be911
                                                            0x011be91f
                                                            0x011be924
                                                            0x011be925
                                                            0x011be928
                                                            0x011be92a
                                                            0x00000000
                                                            0x011be92c
                                                            0x011be931
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x011bdfef
                                                            0x011bdfff
                                                            0x00000000

                                                            APIs
                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 011BE902
                                                              • Part of subcall function 011C0AD1: RaiseException.KERNEL32(?,?,?,011BE924,?,00000000,00000000,?,?,?,?,?,011BE924,?,011F78A8), ref: 011C0B31
                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 011BE91F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                            • String ID: Unknown exception
                                                            • API String ID: 3476068407-410509341
                                                            • Opcode ID: 0d38438b071d0555105082e44176a8d1e638d1fe5ba102189c5a81d65a2ff78e
                                                            • Instruction ID: df9ec35a5924c2a2a5aa32434b45358dffc3da287d832e8fa5ca1421118f4fe4
                                                            • Opcode Fuzzy Hash: 0d38438b071d0555105082e44176a8d1e638d1fe5ba102189c5a81d65a2ff78e
                                                            • Instruction Fuzzy Hash: 3CF0C23490820EB7DF1CBAA9ECD49DD7B6C9E20A14B90466CFA14A24E1EB70D51AC6C1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D2A57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E011D2A57(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t12;
				intOrPtr* _t15;
				void* _t16;

				if(_a12 == 0) {
					L6:
					return 0x80070057;
				}
				_t15 = _a4;
				if(_t15 == 0) {
					goto L6;
				}
				__imp__#2(_a8, _t12);
				if(__eax != 0) {
					_t16 =  *((intOrPtr*)( *_t15 + 0xbc))(_t15, __eax, _a12);
					__imp__#6(__eax);
				} else {
					_t16 = 0x8007000e;
					E011938BA(__eax, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x66, 0x8007000e);
				}
				return _t16;
			}






                                                            0x011d2a5f
                                                            0x011d2aa7
                                                            0x00000000
                                                            0x011d2aa7
                                                            0x011d2a61
                                                            0x011d2a66
                                                            0x00000000
                                                            0x00000000
                                                            0x011d2a6c
                                                            0x011d2a76
                                                            0x011d2a99
                                                            0x011d2a9c
                                                            0x011d2a78
                                                            0x011d2a78
                                                            0x011d2a85
                                                            0x011d2a85
                                                            0x00000000

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 011D2A6C
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D2A9C
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp, xrefs: 011D2A80
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocFree
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 344208780-3017383397
                                                            • Opcode ID: 3c15cd19c321e360053ec24f78b82b3a3938acaa79e1147fb66598aa70ba7ebd
                                                            • Instruction ID: abedb36ff272587cd3a748d12d9cf2d623ace024694a87816923533ae4adf668
                                                            • Opcode Fuzzy Hash: 3c15cd19c321e360053ec24f78b82b3a3938acaa79e1147fb66598aa70ba7ebd
                                                            • Instruction Fuzzy Hash: C1F0E931242155EBD7394E089C08F6F7B66EF80761F154029FD246B700C7B488108BE6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D2CFC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E011D2CFC(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t12;
				intOrPtr* _t15;
				void* _t16;

				_t15 = _a4;
				if(_t15 == 0 || _a12 == 0) {
					return 0x80070057;
				} else {
					__imp__#2(_a8, _t12);
					if(__eax != 0) {
						_t16 =  *((intOrPtr*)( *_t15 + 0x1c))(_t15, __eax, _a12);
						__imp__#6(__eax);
					} else {
						_t16 = 0x8007000e;
						E011938BA(__eax, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x340, 0x8007000e);
					}
					return _t16;
				}
			}






                                                            0x011d2d00
                                                            0x011d2d05
                                                            0x00000000
                                                            0x011d2d0d
                                                            0x011d2d11
                                                            0x011d2d1b
                                                            0x011d2d3e
                                                            0x011d2d41
                                                            0x011d2d1d
                                                            0x011d2d1d
                                                            0x011d2d2d
                                                            0x011d2d2d
                                                            0x00000000
                                                            0x011d2d49

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 011D2D11
                                                            • SysFreeString.OLEAUT32(00000000), ref: 011D2D41
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp, xrefs: 011D2D28
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocFree
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 344208780-3017383397
                                                            • Opcode ID: c0a08b1d24e23e0e5ce2174b9cb11c1a75161a4001224768e0c0af7b731af2df
                                                            • Instruction ID: 88ff57af774bc4312a4d35c83bb26403d915a8353d4386ca9e93a213469e3085
                                                            • Opcode Fuzzy Hash: c0a08b1d24e23e0e5ce2174b9cb11c1a75161a4001224768e0c0af7b731af2df
                                                            • Instruction Fuzzy Hash: 2BF0BE31242565ABDB2A5E089808EAE7B69AF81660F114029FD28AB210C7B4D8428AA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 011D06C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E011D06C0() {
				_Unknown_base(*)()* _t3;
				void* _t4;

				_t4 = E011938BD(L"AdvApi32.dll", 0x11fb630);
				if(_t4 >= 0) {
					_t3 = GetProcAddress( *0x11fb630, "RegDeleteKeyExW");
					 *0x11fb62c = _t3;
					if( *0x11fb628 == 0) {
						 *0x11fb628 = _t3;
					}
					 *0x11fb634 = 1;
				}
				return _t4;
			}





                                                            0x011d06d0
                                                            0x011d06d4
                                                            0x011d06e1
                                                            0x011d06ee
                                                            0x011d06f3
                                                            0x011d06f5
                                                            0x011d06f5
                                                            0x011d06fa
                                                            0x011d06fa
                                                            0x011d0707

                                                            APIs
                                                            • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 011D06E1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.750339610.0000000001191000.00000020.00000001.01000000.00000003.sdmp, Offset: 01190000, based on PE: true
                                                            • Associated: 00000005.00000002.750321633.0000000001190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750467361.00000000011DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750534112.00000000011FA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000005.00000002.750574757.00000000011FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1190000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressProc
                                                            • String ID: AdvApi32.dll$RegDeleteKeyExW
                                                            • API String ID: 190572456-850864035
                                                            • Opcode ID: 387d6a04a07ae259a6ad9cc71e25a1e44f50b75fb93d2389776b88844b954d49
                                                            • Instruction ID: 77e913ac364fed6e407a0b6513e3206ae6ce5951cf8ce4b1cac0fd40092a06c9
                                                            • Opcode Fuzzy Hash: 387d6a04a07ae259a6ad9cc71e25a1e44f50b75fb93d2389776b88844b954d49
                                                            • Instruction Fuzzy Hash: E7E0EC7165B2219BEB6D9F65FC447553EA1BB04B74F05023CE6219A208D77148C98B9C
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Executed Functions

                                                            Function 008FF79E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131threadtimeCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E008FF79E(void* __edi, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				signed int _v28;
				signed int _v32;
				long _v36;
				long _v40;
				void* __ebx;
				void* __esi;
				signed int _t33;
				void* _t39;
				intOrPtr* _t42;
				void* _t43;
				signed int _t48;
				signed int _t49;
				char* _t50;
				void* _t58;
				signed int _t59;
				char* _t60;
				intOrPtr _t63;
				signed int _t67;
				intOrPtr _t69;
				signed int _t70;
				void* _t73;

				_t64 = __edi;
				_t33 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t33 ^ _t70;
				_t59 = _a12;
				_t68 = 0;
				_v32 = _v32 & 0;
				_v28 = _v28 & 0;
				_t73 =  *0x92b5c8 - _t68; // 0x0
				if(_t73 != 0) {
					L27:
					return E008EDD1F(_t59, _v8 ^ _t70, _t63, _t64, _t68);
				}
				EnterCriticalSection(0x92b5d4);
				if(_a16 == 0) {
					L16:
					_t37 = _v32;
					if(_v32 == 0) {
						_t37 = _t59;
					}
					_t39 = E008C252E(_t63,  &_v28, _t37, 0, 0xfde9);
					_t68 = _t39;
					if(_t39 >= 0) {
						_t42 =  *0x92b5fc; // 0x0
						if(_t42 == 0) {
							_t43 = E0090002E(_t60, _v28); // executed
						} else {
							_t43 =  *_t42(_v28,  *0x92b600);
						}
						_t68 = _t43;
					}
					L23:
					LeaveCriticalSection(0x92b5d4);
					if(_v32 != 0) {
						E008C2762(_v32);
					}
					if(_v28 != 0) {
						E008C2762(_v28);
					}
					goto L27;
				}
				_push(__edi);
				_v40 = GetCurrentProcessId();
				_v36 = GetCurrentThreadId();
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				GetLocalTime( &_v24);
				_t48 = _a8;
				_t49 = _t48 & 0xf0000000;
				_t67 = _t48 & 0x0fffffff;
				if(_t49 == 0xe0000000 || _a4 == 5) {
					_t50 = "e";
				} else {
					if(_t49 == 0xa0000000 || _a4 == 1) {
						_t50 = "w";
					} else {
						_t50 = "i";
					}
				}
				_t60 =  *0x92b5f4; // 0x0
				if(_t60 == 0) {
					_t60 = L"\r\n";
				}
				_t69 =  *0x92b5f8; // 0x0
				if(_t69 == 0) {
					_t69 = 0x90a534;
				}
				_t63 =  *0x92b5f0; // 0x0
				if(_t63 == 0) {
					_t63 = 0x90a534;
				}
				_push(_t60);
				_push(_t59);
				_push(_t69);
				_push(_t67);
				_push(_t50);
				_push(_v24.wSecond & 0x0000ffff);
				_push(_v24.wMinute & 0x0000ffff);
				_push(_v24.wHour & 0x0000ffff);
				_push(_v24.wDay & 0x0000ffff);
				_push(_v24.wMonth & 0x0000ffff);
				_push(_v24.wYear & 0x0000ffff);
				_push(_v36);
				_push(_v40);
				_t58 = E008C2022( &_v32, L"%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls", _t63);
				_t68 = _t58;
				_pop(_t64);
				if(_t58 < 0) {
					goto L23;
				} else {
					goto L16;
				}
			}


























                                                            0x008ff79e
                                                            0x008ff7a4
                                                            0x008ff7ab
                                                            0x008ff7af
                                                            0x008ff7b3
                                                            0x008ff7b5
                                                            0x008ff7b8
                                                            0x008ff7bb
                                                            0x008ff7c1
                                                            0x008ff914
                                                            0x008ff923
                                                            0x008ff923
                                                            0x008ff7cc
                                                            0x008ff7d5
                                                            0x008ff8ad
                                                            0x008ff8ad
                                                            0x008ff8b2
                                                            0x008ff8b4
                                                            0x008ff8b4
                                                            0x008ff8c2
                                                            0x008ff8c7
                                                            0x008ff8cb
                                                            0x008ff8cd
                                                            0x008ff8d4
                                                            0x008ff8e6
                                                            0x008ff8d6
                                                            0x008ff8df
                                                            0x008ff8df
                                                            0x008ff8eb
                                                            0x008ff8eb
                                                            0x008ff8ed
                                                            0x008ff8f2
                                                            0x008ff8fc
                                                            0x008ff901
                                                            0x008ff901
                                                            0x008ff90a
                                                            0x008ff90f
                                                            0x008ff90f
                                                            0x00000000
                                                            0x008ff90a
                                                            0x008ff7db
                                                            0x008ff7e2
                                                            0x008ff7eb
                                                            0x008ff7f3
                                                            0x008ff7f4
                                                            0x008ff7f5
                                                            0x008ff7f6
                                                            0x008ff7fb
                                                            0x008ff801
                                                            0x008ff806
                                                            0x008ff80b
                                                            0x008ff816
                                                            0x008ff839
                                                            0x008ff81e
                                                            0x008ff823
                                                            0x008ff832
                                                            0x008ff82b
                                                            0x008ff82b
                                                            0x008ff82b
                                                            0x008ff823
                                                            0x008ff83e
                                                            0x008ff846
                                                            0x008ff848
                                                            0x008ff848
                                                            0x008ff84d
                                                            0x008ff855
                                                            0x008ff857
                                                            0x008ff857
                                                            0x008ff85c
                                                            0x008ff864
                                                            0x008ff866
                                                            0x008ff866
                                                            0x008ff86b
                                                            0x008ff86c
                                                            0x008ff86d
                                                            0x008ff86e
                                                            0x008ff86f
                                                            0x008ff874
                                                            0x008ff879
                                                            0x008ff87e
                                                            0x008ff883
                                                            0x008ff888
                                                            0x008ff88d
                                                            0x008ff88e
                                                            0x008ff894
                                                            0x008ff89e
                                                            0x008ff8a6
                                                            0x008ff8a8
                                                            0x008ff8ab
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(0092B5D4,00000000,?), ref: 008FF7CC
                                                            • GetCurrentProcessId.KERNEL32(00000000), ref: 008FF7DC
                                                            • GetCurrentThreadId.KERNEL32 ref: 008FF7E5
                                                            • GetLocalTime.KERNEL32(?), ref: 008FF7FB
                                                            • LeaveCriticalSection.KERNEL32(0092B5D4,?,?,00000000,0000FDE9), ref: 008FF8F2
                                                            Strings
                                                            • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 008FF898
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                            • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls
                                                            • API String ID: 296830338-59366893
                                                            • Opcode ID: 0400d0bcdae3805de93d814dd457e9c3c8afe260c762a934d82fac2a1cf0a556
                                                            • Instruction ID: b895c85bd712c52353b79bb3941b3fb099e428b0eb2eeceebcdce082bb38d64b
                                                            • Opcode Fuzzy Hash: 0400d0bcdae3805de93d814dd457e9c3c8afe260c762a934d82fac2a1cf0a556
                                                            • Instruction Fuzzy Hash: D5416B32E1421DABDB219FA9D844ABEB7B8FF08755F140035FB01E62A1D6389D41DBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D9F8F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 21%
                                                            			E008D9F8F(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _t12;
				void* _t13;
				void* _t27;

				_v8 = 0;
				_t12 = E008D819F(__edx, _a4,  &_v8); // executed
				if(_t12 >= 0) {
					_t13 = E008C415F(_v8, 0); // executed
					_t27 = _t13;
					if(_t27 >= 0) {
						__imp__DecryptFileW(_v8, 0); // executed
						if(_a8 != 0) {
							_t27 = E008C229E(_a8, _v8, 0);
							if(_t27 < 0) {
								_push("Failed to copy working folder.");
								goto L7;
							}
						}
					} else {
						_push("Failed create working folder.");
						goto L7;
					}
				} else {
					_push("Failed to calculate working folder to ensure it exists.");
					L7:
					_push(_t27);
					E008FFB09();
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				return _t27;
			}







                                                            0x008d9f9e
                                                            0x008d9fa1
                                                            0x008d9faa
                                                            0x008d9fb7
                                                            0x008d9fbc
                                                            0x008d9fc0
                                                            0x008d9fcd
                                                            0x008d9fd6
                                                            0x008d9fe4
                                                            0x008d9fe8
                                                            0x008d9fea
                                                            0x00000000
                                                            0x008d9fea
                                                            0x008d9fe8
                                                            0x008d9fc2
                                                            0x008d9fc2
                                                            0x00000000
                                                            0x008d9fc2
                                                            0x008d9fac
                                                            0x008d9fac
                                                            0x008d9fef
                                                            0x008d9fef
                                                            0x008d9ff0
                                                            0x008d9ff6
                                                            0x008d9ffa
                                                            0x008d9fff
                                                            0x008d9fff
                                                            0x008da009

                                                            Strings
                                                            • Failed to calculate working folder to ensure it exists., xrefs: 008D9FAC
                                                            • Failed create working folder., xrefs: 008D9FC2
                                                            • Failed to copy working folder., xrefs: 008D9FEA
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectoryErrorLastProcessWindows
                                                            • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                            • API String ID: 3841436932-2072961686
                                                            • Opcode ID: cda35c4cb9671e74c7e8f040c6f026f330f63d9c6a91c39fef194dae0b391adf
                                                            • Instruction ID: ca0bf7392c4a52f587f6cdf18c7a517b3a6b18c339f81fc4c0a3e140c4f4bc3e
                                                            • Opcode Fuzzy Hash: cda35c4cb9671e74c7e8f040c6f026f330f63d9c6a91c39fef194dae0b391adf
                                                            • Instruction Fuzzy Hash: 6C018432A04529FB8B226B59DD05C9EBB7AFF91B207224256F840F6314DE31CE40A691
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CDEDC Relevance: 124.9, APIs: 11, Strings: 60, Instructions: 648COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E008CDEDC(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				short** _v40;
				intOrPtr* _t206;
				intOrPtr* _t211;
				intOrPtr _t221;
				signed int _t222;
				int _t233;
				signed int _t254;
				int _t260;
				signed int _t266;
				intOrPtr _t269;
				intOrPtr _t272;
				intOrPtr _t273;
				intOrPtr _t277;
				signed int _t289;
				intOrPtr _t299;
				signed int _t300;
				intOrPtr* _t315;
				short** _t317;
				intOrPtr* _t319;
				intOrPtr* _t321;
				intOrPtr* _t322;
				signed int _t325;
				signed int _t326;
				intOrPtr* _t327;
				intOrPtr _t329;
				signed int _t334;
				signed int _t341;
				void* _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				short** _t357;
				void* _t359;

				_v20 = _v20 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v28 = _v28 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_t350 = E00903183(_a12, L"RollbackBoundary",  &_v20);
				if(_t350 >= 0) {
					_t206 = _v20;
					_t318 =  *_t206;
					_t350 =  *((intOrPtr*)( *_t206 + 0x20))(_t206,  &_v24);
					if(_t350 >= 0) {
						_t208 = _v24;
						_push(__ebx);
						_t315 = _a4;
						if(_v24 == 0) {
							L17:
							_t319 = _v20;
							if(_t319 != 0) {
								 *((intOrPtr*)( *_t319 + 8))(_t319);
								_v20 = _v20 & 0x00000000;
							}
							if(E00903183(_a12, L"Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage",  &_v20) >= 0) {
								_t211 = _v20;
								_push( &_v24);
								_push(_t211);
								if( *((intOrPtr*)( *_t211 + 0x20))() >= 0) {
									_t213 = _v24;
									if(_v24 == 0) {
										L123:
										_t350 = 0;
										goto L124;
									}
									_t221 = E008C39DF(_t213 * 0xe0, 1);
									 *((intOrPtr*)(_t315 + 8)) = _t221;
									if(_t221 != 0) {
										_t222 = _v24;
										_v32 = _v32 & 0x00000000;
										 *((intOrPtr*)(_t315 + 0xc)) = _t222;
										if(_t222 == 0) {
											L106:
											_t350 = E008CD93A(_t315, _a12);
											if(_t350 >= 0) {
												goto L123;
											}
											_push("Failed to parse target product codes.");
											goto L108;
										}
										_t325 = 0;
										_v36 = 0;
										while(1) {
											_t345 =  *((intOrPtr*)(_t315 + 8)) + _t325;
											_t350 = E009030E2(_t325, _v20,  &_v8,  &_v12);
											if(_t350 < 0) {
												break;
											}
											_t350 = E00902B5D(_v8, L"Id", _t345);
											if(_t350 < 0) {
												L121:
												_push("Failed to get @Id.");
												goto L108;
											}
											_t350 = E00902B5D(_v8, L"Cache",  &_v16);
											if(_t350 < 0) {
												_push("Failed to get @Cache.");
												goto L108;
											}
											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
												if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
													_t233 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"always", 0xffffffff);
													_t325 = 2;
													if(_t233 != _t325) {
														_push(_v16);
														_t350 = 0x8000ffff;
														_push("Invalid cache type: %ls");
														L119:
														_push(_t350);
														E008FFB09();
														goto L124;
													}
													 *(_t345 + 0x20) = _t325;
													L37:
													_t350 = E00902B5D(_v8, L"CacheId", _t345 + 0x24);
													if(_t350 < 0) {
														_push("Failed to get @CacheId.");
														goto L108;
													}
													_t350 = E00902C2F(_v8, L"Size", _t345 + 0x30);
													if(_t350 < 0) {
														_push("Failed to get @Size.");
														goto L108;
													}
													_t350 = E00902C2F(_v8, L"InstallSize", _t345 + 0x28);
													if(_t350 < 0) {
														_push("Failed to get @InstallSize.");
														goto L108;
													}
													_t350 = E00902D69(_t325, _v8, L"PerMachine", _t345 + 0x14);
													if(_t350 < 0) {
														_push("Failed to get @PerMachine.");
														goto L108;
													}
													_t350 = E00902D69(_t325, _v8, L"Permanent", _t345 + 0x18);
													if(_t350 < 0) {
														_push("Failed to get @Permanent.");
														goto L108;
													}
													 *(_t345 + 0x18) = 0 |  *(_t345 + 0x18) == 0x00000000;
													_t350 = E00902D69(_t325, _v8, L"Vital", _t345 + 0x1c);
													if(_t350 < 0) {
														L112:
														_push("Failed to get @Vital.");
														goto L108;
													}
													_t350 = E00902B5D(_v8, L"LogPathVariable", _t345 + 4);
													if(_t350 == 0x80070490 || _t350 >= 0) {
														_t350 = E00902B5D(_v8, L"RollbackLogPathVariable", _t345 + 8);
														if(_t350 == 0x80070490 || _t350 >= 0) {
															_t254 = E00902B5D(_v8, L"InstallCondition", _t345 + 0xc); // executed
															_t350 = _t254;
															if(_t350 == 0x80070490 || _t350 >= 0) {
																_t350 = E00902B5D(_v8, L"RollbackBoundaryForward",  &_v16);
																if(_t350 == 0x80070490) {
																	L52:
																	_t350 = E00902B5D(_v8, L"RollbackBoundaryBackward",  &_v16);
																	if(_t350 == 0x80070490) {
																		L55:
																		if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"ExePackage", 0xffffffff) != 2) {
																			_t260 = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsiPackage", 0xffffffff);
																			_t326 = 2;
																			if(_t260 != _t326) {
																				if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MspPackage", 0xffffffff) != 2) {
																					if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsuPackage", 0xffffffff) != 2) {
																						L66:
																						_t350 = E008CDAA8(_t315, _t345, _a8, _v8);
																						if(_t350 < 0) {
																							_push("Failed to parse payload references.");
																							goto L108;
																						}
																						_t350 = E008E7C6C(_t345, _v8);
																						if(_t350 < 0) {
																							_push("Failed to parse dependency providers.");
																							goto L108;
																						}
																						_t327 = _v8;
																						if(_t327 != 0) {
																							 *((intOrPtr*)( *_t327 + 8))(_t327);
																							_v8 = _v8 & 0x00000000;
																						}
																						if(_v12 != 0) {
																							__imp__#6(_v12);
																							_v12 = _v12 & 0x00000000;
																						}
																						_t266 = _v32 + 1;
																						_t325 = _v36 + 0xe0;
																						_v32 = _t266;
																						_v36 = _t325;
																						if(_t266 < _v24) {
																							continue;
																						} else {
																							_t355 = _v28;
																							if(_v28 == 0) {
																								goto L106;
																							}
																							_t269 = E008C39DF(_t355 << 4, 1);
																							 *((intOrPtr*)(_t315 + 0x20)) = _t269;
																							if(_t269 != 0) {
																								_t272 = E008C39DF(_t355 << 2, 1);
																								 *((intOrPtr*)(_t315 + 0x24)) = _t272;
																								if(_t272 != 0) {
																									_t273 =  *((intOrPtr*)(_t315 + 0xc));
																									_t329 = 0;
																									_a8 = 0;
																									if(_t273 == 0) {
																										goto L106;
																									}
																									_t346 = 0;
																									_v28 = 0;
																									do {
																										_t357 =  *((intOrPtr*)(_t315 + 8)) + _t346;
																										_v40 = _t357;
																										if( *((intOrPtr*)(_t357 + 0x8c)) != 3) {
																											goto L105;
																										}
																										 *((intOrPtr*)( *((intOrPtr*)(_t315 + 0x20)) + ( *(_t315 + 0x28) +  *(_t315 + 0x28)) * 8)) =  *((intOrPtr*)(_t357 + 0x94));
																										_t341 = 0;
																										_v36 = 0;
																										 *((intOrPtr*)( *((intOrPtr*)(_t315 + 0x20)) + 4 + ( *(_t315 + 0x28) +  *(_t315 + 0x28)) * 8)) = 2;
																										 *((intOrPtr*)( *((intOrPtr*)(_t315 + 0x24)) +  *(_t315 + 0x28) * 4)) = _t357;
																										 *(_t315 + 0x28) =  *(_t315 + 0x28) + 1;
																										_t273 =  *((intOrPtr*)(_t315 + 0xc));
																										if(_t273 == 0) {
																											L104:
																											_t329 = _a8;
																											goto L105;
																										}
																										_t334 = 0;
																										_v32 = 0;
																										do {
																											_t359 =  *((intOrPtr*)(_t315 + 8)) + _t334;
																											if( *((intOrPtr*)(_t359 + 0x8c)) != 2) {
																												goto L102;
																											}
																											_t347 = 0;
																											if( *((intOrPtr*)(_t359 + 0xd4)) <= 0) {
																												goto L102;
																											}
																											_t317 = _v40;
																											do {
																												_t277 =  *((intOrPtr*)(_t359 + 0xd0));
																												if( *(_t277 + _t347 * 4) != 0 && CompareStringW(0x7f, 0,  *_t317, 0xffffffff,  *(_t277 + _t347 * 4), 0xffffffff) == 2) {
																													 *( *((intOrPtr*)(_t359 + 0xcc)) + _t347 * 4) = _t317;
																													_t280 =  *((intOrPtr*)(_t359 + 0xd0));
																													if( *( *((intOrPtr*)(_t359 + 0xd0)) + _t347 * 4) != 0) {
																														E008C2762( *((intOrPtr*)(_t280 + _t347 * 4)));
																														 *( *((intOrPtr*)(_t359 + 0xd0)) + _t347 * 4) =  *( *((intOrPtr*)(_t359 + 0xd0)) + _t347 * 4) & 0x00000000;
																													}
																												}
																												_t347 = _t347 + 1;
																											} while (_t347 <  *((intOrPtr*)(_t359 + 0xd4)));
																											_t315 = _a4;
																											_t334 = _v32;
																											_t341 = _v36;
																											L102:
																											_t273 =  *((intOrPtr*)(_t315 + 0xc));
																											_t341 = _t341 + 1;
																											_t334 = _t334 + 0xe0;
																											_v36 = _t341;
																											_v32 = _t334;
																										} while (_t341 < _t273);
																										_t346 = _v28;
																										goto L104;
																										L105:
																										_t329 = _t329 + 1;
																										_t346 = _t346 + 0xe0;
																										_a8 = _t329;
																										_v28 = _t346;
																									} while (_t329 < _t273);
																									goto L106;
																								}
																								_t348 = 0x8007000e;
																								_t350 = 0x8007000e;
																								E008C38BA(_t272, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\package.cpp", 0x100, 0x8007000e);
																								_push("Failed to allocate memory for patch sequence information to package lookup.");
																								L87:
																								_push(_t348);
																								goto L109;
																							}
																							_t348 = 0x8007000e;
																							_t350 = 0x8007000e;
																							E008C38BA(_t269, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\package.cpp", 0xfd, 0x8007000e);
																							_push("Failed to allocate memory for MSP patch sequence information.");
																							goto L87;
																						}
																					}
																					 *(_t345 + 0x8c) = 4;
																					_t350 = E008E6EEC(_v8, _t345);
																					if(_t350 < 0) {
																						_push("Failed to parse MSU package.");
																						goto L108;
																					}
																					goto L66;
																				}
																				 *(_t345 + 0x8c) = 3;
																				_t350 = E008E63E9(_t315, _v8, _t345);
																				if(_t350 < 0) {
																					_push("Failed to parse MSP package.");
																					goto L108;
																				}
																				_v28 = _v28 + 1;
																				goto L66;
																			}
																			 *(_t345 + 0x8c) = _t326;
																			_t289 = E008E4844(_v8, _t345); // executed
																			_t350 = _t289;
																			if(_t350 >= 0) {
																				goto L66;
																			}
																			_push("Failed to parse MSI package.");
																			goto L108;
																		}
																		 *(_t345 + 0x8c) = 1;
																		_t350 = E008E2596(_t325, _v8, _t345);
																		if(_t350 >= 0) {
																			goto L66;
																		}
																		_push("Failed to parse EXE package.");
																		goto L108;
																	}
																	if(_t350 < 0) {
																		_push("Failed to get @RollbackBoundaryBackward.");
																		goto L108;
																	}
																	_t350 = E008CD8EB(_t315, _v16, _t345 + 0x3c);
																	if(_t350 < 0) {
																		_push(_v16);
																		_push("Failed to find backward transaction boundary: %ls");
																		goto L119;
																	}
																	goto L55;
																}
																if(_t350 < 0) {
																	_push("Failed to get @RollbackBoundaryForward.");
																	goto L108;
																}
																_t350 = E008CD8EB(_t315, _v16, _t345 + 0x38);
																if(_t350 < 0) {
																	_push(_v16);
																	_push("Failed to find forward transaction boundary: %ls");
																	goto L119;
																}
																goto L52;
															} else {
																_push("Failed to get @InstallCondition.");
																goto L108;
															}
														} else {
															_push("Failed to get @RollbackLogPathVariable.");
															goto L108;
														}
													} else {
														_push("Failed to get @LogPathVariable.");
														goto L108;
													}
												}
												 *(_t345 + 0x20) = 1;
												goto L37;
											}
											 *(_t345 + 0x20) =  *(_t345 + 0x20) & 0x00000000;
											goto L37;
										}
										L122:
										_push("Failed to get next node.");
										goto L108;
									}
									_t348 = 0x8007000e;
									_t350 = 0x8007000e;
									E008C38BA(_t221, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\package.cpp", 0x5f, 0x8007000e);
									_push("Failed to allocate memory for package structs.");
									goto L87;
								}
								_push("Failed to get package node count.");
								goto L108;
							} else {
								_push("Failed to select package nodes.");
								L108:
								_push(_t350);
								L109:
								E008FFB09();
								L124:
								L125:
								_t321 = _v20;
								if(_t321 != 0) {
									 *((intOrPtr*)( *_t321 + 8))(_t321);
								}
								_t322 = _v8;
								if(_t322 != 0) {
									 *((intOrPtr*)( *_t322 + 8))(_t322);
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
								}
								if(_v16 != 0) {
									E008C2762(_v16);
								}
								return _t350;
							}
						}
						_t299 = E008C39DF(_t208 << 3, 1);
						 *_t315 = _t299;
						if(_t299 != 0) {
							_t300 = _v24;
							_t349 = 0;
							 *((intOrPtr*)(_t315 + 4)) = _t300;
							if(_t300 == 0) {
								goto L17;
							} else {
								goto L9;
							}
							while(1) {
								L9:
								_v32 =  *_t315 + _t349 * 8;
								_t350 = E009030E2(_t318, _v20,  &_v8,  &_v12);
								if(_t350 < 0) {
									goto L122;
								}
								_t350 = E00902B5D(_v8, L"Id", _v32);
								if(_t350 < 0) {
									goto L121;
								}
								_t350 = E00902D69(_t318, _v8, L"Vital", _v32 + 4);
								if(_t350 < 0) {
									goto L112;
								}
								_t318 = _v8;
								if(_t318 != 0) {
									 *((intOrPtr*)( *_t318 + 8))(_t318);
									_v8 = _v8 & 0x00000000;
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
									_v12 = _v12 & 0x00000000;
								}
								_t349 = _t349 + 1;
								if(_t349 < _v24) {
									continue;
								} else {
									goto L17;
								}
							}
							goto L122;
						}
						_t348 = 0x8007000e;
						_t350 = 0x8007000e;
						E008C38BA(_t299, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\package.cpp", 0x34, 0x8007000e);
						_push("Failed to allocate memory for rollback boundary structs.");
						goto L87;
					}
					_push("Failed to get rollback bundary node count.");
					L2:
					_push(_t350);
					E008FFB09();
					goto L125;
				}
				_push("Failed to select rollback boundary nodes.");
				goto L2;
			}














































                                                            0x008cdee2
                                                            0x008cdee9
                                                            0x008cdeed
                                                            0x008cdef1
                                                            0x008cdef5
                                                            0x008cdef9
                                                            0x008cdf0c
                                                            0x008cdf10
                                                            0x008cdf24
                                                            0x008cdf2c
                                                            0x008cdf31
                                                            0x008cdf35
                                                            0x008cdf3e
                                                            0x008cdf41
                                                            0x008cdf42
                                                            0x008cdf48
                                                            0x008ce015
                                                            0x008ce015
                                                            0x008ce01a
                                                            0x008ce01f
                                                            0x008ce022
                                                            0x008ce022
                                                            0x008ce03b
                                                            0x008ce047
                                                            0x008ce04d
                                                            0x008ce04e
                                                            0x008ce058
                                                            0x008ce064
                                                            0x008ce069
                                                            0x008ce6be
                                                            0x008ce6be
                                                            0x00000000
                                                            0x008ce6be
                                                            0x008ce078
                                                            0x008ce07d
                                                            0x008ce082
                                                            0x008ce0a2
                                                            0x008ce0a5
                                                            0x008ce0a9
                                                            0x008ce0ae
                                                            0x008ce63b
                                                            0x008ce644
                                                            0x008ce648
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce64a
                                                            0x00000000
                                                            0x008ce64a
                                                            0x008ce0b4
                                                            0x008ce0b6
                                                            0x008ce0b9
                                                            0x008ce0c3
                                                            0x008ce0ce
                                                            0x008ce0d2
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce0e6
                                                            0x008ce0ea
                                                            0x008ce6b0
                                                            0x008ce6b0
                                                            0x00000000
                                                            0x008ce6b0
                                                            0x008ce101
                                                            0x008ce105
                                                            0x008ce6a9
                                                            0x00000000
                                                            0x008ce6a9
                                                            0x008ce126
                                                            0x008ce143
                                                            0x008ce15e
                                                            0x008ce162
                                                            0x008ce165
                                                            0x008ce691
                                                            0x008ce694
                                                            0x008ce699
                                                            0x008ce69e
                                                            0x008ce69e
                                                            0x008ce69f
                                                            0x00000000
                                                            0x008ce6a4
                                                            0x008ce16b
                                                            0x008ce16e
                                                            0x008ce17f
                                                            0x008ce183
                                                            0x008ce68a
                                                            0x00000000
                                                            0x008ce68a
                                                            0x008ce19a
                                                            0x008ce19e
                                                            0x008ce683
                                                            0x00000000
                                                            0x008ce683
                                                            0x008ce1b5
                                                            0x008ce1b9
                                                            0x008ce67c
                                                            0x00000000
                                                            0x008ce67c
                                                            0x008ce1d0
                                                            0x008ce1d4
                                                            0x008ce675
                                                            0x00000000
                                                            0x008ce675
                                                            0x008ce1eb
                                                            0x008ce1ef
                                                            0x008ce66e
                                                            0x00000000
                                                            0x008ce66e
                                                            0x008ce1fd
                                                            0x008ce211
                                                            0x008ce215
                                                            0x008ce667
                                                            0x008ce667
                                                            0x00000000
                                                            0x008ce667
                                                            0x008ce22c
                                                            0x008ce234
                                                            0x008ce24f
                                                            0x008ce257
                                                            0x008ce26d
                                                            0x008ce272
                                                            0x008ce27a
                                                            0x008ce295
                                                            0x008ce29d
                                                            0x008ce2be
                                                            0x008ce2cf
                                                            0x008ce2d7
                                                            0x008ce2f8
                                                            0x008ce313
                                                            0x008ce34c
                                                            0x008ce350
                                                            0x008ce353
                                                            0x008ce389
                                                            0x008ce3c2
                                                            0x008ce3e1
                                                            0x008ce3ed
                                                            0x008ce3f1
                                                            0x008ce660
                                                            0x00000000
                                                            0x008ce660
                                                            0x008ce400
                                                            0x008ce404
                                                            0x008ce659
                                                            0x00000000
                                                            0x008ce659
                                                            0x008ce40a
                                                            0x008ce40f
                                                            0x008ce414
                                                            0x008ce417
                                                            0x008ce417
                                                            0x008ce41f
                                                            0x008ce424
                                                            0x008ce42a
                                                            0x008ce42a
                                                            0x008ce434
                                                            0x008ce435
                                                            0x008ce43b
                                                            0x008ce43e
                                                            0x008ce444
                                                            0x00000000
                                                            0x008ce44a
                                                            0x008ce44a
                                                            0x008ce44f
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce45d
                                                            0x008ce462
                                                            0x008ce467
                                                            0x008ce4f6
                                                            0x008ce4fb
                                                            0x008ce500
                                                            0x008ce524
                                                            0x008ce527
                                                            0x008ce529
                                                            0x008ce52e
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce534
                                                            0x008ce536
                                                            0x008ce539
                                                            0x008ce53c
                                                            0x008ce53e
                                                            0x008ce548
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce55c
                                                            0x008ce55f
                                                            0x008ce569
                                                            0x008ce56c
                                                            0x008ce57a
                                                            0x008ce57d
                                                            0x008ce580
                                                            0x008ce585
                                                            0x008ce623
                                                            0x008ce623
                                                            0x00000000
                                                            0x008ce623
                                                            0x008ce58b
                                                            0x008ce58d
                                                            0x008ce590
                                                            0x008ce593
                                                            0x008ce59c
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce59e
                                                            0x008ce5a6
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce5a8
                                                            0x008ce5ab
                                                            0x008ce5ab
                                                            0x008ce5b5
                                                            0x008ce5d5
                                                            0x008ce5d8
                                                            0x008ce5e2
                                                            0x008ce5e7
                                                            0x008ce5f2
                                                            0x008ce5f2
                                                            0x008ce5e2
                                                            0x008ce5f6
                                                            0x008ce5f7
                                                            0x008ce5ff
                                                            0x008ce602
                                                            0x008ce605
                                                            0x008ce608
                                                            0x008ce608
                                                            0x008ce60b
                                                            0x008ce60c
                                                            0x008ce612
                                                            0x008ce615
                                                            0x008ce618
                                                            0x008ce620
                                                            0x00000000
                                                            0x008ce626
                                                            0x008ce626
                                                            0x008ce627
                                                            0x008ce62d
                                                            0x008ce630
                                                            0x008ce633
                                                            0x00000000
                                                            0x008ce539
                                                            0x008ce502
                                                            0x008ce512
                                                            0x008ce514
                                                            0x008ce519
                                                            0x008ce51e
                                                            0x008ce51e
                                                            0x00000000
                                                            0x008ce51e
                                                            0x008ce46d
                                                            0x008ce47d
                                                            0x008ce47f
                                                            0x008ce484
                                                            0x00000000
                                                            0x008ce484
                                                            0x008ce444
                                                            0x008ce3c5
                                                            0x008ce3d7
                                                            0x008ce3db
                                                            0x008ce4e4
                                                            0x00000000
                                                            0x008ce4e4
                                                            0x00000000
                                                            0x008ce3db
                                                            0x008ce38c
                                                            0x008ce39e
                                                            0x008ce3a2
                                                            0x008ce4da
                                                            0x00000000
                                                            0x008ce4da
                                                            0x008ce3a8
                                                            0x00000000
                                                            0x008ce3a8
                                                            0x008ce356
                                                            0x008ce35f
                                                            0x008ce364
                                                            0x008ce368
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce36a
                                                            0x00000000
                                                            0x008ce36a
                                                            0x008ce316
                                                            0x008ce328
                                                            0x008ce32c
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce332
                                                            0x00000000
                                                            0x008ce332
                                                            0x008ce2db
                                                            0x008ce4d0
                                                            0x00000000
                                                            0x008ce4d0
                                                            0x008ce2ee
                                                            0x008ce2f2
                                                            0x008ce4c3
                                                            0x008ce4c6
                                                            0x00000000
                                                            0x008ce4c6
                                                            0x00000000
                                                            0x008ce2f2
                                                            0x008ce2a1
                                                            0x008ce4b9
                                                            0x00000000
                                                            0x008ce4b9
                                                            0x008ce2b4
                                                            0x008ce2b8
                                                            0x008ce4ac
                                                            0x008ce4af
                                                            0x00000000
                                                            0x008ce4af
                                                            0x00000000
                                                            0x008ce4a2
                                                            0x008ce4a2
                                                            0x00000000
                                                            0x008ce4a2
                                                            0x008ce498
                                                            0x008ce498
                                                            0x00000000
                                                            0x008ce498
                                                            0x008ce48e
                                                            0x008ce48e
                                                            0x00000000
                                                            0x008ce48e
                                                            0x008ce234
                                                            0x008ce145
                                                            0x00000000
                                                            0x008ce145
                                                            0x008ce128
                                                            0x00000000
                                                            0x008ce128
                                                            0x008ce6b7
                                                            0x008ce6b7
                                                            0x00000000
                                                            0x008ce6b7
                                                            0x008ce084
                                                            0x008ce091
                                                            0x008ce093
                                                            0x008ce098
                                                            0x00000000
                                                            0x008ce098
                                                            0x008ce05a
                                                            0x00000000
                                                            0x008ce03d
                                                            0x008ce03d
                                                            0x008ce64f
                                                            0x008ce64f
                                                            0x008ce650
                                                            0x008ce650
                                                            0x008ce6c0
                                                            0x008ce6c2
                                                            0x008ce6c2
                                                            0x008ce6c7
                                                            0x008ce6cc
                                                            0x008ce6cc
                                                            0x008ce6cf
                                                            0x008ce6d4
                                                            0x008ce6d9
                                                            0x008ce6d9
                                                            0x008ce6e0
                                                            0x008ce6e5
                                                            0x008ce6e5
                                                            0x008ce6ef
                                                            0x008ce6f4
                                                            0x008ce6f4
                                                            0x008ce6fd
                                                            0x008ce6fd
                                                            0x008ce03b
                                                            0x008cdf54
                                                            0x008cdf59
                                                            0x008cdf5d
                                                            0x008cdf7d
                                                            0x008cdf80
                                                            0x008cdf82
                                                            0x008cdf87
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008cdf8d
                                                            0x008cdf8d
                                                            0x008cdf92
                                                            0x008cdfa5
                                                            0x008cdfa9
                                                            0x00000000
                                                            0x00000000
                                                            0x008cdfbf
                                                            0x008cdfc3
                                                            0x00000000
                                                            0x00000000
                                                            0x008cdfdd
                                                            0x008cdfe1
                                                            0x00000000
                                                            0x00000000
                                                            0x008cdfe7
                                                            0x008cdfec
                                                            0x008cdff1
                                                            0x008cdff4
                                                            0x008cdff4
                                                            0x008cdffc
                                                            0x008ce001
                                                            0x008ce007
                                                            0x008ce007
                                                            0x008ce00b
                                                            0x008ce00f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008ce00f
                                                            0x00000000
                                                            0x008cdf8d
                                                            0x008cdf5f
                                                            0x008cdf6c
                                                            0x008cdf6e
                                                            0x008cdf73
                                                            0x00000000
                                                            0x008cdf73
                                                            0x008cdf37
                                                            0x008cdf17
                                                            0x008cdf17
                                                            0x008cdf18
                                                            0x00000000
                                                            0x008cdf1e
                                                            0x008cdf12
                                                            0x00000000

                                                            APIs
                                                            • SysFreeString.OLEAUT32(00000000), ref: 008CE001
                                                            • SysFreeString.OLEAUT32(00000000), ref: 008CE6E5
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            Strings
                                                            • Failed to select package nodes., xrefs: 008CE03D
                                                            • Failed to get @Vital., xrefs: 008CE667
                                                            • Failed to get @CacheId., xrefs: 008CE68A
                                                            • Failed to find forward transaction boundary: %ls, xrefs: 008CE4AF
                                                            • Cache, xrefs: 008CE0F4
                                                            • cabinet.dll, xrefs: 008CE1A7
                                                            • Failed to parse MSP package., xrefs: 008CE4DA
                                                            • yes, xrefs: 008CE130
                                                            • RollbackLogPathVariable, xrefs: 008CE242
                                                            • Failed to parse target product codes., xrefs: 008CE64A
                                                            • Failed to get @Permanent., xrefs: 008CE66E
                                                            • msi.dll, xrefs: 008CE171
                                                            • Size, xrefs: 008CE18D
                                                            • RollbackBoundaryForward, xrefs: 008CE288
                                                            • Failed to get @Size., xrefs: 008CE683
                                                            • Vital, xrefs: 008CDFD0, 008CE204
                                                            • Failed to get @Id., xrefs: 008CE6B0
                                                            • Failed to get rollback bundary node count., xrefs: 008CDF37
                                                            • MspPackage, xrefs: 008CE376
                                                            • Failed to find backward transaction boundary: %ls, xrefs: 008CE4C6
                                                            • Failed to parse payload references., xrefs: 008CE660
                                                            • c:\agent\_work\66\s\src\burn\engine\package.cpp, xrefs: 008CDF67, 008CE08C, 008CE478, 008CE50D
                                                            • Failed to get @RollbackBoundaryBackward., xrefs: 008CE4D0
                                                            • Failed to get @LogPathVariable., xrefs: 008CE48E
                                                            • RollbackBoundary, xrefs: 008CDEFF
                                                            • Failed to allocate memory for rollback boundary structs., xrefs: 008CDF73
                                                            • Failed to get next node., xrefs: 008CE6B7
                                                            • Failed to get package node count., xrefs: 008CE05A
                                                            • LogPathVariable, xrefs: 008CE21F
                                                            • Failed to get @PerMachine., xrefs: 008CE675
                                                            • Failed to get @RollbackBoundaryForward., xrefs: 008CE4B9
                                                            • crypt32.dll, xrefs: 008CE264
                                                            • Failed to get @InstallSize., xrefs: 008CE67C
                                                            • Failed to allocate memory for patch sequence information to package lookup., xrefs: 008CE519
                                                            • InstallCondition, xrefs: 008CE265
                                                            • Failed to get @InstallCondition., xrefs: 008CE4A2
                                                            • Failed to parse EXE package., xrefs: 008CE332
                                                            • Permanent, xrefs: 008CE1DE
                                                            • MsiPackage, xrefs: 008CE33E
                                                            • Invalid cache type: %ls, xrefs: 008CE699
                                                            • Failed to allocate memory for MSP patch sequence information., xrefs: 008CE484
                                                            • Failed to get @Cache., xrefs: 008CE6A9
                                                            • InstallSize, xrefs: 008CE1A8
                                                            • Failed to parse MSU package., xrefs: 008CE4E4
                                                            • always, xrefs: 008CE150
                                                            • RollbackBoundaryBackward, xrefs: 008CE2C2
                                                            • Failed to get @RollbackLogPathVariable., xrefs: 008CE498
                                                            • Failed to allocate memory for package structs., xrefs: 008CE098
                                                            • clbcatq.dll, xrefs: 008CE1C2
                                                            • comres.dll, xrefs: 008CE1DD
                                                            • Failed to parse MSI package., xrefs: 008CE36A
                                                            • PerMachine, xrefs: 008CE1C3
                                                            • ExePackage, xrefs: 008CE300
                                                            • Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage, xrefs: 008CE02A
                                                            • Failed to select rollback boundary nodes., xrefs: 008CDF12
                                                            • wininet.dll, xrefs: 008CE203
                                                            • feclient.dll, xrefs: 008CE241
                                                            • MsuPackage, xrefs: 008CE3AF
                                                            • Failed to parse dependency providers., xrefs: 008CE659
                                                            • CacheId, xrefs: 008CE172
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeHeapString$AllocateProcess
                                                            • String ID: Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$Invalid cache type: %ls$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$always$c:\agent\_work\66\s\src\burn\engine\package.cpp$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msi.dll$wininet.dll$yes
                                                            • API String ID: 336948655-1842247414
                                                            • Opcode ID: 0955e8f3c439f4fa889a1cc5b19ed37f09dcd611492770bb9dbff403abc7d60e
                                                            • Instruction ID: b15208a956a62cabb91e625b5fa209566d8befa3ab11e10aa97a7419e4169935
                                                            • Opcode Fuzzy Hash: 0955e8f3c439f4fa889a1cc5b19ed37f09dcd611492770bb9dbff403abc7d60e
                                                            • Instruction Fuzzy Hash: 92329F3191062AAFCB219B54CC42FAEB6B5FF54B24F154269B811FB6D1D770EE00DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CF981 Relevance: 114.2, APIs: 3, Strings: 62, Instructions: 445COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 220 8cf981-8cf9b2 call 903209 223 8cf9b4 220->223 224 8cf9b6-8cf9b8 220->224 223->224 225 8cf9cc-8cf9e5 call 902b5d 224->225 226 8cf9ba-8cf9c7 call 8ffb09 224->226 232 8cf9e7-8cf9ec 225->232 233 8cf9f1-8cfa06 call 902b5d 225->233 231 8cfeb4-8cfeb9 226->231 234 8cfebb-8cfebd 231->234 235 8cfec1-8cfec6 231->235 236 8cfeab-8cfeb2 call 8ffb09 232->236 245 8cfa08-8cfa0d 233->245 246 8cfa12-8cfa1f call 8ce9fc 233->246 234->235 239 8cfece-8cfed3 235->239 240 8cfec8-8cfeca 235->240 248 8cfeb3 236->248 243 8cfedb-8cfedf 239->243 244 8cfed5-8cfed7 239->244 240->239 249 8cfee9-8cfeee 243->249 250 8cfee1-8cfee4 call 8c2762 243->250 244->243 245->236 253 8cfa2b-8cfa40 call 902b5d 246->253 254 8cfa21-8cfa26 246->254 248->231 250->249 257 8cfa4c-8cfa5e call 9044b2 253->257 258 8cfa42-8cfa47 253->258 254->236 261 8cfa6d-8cfa82 call 902b5d 257->261 262 8cfa60-8cfa68 257->262 258->236 268 8cfa8e-8cfaa3 call 902b5d 261->268 269 8cfa84-8cfa89 261->269 263 8cfd37-8cfd40 call 8ffb09 262->263 263->248 272 8cfaaf-8cfac1 call 902d69 268->272 273 8cfaa5-8cfaaa 268->273 269->236 276 8cfacd-8cfae3 call 903209 272->276 277 8cfac3-8cfac8 272->277 273->236 280 8cfae9-8cfaeb 276->280 281 8cfd92-8cfdac call 8cec76 276->281 277->236 282 8cfaed-8cfaf2 280->282 283 8cfaf7-8cfb0c call 902d69 280->283 288 8cfdae-8cfdb3 281->288 289 8cfdb8-8cfdd0 call 903209 281->289 282->236 291 8cfb0e-8cfb13 283->291 292 8cfb18-8cfb2d call 902b5d 283->292 288->236 296 8cfe9a-8cfe9b call 8cf0a6 289->296 297 8cfdd6-8cfdd8 289->297 291->236 298 8cfb3d-8cfb52 call 902b5d 292->298 299 8cfb2f-8cfb31 292->299 306 8cfea0-8cfea4 296->306 300 8cfdda-8cfddf 297->300 301 8cfde4-8cfe02 call 902b5d 297->301 310 8cfb54-8cfb56 298->310 311 8cfb62-8cfb77 call 902b5d 298->311 299->298 303 8cfb33-8cfb38 299->303 300->236 312 8cfe0e-8cfe26 call 902b5d 301->312 313 8cfe04-8cfe09 301->313 303->236 306->248 309 8cfea6 306->309 309->236 310->311 314 8cfb58-8cfb5d 310->314 321 8cfb79-8cfb7b 311->321 322 8cfb87-8cfb9c call 902b5d 311->322 319 8cfe28-8cfe2a 312->319 320 8cfe33-8cfe4b call 902b5d 312->320 313->236 314->236 319->320 324 8cfe2c-8cfe31 319->324 329 8cfe4d-8cfe4f 320->329 330 8cfe58-8cfe70 call 902b5d 320->330 321->322 325 8cfb7d-8cfb82 321->325 331 8cfbac-8cfbc1 call 902b5d 322->331 332 8cfb9e-8cfba0 322->332 324->236 325->236 329->330 333 8cfe51-8cfe56 329->333 339 8cfe79-8cfe91 call 902b5d 330->339 340 8cfe72-8cfe77 330->340 341 8cfbd1-8cfbdd call 902b5d 331->341 342 8cfbc3-8cfbc5 331->342 332->331 334 8cfba2-8cfba7 332->334 333->236 334->236 339->296 348 8cfe93-8cfe98 339->348 340->236 347 8cfbe2-8cfbe6 341->347 342->341 344 8cfbc7-8cfbcc 342->344 344->236 349 8cfbe8-8cfbea 347->349 350 8cfbf6-8cfc0b call 902b5d 347->350 348->236 349->350 351 8cfbec-8cfbf1 349->351 354 8cfc0d-8cfc0f 350->354 355 8cfc1b-8cfc30 call 902b5d 350->355 351->236 354->355 356 8cfc11-8cfc16 354->356 359 8cfc40-8cfc58 call 902b5d 355->359 360 8cfc32-8cfc34 355->360 356->236 364 8cfc68-8cfc80 call 902b5d 359->364 365 8cfc5a-8cfc5c 359->365 360->359 361 8cfc36-8cfc3b 360->361 361->236 369 8cfc90-8cfca5 call 902b5d 364->369 370 8cfc82-8cfc84 364->370 365->364 366 8cfc5e-8cfc63 365->366 366->236 374 8cfcab-8cfcc8 CompareStringW 369->374 375 8cfd45-8cfd47 369->375 370->369 371 8cfc86-8cfc8b 370->371 371->236 378 8cfcca-8cfcd0 374->378 379 8cfcd2-8cfce7 CompareStringW 374->379 376 8cfd49-8cfd50 375->376 377 8cfd52-8cfd54 375->377 376->377 380 8cfd56-8cfd5b 377->380 381 8cfd60-8cfd78 call 902d69 377->381 382 8cfd13-8cfd18 378->382 383 8cfce9-8cfcf3 379->383 384 8cfcf5-8cfd0a CompareStringW 379->384 380->236 381->281 390 8cfd7a-8cfd7c 381->390 382->377 383->382 386 8cfd0c 384->386 387 8cfd1a-8cfd32 call 8c38ba 384->387 386->382 387->263 392 8cfd7e-8cfd83 390->392 393 8cfd88 390->393 392->236 393->281
                                                            C-Code - Quality: 67%
                                                            			E008CF981(void* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				short* _v16;
				void* _v20;
				void* _t112;
				void* _t145;
				int _t158;
				void* _t164;
				signed int _t166;
				intOrPtr* _t167;
				intOrPtr* _t168;
				intOrPtr* _t169;
				void* _t174;
				intOrPtr _t175;
				void* _t177;
				void* _t186;
				void* _t188;

				_t174 = __edi;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				_t177 = E00903209(_a8, L"Registration",  &_v12);
				_t164 = 0x80070490;
				if(_t177 == 1) {
					_t177 = 0x80070490;
				}
				if(_t177 >= 0) {
					_push(_t174);
					_t175 = _a4;
					_t8 = _t175 + 0x10; // 0x8c5492
					if(E00902B5D(_v12, L"Id", _t8) >= 0) {
						_t10 = _t175 + 0x14; // 0x8c5496
						if(E00902B5D(_v12, L"Tag", _t10) >= 0) {
							if(E008CE9FC(_t175, _t175, _a8) >= 0) {
								if(E00902B5D(_v12, L"Version",  &_v16) >= 0) {
									_t15 = _t175 + 0x38; // 0x8c54ba
									if(E009044B2(_v16, 0, _t15) >= 0) {
										_t18 = _t175 + 0x44; // 0x8c54c6
										if(E00902B5D(_v12, L"ProviderKey", _t18) >= 0) {
											_t20 = _t175 + 0x48; // 0x8c54ca
											if(E00902B5D(_v12, L"ExecutableName", _t20) >= 0) {
												if(E00902D69(_t166, _v12, L"PerMachine", _t175) >= 0) {
													_t186 = E00903209(_v12, L"Arp",  &_v8);
													if(_t186 == 1) {
														L73:
														_t62 = _t175 + 0x98; // 0x8c551a
														_t63 = _t175 + 0x94; // 0x8c5516
														if(E008CEC76(_v12, _t63, _t62) >= 0) {
															_t188 = E00903209(_v12, L"Update",  &_v20);
															if(_t188 == 1) {
																L90:
																_t112 = E008CF0A6(_t166, _t175); // executed
																_t188 = _t112;
																if(_t188 >= 0) {
																	L93:
																	goto L94;
																}
																_push("Failed to set registration paths.");
																L92:
																_push(_t188);
																E008FFB09();
																goto L93;
															}
															if(_t188 >= 0) {
																 *((intOrPtr*)(_t175 + 0x9c)) = 1;
																_t68 = _t175 + 0xa0; // 0x8c5522
																_t188 = E00902B5D(_v20, L"Manufacturer", _t68);
																if(_t188 >= 0) {
																	_t70 = _t175 + 0xa4; // 0x8c5526
																	_t188 = E00902B5D(_v20, L"Department", _t70);
																	if(_t188 == _t164 || _t188 >= 0) {
																		_t72 = _t175 + 0xa8; // 0x8c552a
																		_t188 = E00902B5D(_v20, L"ProductFamily", _t72);
																		if(_t188 == _t164 || _t188 >= 0) {
																			_t74 = _t175 + 0xac; // 0x8c552e
																			_t188 = E00902B5D(_v20, L"Name", _t74);
																			if(_t188 >= 0) {
																				_t76 = _t175 + 0xb0; // 0x8c5532
																				_t188 = E00902B5D(_v20, L"Classification", _t76);
																				if(_t188 >= 0) {
																					goto L90;
																				}
																				_push("Failed to get @Classification.");
																				goto L92;
																			}
																			_push("Failed to get @Name.");
																		} else {
																			_push("Failed to get @ProductFamily.");
																		}
																	} else {
																		_push("Failed to get @Department.");
																	}
																	goto L92;
																}
																_push("Failed to get @Manufacturer.");
																goto L92;
															}
															_push("Failed to select Update node.");
															goto L92;
														}
														_push("Failed to parse software tag.");
														goto L92;
													}
													if(_t186 >= 0) {
														_t25 = _t175 + 4; // 0x8c5486
														_t188 = E00902D69(_t166, _v8, L"Register", _t25);
														if(_t188 >= 0) {
															_t27 = _t175 + 0x60; // 0x8c54e2
															_t188 = E00902B5D(_v8, L"DisplayName", _t27);
															if(_t188 == _t164 || _t188 >= 0) {
																_t29 = _t175 + 0x64; // 0x8c54e6
																_t188 = E00902B5D(_v8, L"DisplayVersion", _t29);
																if(_t188 == _t164 || _t188 >= 0) {
																	_t31 = _t175 + 0x68; // 0x8c54ea
																	_t188 = E00902B5D(_v8, L"Publisher", _t31);
																	if(_t188 == _t164 || _t188 >= 0) {
																		_t33 = _t175 + 0x6c; // 0x8c54ee
																		_t188 = E00902B5D(_v8, L"HelpLink", _t33);
																		if(_t188 == _t164 || _t188 >= 0) {
																			_t35 = _t175 + 0x70; // 0x8c54f2
																			_t188 = E00902B5D(_v8, L"HelpTelephone", _t35);
																			if(_t188 == _t164 || _t188 >= 0) {
																				_t37 = _t175 + 0x74; // 0x8c54f6
																				_t145 = E00902B5D(_v8, L"AboutUrl", _t37); // executed
																				_t188 = _t145;
																				if(_t188 == _t164 || _t188 >= 0) {
																					_t39 = _t175 + 0x78; // 0x8c54fa
																					_t188 = E00902B5D(_v8, L"UpdateUrl", _t39);
																					if(_t188 == _t164 || _t188 >= 0) {
																						_t41 = _t175 + 0x7c; // 0x8c54fe
																						_t188 = E00902B5D(_v8, L"ParentDisplayName", _t41);
																						if(_t188 == _t164 || _t188 >= 0) {
																							_t43 = _t175 + 0x80; // 0x8c5502
																							_t188 = E00902B5D(_v8, L"Comments", _t43);
																							if(_t188 == _t164 || _t188 >= 0) {
																								_t45 = _t175 + 0x84; // 0x8c5506
																								_t188 = E00902B5D(_v8, L"Contact", _t45);
																								if(_t188 == _t164 || _t188 >= 0) {
																									_t188 = E00902B5D(_v8, L"DisableModify",  &_v16);
																									if(_t188 < 0) {
																										if(_t188 == _t164) {
																											 *(_t175 + 0x88) =  *(_t175 + 0x88) & 0x00000000;
																											_t188 = 0;
																										}
																										L67:
																										if(_t188 >= 0) {
																											_t59 = _t175 + 0x90; // 0x8c5512
																											_t188 = E00902D69(_t166, _v8, L"DisableRemove", _t59);
																											if(_t188 == _t164) {
																												goto L73;
																											}
																											if(_t188 >= 0) {
																												 *(_t175 + 0x8c) = 1;
																												goto L73;
																											}
																											_push("Failed to get @DisableRemove.");
																											goto L92;
																										}
																										_push("Failed to get @DisableModify.");
																										goto L92;
																									}
																									_t158 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"button", 0xffffffff);
																									_t166 = 2;
																									if(_t158 != _t166) {
																										if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
																											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
																												_t188 = 0x8000ffff;
																												E008C38BA(_t160, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\registration.cpp", 0xfc, 0x8000ffff);
																												_push(_v16);
																												_push("Invalid modify disabled type: %ls");
																												L64:
																												_push(_t188);
																												E008FFB09();
																												goto L93;
																											}
																											 *(_t175 + 0x88) =  *(_t175 + 0x88) & 0x00000000;
																											L62:
																											_t164 = 0x80070490;
																											goto L67;
																										}
																										 *(_t175 + 0x88) = 1;
																										goto L62;
																									}
																									 *(_t175 + 0x88) = _t166;
																									goto L62;
																								} else {
																									_push("Failed to get @Contact.");
																									goto L92;
																								}
																							} else {
																								_push("Failed to get @Comments.");
																								goto L92;
																							}
																						} else {
																							_push("Failed to get @ParentDisplayName.");
																							goto L92;
																						}
																					} else {
																						_push("Failed to get @UpdateUrl.");
																						goto L92;
																					}
																				} else {
																					_push("Failed to get @AboutUrl.");
																					goto L92;
																				}
																			} else {
																				_push("Failed to get @HelpTelephone.");
																				goto L92;
																			}
																		} else {
																			_push("Failed to get @HelpLink.");
																			goto L92;
																		}
																	} else {
																		_push("Failed to get @Publisher.");
																		goto L92;
																	}
																} else {
																	_push("Failed to get @DisplayVersion.");
																	goto L92;
																}
															} else {
																_push("Failed to get @DisplayName.");
																goto L92;
															}
														}
														_push("Failed to get @Register.");
														goto L92;
													}
													_push("Failed to select ARP node.");
													goto L92;
												}
												_push("Failed to get @PerMachine.");
												goto L92;
											}
											_push("Failed to get @ExecutableName.");
											goto L92;
										}
										_push("Failed to get @ProviderKey.");
										goto L92;
									}
									_push(_v16);
									_push("Failed to parse @Version: %ls");
									goto L64;
								}
								_push("Failed to get @Version.");
								goto L92;
							}
							_push("Failed to parse related bundles");
							goto L92;
						}
						_push("Failed to get @Tag.");
						goto L92;
					}
					_push("Failed to get @Id.");
					goto L92;
				} else {
					_push("Failed to select registration node.");
					_push(_t177);
					E008FFB09();
					L94:
					_t167 = _v12;
					if(_t167 != 0) {
						 *((intOrPtr*)( *_t167 + 8))(_t167);
					}
					_t168 = _v8;
					if(_t168 != 0) {
						 *((intOrPtr*)( *_t168 + 8))(_t168);
					}
					_t169 = _v20;
					if(_t169 != 0) {
						 *((intOrPtr*)( *_t169 + 8))(_t169);
					}
					if(_v16 != 0) {
						E008C2762(_v16);
					}
					return _t188;
				}
			}




















                                                            0x008cf981
                                                            0x008cf98b
                                                            0x008cf98e
                                                            0x008cf991
                                                            0x008cf994
                                                            0x008cf9a8
                                                            0x008cf9aa
                                                            0x008cf9b2
                                                            0x008cf9b4
                                                            0x008cf9b4
                                                            0x008cf9b8
                                                            0x008cf9cc
                                                            0x008cf9cd
                                                            0x008cf9d0
                                                            0x008cf9e5
                                                            0x008cf9f1
                                                            0x008cfa06
                                                            0x008cfa1f
                                                            0x008cfa40
                                                            0x008cfa4c
                                                            0x008cfa5e
                                                            0x008cfa6d
                                                            0x008cfa82
                                                            0x008cfa8e
                                                            0x008cfaa3
                                                            0x008cfac1
                                                            0x008cfade
                                                            0x008cfae3
                                                            0x008cfd92
                                                            0x008cfd92
                                                            0x008cfd99
                                                            0x008cfdac
                                                            0x008cfdc9
                                                            0x008cfdd0
                                                            0x008cfe9a
                                                            0x008cfe9b
                                                            0x008cfea0
                                                            0x008cfea4
                                                            0x008cfeb3
                                                            0x00000000
                                                            0x008cfeb3
                                                            0x008cfea6
                                                            0x008cfeab
                                                            0x008cfeab
                                                            0x008cfeac
                                                            0x00000000
                                                            0x008cfeb2
                                                            0x008cfdd8
                                                            0x008cfde4
                                                            0x008cfdea
                                                            0x008cfdfe
                                                            0x008cfe02
                                                            0x008cfe0e
                                                            0x008cfe22
                                                            0x008cfe26
                                                            0x008cfe33
                                                            0x008cfe47
                                                            0x008cfe4b
                                                            0x008cfe58
                                                            0x008cfe6c
                                                            0x008cfe70
                                                            0x008cfe79
                                                            0x008cfe8d
                                                            0x008cfe91
                                                            0x00000000
                                                            0x00000000
                                                            0x008cfe93
                                                            0x00000000
                                                            0x008cfe93
                                                            0x008cfe72
                                                            0x008cfe51
                                                            0x008cfe51
                                                            0x008cfe51
                                                            0x008cfe2c
                                                            0x008cfe2c
                                                            0x008cfe2c
                                                            0x00000000
                                                            0x008cfe26
                                                            0x008cfe04
                                                            0x00000000
                                                            0x008cfe04
                                                            0x008cfdda
                                                            0x00000000
                                                            0x008cfdda
                                                            0x008cfdae
                                                            0x00000000
                                                            0x008cfdae
                                                            0x008cfaeb
                                                            0x008cfaf7
                                                            0x008cfb08
                                                            0x008cfb0c
                                                            0x008cfb18
                                                            0x008cfb29
                                                            0x008cfb2d
                                                            0x008cfb3d
                                                            0x008cfb4e
                                                            0x008cfb52
                                                            0x008cfb62
                                                            0x008cfb73
                                                            0x008cfb77
                                                            0x008cfb87
                                                            0x008cfb98
                                                            0x008cfb9c
                                                            0x008cfbac
                                                            0x008cfbbd
                                                            0x008cfbc1
                                                            0x008cfbd1
                                                            0x008cfbdd
                                                            0x008cfbe2
                                                            0x008cfbe6
                                                            0x008cfbf6
                                                            0x008cfc07
                                                            0x008cfc0b
                                                            0x008cfc1b
                                                            0x008cfc2c
                                                            0x008cfc30
                                                            0x008cfc40
                                                            0x008cfc54
                                                            0x008cfc58
                                                            0x008cfc68
                                                            0x008cfc7c
                                                            0x008cfc80
                                                            0x008cfca1
                                                            0x008cfca5
                                                            0x008cfd47
                                                            0x008cfd49
                                                            0x008cfd50
                                                            0x008cfd50
                                                            0x008cfd52
                                                            0x008cfd54
                                                            0x008cfd60
                                                            0x008cfd74
                                                            0x008cfd78
                                                            0x00000000
                                                            0x00000000
                                                            0x008cfd7c
                                                            0x008cfd88
                                                            0x00000000
                                                            0x008cfd88
                                                            0x008cfd7e
                                                            0x00000000
                                                            0x008cfd7e
                                                            0x008cfd56
                                                            0x00000000
                                                            0x008cfd56
                                                            0x008cfcc1
                                                            0x008cfcc5
                                                            0x008cfcc8
                                                            0x008cfce7
                                                            0x008cfd0a
                                                            0x008cfd1a
                                                            0x008cfd2a
                                                            0x008cfd2f
                                                            0x008cfd32
                                                            0x008cfd37
                                                            0x008cfd37
                                                            0x008cfd38
                                                            0x00000000
                                                            0x008cfd3d
                                                            0x008cfd0c
                                                            0x008cfd13
                                                            0x008cfd13
                                                            0x00000000
                                                            0x008cfd13
                                                            0x008cfce9
                                                            0x00000000
                                                            0x008cfce9
                                                            0x008cfcca
                                                            0x00000000
                                                            0x008cfc86
                                                            0x008cfc86
                                                            0x00000000
                                                            0x008cfc86
                                                            0x008cfc5e
                                                            0x008cfc5e
                                                            0x00000000
                                                            0x008cfc5e
                                                            0x008cfc36
                                                            0x008cfc36
                                                            0x00000000
                                                            0x008cfc36
                                                            0x008cfc11
                                                            0x008cfc11
                                                            0x00000000
                                                            0x008cfc11
                                                            0x008cfbec
                                                            0x008cfbec
                                                            0x00000000
                                                            0x008cfbec
                                                            0x008cfbc7
                                                            0x008cfbc7
                                                            0x00000000
                                                            0x008cfbc7
                                                            0x008cfba2
                                                            0x008cfba2
                                                            0x00000000
                                                            0x008cfba2
                                                            0x008cfb7d
                                                            0x008cfb7d
                                                            0x00000000
                                                            0x008cfb7d
                                                            0x008cfb58
                                                            0x008cfb58
                                                            0x00000000
                                                            0x008cfb58
                                                            0x008cfb33
                                                            0x008cfb33
                                                            0x00000000
                                                            0x008cfb33
                                                            0x008cfb2d
                                                            0x008cfb0e
                                                            0x00000000
                                                            0x008cfb0e
                                                            0x008cfaed
                                                            0x00000000
                                                            0x008cfaed
                                                            0x008cfac3
                                                            0x00000000
                                                            0x008cfac3
                                                            0x008cfaa5
                                                            0x00000000
                                                            0x008cfaa5
                                                            0x008cfa84
                                                            0x00000000
                                                            0x008cfa84
                                                            0x008cfa60
                                                            0x008cfa63
                                                            0x00000000
                                                            0x008cfa63
                                                            0x008cfa42
                                                            0x00000000
                                                            0x008cfa42
                                                            0x008cfa21
                                                            0x00000000
                                                            0x008cfa21
                                                            0x008cfa08
                                                            0x00000000
                                                            0x008cfa08
                                                            0x008cf9e7
                                                            0x00000000
                                                            0x008cf9ba
                                                            0x008cf9ba
                                                            0x008cf9bf
                                                            0x008cf9c0
                                                            0x008cfeb4
                                                            0x008cfeb4
                                                            0x008cfeb9
                                                            0x008cfebe
                                                            0x008cfebe
                                                            0x008cfec1
                                                            0x008cfec6
                                                            0x008cfecb
                                                            0x008cfecb
                                                            0x008cfece
                                                            0x008cfed3
                                                            0x008cfed8
                                                            0x008cfed8
                                                            0x008cfedf
                                                            0x008cfee4
                                                            0x008cfee4
                                                            0x008cfeee
                                                            0x008cfeee

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: StringVariant$AllocClearFreeInit
                                                            • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$c:\agent\_work\66\s\src\burn\engine\registration.cpp$yes$@
                                                            • API String ID: 760788290-3384854740
                                                            • Opcode ID: 43b1cefbf7a25f0548914d136cfb0329c5d459bc9191da394450fa4028581179
                                                            • Instruction ID: adce8e94ea205d3013e68988ff19c9cd9e33190f698ba6513f8365c1ad5e691d
                                                            • Opcode Fuzzy Hash: 43b1cefbf7a25f0548914d136cfb0329c5d459bc9191da394450fa4028581179
                                                            • Instruction Fuzzy Hash: 4EE18632B4063EBBEB216A60CC41FA97A75FB84B14F114239BA25FB1E3D771DD815680
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CB45A Relevance: 93.3, APIs: 24, Strings: 29, Instructions: 577fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 394 8cb45a-8cb4cf call 8ef600 * 2 399 8cb507-8cb50d 394->399 400 8cb4d1-8cb4db 394->400 401 8cb50f 399->401 402 8cb511-8cb523 SetFilePointerEx 399->402 408 8cb4dd-8cb4e6 400->408 409 8cb4e8 400->409 401->402 403 8cb525-8cb52f 402->403 404 8cb557-8cb571 ReadFile 402->404 417 8cb53c 403->417 418 8cb531-8cb53a 403->418 406 8cb5a8-8cb5af 404->406 407 8cb573-8cb57d 404->407 411 8cb5b5-8cb5be 406->411 412 8cbba6-8cbbba call 8c38ba 406->412 422 8cb57f-8cb588 407->422 423 8cb58a 407->423 408->409 413 8cb4ef-8cb4fc call 8c38ba 409->413 414 8cb4ea 409->414 411->412 420 8cb5c4-8cb5d4 SetFilePointerEx 411->420 434 8cbbbf 412->434 429 8cb501-8cb502 413->429 414->413 424 8cb53e 417->424 425 8cb543-8cb555 call 8c38ba 417->425 418->417 427 8cb60b-8cb623 ReadFile 420->427 428 8cb5d6-8cb5e0 420->428 422->423 430 8cb58c 423->430 431 8cb591-8cb5a3 call 8c38ba 423->431 424->425 425->429 432 8cb65a-8cb661 427->432 433 8cb625-8cb62f 427->433 447 8cb5ed 428->447 448 8cb5e2-8cb5eb 428->448 438 8cbbc0-8cbbc6 call 8ffb09 429->438 430->431 431->429 436 8cbb8b-8cbba4 call 8c38ba 432->436 437 8cb667-8cb671 432->437 454 8cb63c 433->454 455 8cb631-8cb63a 433->455 434->438 436->434 437->436 442 8cb677-8cb69a SetFilePointerEx 437->442 457 8cbbc7-8cbbd7 call 8edd1f 438->457 451 8cb69c-8cb6a6 442->451 452 8cb6d1-8cb6e9 ReadFile 442->452 449 8cb5ef 447->449 450 8cb5f4-8cb601 call 8c38ba 447->450 448->447 449->450 450->427 473 8cb6a8-8cb6b1 451->473 474 8cb6b3 451->474 461 8cb6eb-8cb6f5 452->461 462 8cb720-8cb738 ReadFile 452->462 459 8cb63e 454->459 460 8cb643-8cb650 call 8c38ba 454->460 455->454 459->460 460->432 478 8cb6f7-8cb700 461->478 479 8cb702 461->479 466 8cb76f-8cb78a SetFilePointerEx 462->466 467 8cb73a-8cb744 462->467 471 8cb78c-8cb796 466->471 472 8cb7c4-8cb7e3 ReadFile 466->472 488 8cb746-8cb74f 467->488 489 8cb751 467->489 493 8cb798-8cb7a1 471->493 494 8cb7a3 471->494 476 8cbb4c-8cbb56 472->476 477 8cb7e9-8cb7eb 472->477 473->474 480 8cb6ba-8cb6c7 call 8c38ba 474->480 481 8cb6b5 474->481 506 8cbb58-8cbb61 476->506 507 8cbb63 476->507 483 8cb7ec-8cb7f3 477->483 478->479 484 8cb709-8cb716 call 8c38ba 479->484 485 8cb704 479->485 480->452 481->480 490 8cb7f9-8cb805 483->490 491 8cbb27-8cbb44 call 8c38ba 483->491 484->462 485->484 488->489 497 8cb758-8cb765 call 8c38ba 489->497 498 8cb753 489->498 500 8cb807-8cb80e 490->500 501 8cb810-8cb819 490->501 520 8cbb49-8cbb4a 491->520 493->494 504 8cb7aa-8cb7ba call 8c38ba 494->504 505 8cb7a5 494->505 497->466 498->497 500->501 509 8cb853-8cb85a 500->509 510 8cb81f-8cb845 ReadFile 501->510 511 8cbaea-8cbb01 call 8c38ba 501->511 504->472 505->504 506->507 514 8cbb6a-8cbb80 call 8c38ba 507->514 515 8cbb65 507->515 518 8cb85c-8cb87e call 8c38ba 509->518 519 8cb883-8cb89a call 8c39df 509->519 510->476 517 8cb84b-8cb851 510->517 531 8cbb06-8cbb0c call 8ffb09 511->531 525 8cbb81-8cbb89 call 8ffb09 514->525 515->514 517->483 518->520 533 8cb89c-8cb8b9 call 8c38ba 519->533 534 8cb8be-8cb8d3 SetFilePointerEx 519->534 520->525 525->457 541 8cbb12-8cbb13 531->541 533->438 537 8cb8d5-8cb8df 534->537 538 8cb913-8cb938 ReadFile 534->538 550 8cb8ec 537->550 551 8cb8e1-8cb8ea 537->551 542 8cb96f-8cb97b 538->542 543 8cb93a-8cb944 538->543 544 8cbb14-8cbb16 541->544 546 8cb97d-8cb999 call 8c38ba 542->546 547 8cb99e-8cb9a2 542->547 555 8cb946-8cb94f 543->555 556 8cb951 543->556 544->457 549 8cbb1c-8cbb22 call 8c3aa4 544->549 546->531 553 8cb9dd-8cb9f0 call 904224 547->553 554 8cb9a4-8cb9d8 call 8c38ba call 8ffb09 547->554 549->457 559 8cb8ee 550->559 560 8cb8f3-8cb903 call 8c38ba 550->560 551->550 570 8cb9fc-8cba06 553->570 571 8cb9f2-8cb9f7 553->571 554->544 555->556 563 8cb958-8cb96d call 8c38ba 556->563 564 8cb953 556->564 559->560 575 8cb908-8cb90e call 8ffb09 560->575 563->575 564->563 576 8cba08-8cba0e 570->576 577 8cba10-8cba18 570->577 571->575 575->541 579 8cba29-8cba89 call 8c39df 576->579 580 8cba1a-8cba22 577->580 581 8cba24-8cba27 577->581 586 8cbaad-8cbace call 8eeb00 call 8cb1d7 579->586 587 8cba8b-8cbaa7 call 8c38ba 579->587 580->579 581->579 586->544 594 8cbad0-8cbae0 call 8c38ba 586->594 587->586 594->511
                                                            C-Code - Quality: 73%
                                                            			E008CB45A(union _LARGE_INTEGER* __edx, signed short _a4, void* _a8, void* _a12) {
				signed int _v8;
				union _LARGE_INTEGER _v12;
				void _v72;
				signed short _v300;
				signed int _v314;
				void _v320;
				union _LARGE_INTEGER _v340;
				long _v344;
				void _v360;
				long _v364;
				union _LARGE_INTEGER* _v368;
				intOrPtr _v372;
				void _v376;
				void _v380;
				struct _OVERLAPPED* _v384;
				union _LARGE_INTEGER* _v388;
				char _v392;
				intOrPtr _v396;
				union _LARGE_INTEGER _v400;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t100;
				void* _t108;
				signed short _t109;
				signed short _t118;
				signed short _t121;
				union _LARGE_INTEGER _t124;
				signed short _t125;
				signed short _t128;
				signed short _t131;
				signed short _t134;
				signed short _t137;
				intOrPtr* _t142;
				signed short _t151;
				signed short _t155;
				signed short _t158;
				signed short _t160;
				signed int _t213;
				void* _t215;
				signed short _t226;
				signed short _t230;
				signed short _t231;
				union _LARGE_INTEGER* _t232;
				void* _t233;
				void* _t236;
				signed short _t237;
				signed short _t241;
				signed int _t255;
				signed short _t264;

				_t232 = __edx;
				_t100 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t100 ^ _t255;
				_t212 = _a4;
				_v364 = 0;
				_v392 = 0;
				_v388 = 0;
				E008EF600(_t233,  &_v72, 0, 0x40);
				E008EF600(_t233,  &_v320, 0, 0xf8);
				_v376 = 0;
				_v380 = 0;
				_v368 = 0;
				_t213 = 0xa;
				memset( &_v360, 0, _t213 << 2);
				_t215 = _a8;
				 *_t212 = _t215;
				if(_t215 != 0xffffffff) {
					_t108 = _a12;
					__eflags = _t108 - 0xffffffff;
					if(_t108 == 0xffffffff) {
						_t108 = _t215;
					}
					_t236 = SetFilePointerEx;
					_push(0);
					 *(_t212 + 4) = _t108;
					_t109 = SetFilePointerEx(_t215, 0, 0, 0); // executed
					__eflags = _t109;
					if(_t109 != 0) {
						_t112 = ReadFile( *_t212,  &_v72, 0x40,  &_v364, 0); // executed
						__eflags = _t112;
						if(_t112 != 0) {
							__eflags = _v364 - 0x40;
							if(_v364 < 0x40) {
								L116:
								_t236 = 0x8007000d;
								_t241 = 0x8007000d;
								E008C38BA(_t112, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x4e, 0x8007000d);
								_push("Failed to find valid DOS image header in buffer.");
								L117:
								_push(_t236);
								goto L118;
							}
							_t112 = 0x5a4d;
							__eflags = 0x5a4d - _v72;
							if(0x5a4d != _v72) {
								goto L116;
							}
							_push(0);
							asm("cdq");
							_t118 = SetFilePointerEx( *_t212, _v12.LowPart, _t232, 0); // executed
							__eflags = _t118;
							if(_t118 != 0) {
								_t121 = ReadFile( *_t212,  &_v320, 0x18,  &_v364, 0); // executed
								__eflags = _t121;
								if(_t121 != 0) {
									__eflags = _v364 - 0x18;
									if(_v364 < 0x18) {
										L115:
										_t236 = 0x8007000d;
										_t241 = 0x8007000d;
										E008C38BA(_t121, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x64, 0x8007000d);
										_push("Failed to find valid NT image header in buffer.");
										goto L117;
									}
									__eflags = _v320 - 0x4550;
									if(_v320 != 0x4550) {
										goto L115;
									}
									_t26 = _v12.LowPart + 0x58; // 0x58
									_t124 = _v12.LowPart + 0x98;
									_v396 = _t26;
									_push(0);
									_v400.LowPart = _t124;
									_t125 = SetFilePointerEx( *_t212, _t124, 0, 0); // executed
									__eflags = _t125;
									if(_t125 != 0) {
										_t128 = ReadFile( *_t212,  &_v376, 4,  &_v364, 0);
										__eflags = _t128;
										if(_t128 != 0) {
											_t131 = ReadFile( *_t212,  &_v380, 4,  &_v364, 0);
											__eflags = _t131;
											if(_t131 != 0) {
												_push(0);
												_t134 = SetFilePointerEx( *_t212, _v12 + (_v300 & 0x0000ffff) + 0x18, 0, 0); // executed
												__eflags = _t134;
												if(_t134 != 0) {
													_t236 = 0;
													_v384 = 0;
													_t137 = ReadFile( *_t212,  &_v360, 0x28,  &_v364, 0);
													__eflags = _t137;
													if(_t137 == 0) {
														L109:
														_t241 = GetLastError();
														__eflags = _t241;
														if(__eflags > 0) {
															_t241 = _t241 & 0x0000ffff | 0x80070000;
															__eflags = _t241;
														}
														if(__eflags >= 0) {
															_t241 = 0x80004005;
														}
														E008C38BA(_t138, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x8d, _t241);
														_push(_t236);
														_push("Failed to read image section header, index: %u");
														_push(_t241);
														L114:
														E008FFB09();
														goto L119;
													}
													_t226 = 1;
													__eflags = 1;
													while(1) {
														__eflags = _v364 - 0x28;
														if(_v364 < 0x28) {
															break;
														}
														_t142 =  &_v360;
														__eflags =  *_t142 - 0x7869772e;
														if( *_t142 != 0x7869772e) {
															L66:
															_t143 = _v314 & 0x0000ffff;
															__eflags = _t226 - (_v314 & 0x0000ffff);
															if(_t226 >= (_v314 & 0x0000ffff)) {
																_t237 = 0x8007000d;
																_t241 = 0x8007000d;
																E008C38BA(_t143, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xa0, 0x8007000d);
																_push("Failed to find Burn section.");
																L103:
																_push(_t237);
																E008FFB09();
																_t236 = _v368;
																L104:
																L105:
																__eflags = _t236;
																if(_t236 != 0) {
																	E008C3AA4(_t236);
																}
																goto L119;
															}
															_t236 = _t236 + 1;
															_v384 = _t236;
															_v372 = _t226 + 1;
															_t137 = ReadFile( *_t212,  &_v360, 0x28,  &_v364, 0);
															__eflags = _t137;
															if(_t137 == 0) {
																goto L109;
															}
															_t226 = _v372;
															continue;
														}
														__eflags =  *((intOrPtr*)(_t142 + 4)) - 0x6e727562;
														if( *((intOrPtr*)(_t142 + 4)) == 0x6e727562) {
															__eflags = _v344 - 0x34;
															if(_v344 >= 0x34) {
																_t236 = E008C39DF(_v344, 1);
																_v368 = _t236;
																__eflags = _t236;
																if(_t236 != 0) {
																	_push(0);
																	_t151 = SetFilePointerEx( *_t212, _v340.LowPart, 0, 0); // executed
																	__eflags = _t151;
																	if(_t151 != 0) {
																		_v372 = _v340 + 0x1c;
																		_t155 = ReadFile( *_t212, _t236, _v344,  &_v364, 0);
																		__eflags = _t155;
																		if(_t155 != 0) {
																			_t156 = _v344;
																			__eflags = _v344 - _v364;
																			if(_v344 <= _v364) {
																				__eflags =  *((intOrPtr*)(_t236 + 4)) - 2;
																				if( *((intOrPtr*)(_t236 + 4)) == 2) {
																					_t158 = E00904224(_t226,  *(_t212 + 4),  &_v392);
																					__eflags = _t158;
																					if(_t158 >= 0) {
																						_t232 =  *(_t236 + 0x18);
																						 *(_t212 + 8) = _t232;
																						__eflags =  *(_t236 + 0x20);
																						if( *(_t236 + 0x20) == 0) {
																							_t230 = _v376;
																							__eflags = _t230;
																							if(_t230 == 0) {
																								_t160 =  *((intOrPtr*)(_t236 + 0x30)) + _t232;
																								__eflags = _t160;
																							} else {
																								_t160 = _v380 + _t230;
																							}
																						} else {
																							_t160 =  *((intOrPtr*)(_t236 + 0x24)) +  *(_t236 + 0x20);
																						}
																						 *(_t212 + 0xc) = _t160;
																						 *((intOrPtr*)(_t212 + 0x10)) = _v392;
																						 *((intOrPtr*)(_t212 + 0x14)) = _v388;
																						 *((intOrPtr*)(_t212 + 0x18)) = _v396;
																						 *(_t212 + 0x1c) = _v400;
																						 *((intOrPtr*)(_t212 + 0x20)) = _v372;
																						 *((intOrPtr*)(_t212 + 0x24)) =  *((intOrPtr*)(_t236 + 0x1c));
																						 *(_t212 + 0x28) =  *(_t236 + 0x20);
																						 *((intOrPtr*)(_t212 + 0x2c)) =  *((intOrPtr*)(_t236 + 0x24));
																						 *((intOrPtr*)(_t212 + 0x30)) =  *((intOrPtr*)(_t236 + 0x28));
																						 *(_t212 + 0x34) =  *(_t236 + 0x2c);
																						_t231 = E008C39DF( *(_t236 + 0x2c) << 2, 1);
																						 *(_t212 + 0x38) = _t231;
																						__eflags = _t231;
																						if(_t231 != 0) {
																							_t95 = _t236 + 0x30; // 0x30
																							E008EEB00(_t231, _t95,  *(_t212 + 0x34) << 2);
																							_t96 = _t236 + 8; // 0x8
																							_t241 = E008CB1D7(_t96);
																							__eflags = _t241;
																							if(_t241 >= 0) {
																								goto L105;
																							}
																							E008C38BA(_t178, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xf5, _t241);
																							_push("PE Header from file didn\'t match PE Header in memory.");
																							L79:
																							_push(_t241);
																							goto L80;
																						} else {
																							_t212 = 0x8007000e;
																							_t241 = 0x8007000e;
																							E008C38BA(_t172, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xef, 0x8007000e);
																							_push("Failed to allocate memory for container sizes.");
																							_push(0x8007000e);
																							L80:
																							E008FFB09();
																							goto L104;
																						}
																					}
																					_push("Failed to get total size of bundle.");
																					goto L79;
																				}
																				_t241 = 0x8007000d;
																				E008C38BA(_t156, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xcc, 0x8007000d);
																				E008FFB09(0x8007000d, "Failed to read section info, unsupported version: %08x", _v368->LowPart.HighPart);
																				_t236 = _v368;
																				goto L105;
																			}
																			_t237 = 0x8007000d;
																			_t241 = 0x8007000d;
																			E008C38BA(_t156, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xc5, 0x8007000d);
																			_push("Failed to read complete section info.");
																			goto L103;
																		}
																		_t241 = GetLastError();
																		__eflags = _t241;
																		if(__eflags > 0) {
																			_t241 = _t241 & 0x0000ffff | 0x80070000;
																			__eflags = _t241;
																		}
																		if(__eflags >= 0) {
																			_t241 = 0x80004005;
																		}
																		E008C38BA(_t188, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xc0, _t241);
																		_push("Failed to read section info.");
																		goto L79;
																	}
																	_t241 = GetLastError();
																	__eflags = _t241;
																	if(__eflags > 0) {
																		_t241 = _t241 & 0x0000ffff | 0x80070000;
																		__eflags = _t241;
																	}
																	if(__eflags >= 0) {
																		_t241 = 0x80004005;
																	}
																	E008C38BA(_t190, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xb7, _t241);
																	_push("Failed to seek to section info.");
																	goto L79;
																}
																_t212 = 0x8007000e;
																_t241 = 0x8007000e;
																E008C38BA(_t149, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xb1, 0x8007000e);
																_push("Failed to allocate buffer for section info.");
																_push(0x8007000e);
																goto L118;
															}
															_t236 = 0x8007000d;
															_t241 = 0x8007000d;
															E008C38BA(_t142, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0xac, 0x8007000d);
															_push(_v344);
															_push("Failed to read section info, data to short: %u");
															L108:
															_push(_t236);
															goto L114;
														}
														goto L66;
													}
													_t236 = 0x8007000d;
													_t241 = 0x8007000d;
													E008C38BA(_t137, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x92, 0x8007000d);
													_push(_v384);
													_push("Failed to read complete image section header, index: %u");
													goto L108;
												}
												_t241 = GetLastError();
												__eflags = _t241;
												if(__eflags > 0) {
													_t241 = _t241 & 0x0000ffff | 0x80070000;
													__eflags = _t241;
												}
												if(__eflags >= 0) {
													_t241 = 0x80004005;
												}
												E008C38BA(_t194, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x84, _t241);
												_push("Failed to seek past optional headers.");
												goto L6;
											}
											_t241 = GetLastError();
											__eflags = _t241;
											if(__eflags > 0) {
												_t241 = _t241 & 0x0000ffff | 0x80070000;
												__eflags = _t241;
											}
											if(__eflags >= 0) {
												_t241 = 0x80004005;
											}
											E008C38BA(_t196, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x79, _t241);
											_push("Failed to read signature size.");
											goto L6;
										}
										_t241 = GetLastError();
										__eflags = _t241;
										if(__eflags > 0) {
											_t241 = _t241 & 0x0000ffff | 0x80070000;
											__eflags = _t241;
										}
										if(__eflags >= 0) {
											_t241 = 0x80004005;
										}
										E008C38BA(_t198, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x74, _t241);
										_push("Failed to read signature offset.");
										goto L6;
									}
									_t241 = GetLastError();
									__eflags = _t241;
									if(__eflags > 0) {
										_t241 = _t241 & 0x0000ffff | 0x80070000;
										__eflags = _t241;
									}
									if(__eflags >= 0) {
										_t241 = 0x80004005;
									}
									E008C38BA(_t200, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x6f, _t241);
									_push("Failed to seek to section info.");
									goto L6;
								}
								_t241 = GetLastError();
								__eflags = _t241;
								if(__eflags > 0) {
									_t241 = _t241 & 0x0000ffff | 0x80070000;
									__eflags = _t241;
								}
								if(__eflags >= 0) {
									_t241 = 0x80004005;
								}
								E008C38BA(_t202, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x5f, _t241);
								_push("Failed to read NT header.");
								goto L6;
							}
							_t241 = GetLastError();
							__eflags = _t241;
							if(__eflags > 0) {
								_t241 = _t241 & 0x0000ffff | 0x80070000;
								__eflags = _t241;
							}
							if(__eflags >= 0) {
								_t241 = 0x80004005;
							}
							E008C38BA(_t204, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x59, _t241);
							_push("Failed to seek to NT header.");
							goto L6;
						}
						_t241 = GetLastError();
						__eflags = _t241;
						if(__eflags > 0) {
							_t241 = _t241 & 0x0000ffff | 0x80070000;
							__eflags = _t241;
						}
						if(__eflags >= 0) {
							_t241 = 0x80004005;
						}
						E008C38BA(_t206, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x49, _t241);
						_push("Failed to read DOS header.");
						goto L6;
					} else {
						_t241 = GetLastError();
						__eflags = _t241;
						if(__eflags > 0) {
							_t241 = _t241 & 0x0000ffff | 0x80070000;
							__eflags = _t241;
						}
						if(__eflags >= 0) {
							_t241 = 0x80004005;
						}
						E008C38BA(_t208, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x43, _t241);
						_push("Failed to seek to start of file.");
						L6:
						_push(_t241);
						L118:
						E008FFB09();
						L119:
						return E008EDD1F(_t212, _v8 ^ _t255, _t232, _t236, _t241);
					}
				}
				_t241 = GetLastError();
				if(_t241 > 0) {
					_t241 = _t241 & 0x0000ffff | 0x80070000;
					_t264 = _t241;
				}
				if(_t264 >= 0) {
					_t241 = 0x80004005;
				}
				E008C38BA(_t210, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x3a, _t241);
				_push("Failed to open handle to engine process path.");
				goto L6;
			}





















































                                                            0x008cb45a
                                                            0x008cb463
                                                            0x008cb46a
                                                            0x008cb46e
                                                            0x008cb47c
                                                            0x008cb482
                                                            0x008cb488
                                                            0x008cb48e
                                                            0x008cb4a0
                                                            0x008cb4a8
                                                            0x008cb4b0
                                                            0x008cb4bc
                                                            0x008cb4c4
                                                            0x008cb4c5
                                                            0x008cb4c7
                                                            0x008cb4ca
                                                            0x008cb4cf
                                                            0x008cb507
                                                            0x008cb50a
                                                            0x008cb50d
                                                            0x008cb50f
                                                            0x008cb50f
                                                            0x008cb511
                                                            0x008cb517
                                                            0x008cb51c
                                                            0x008cb51f
                                                            0x008cb521
                                                            0x008cb523
                                                            0x008cb56d
                                                            0x008cb56f
                                                            0x008cb571
                                                            0x008cb5a8
                                                            0x008cb5af
                                                            0x008cbba6
                                                            0x008cbba6
                                                            0x008cbbb3
                                                            0x008cbbb5
                                                            0x008cbbba
                                                            0x008cbbbf
                                                            0x008cbbbf
                                                            0x00000000
                                                            0x008cbbbf
                                                            0x008cb5b5
                                                            0x008cb5ba
                                                            0x008cb5be
                                                            0x00000000
                                                            0x00000000
                                                            0x008cb5c7
                                                            0x008cb5cb
                                                            0x008cb5d0
                                                            0x008cb5d2
                                                            0x008cb5d4
                                                            0x008cb61f
                                                            0x008cb621
                                                            0x008cb623
                                                            0x008cb65a
                                                            0x008cb661
                                                            0x008cbb8b
                                                            0x008cbb8b
                                                            0x008cbb98
                                                            0x008cbb9a
                                                            0x008cbb9f
                                                            0x00000000
                                                            0x008cbb9f
                                                            0x008cb667
                                                            0x008cb671
                                                            0x00000000
                                                            0x00000000
                                                            0x008cb67a
                                                            0x008cb67d
                                                            0x008cb682
                                                            0x008cb68a
                                                            0x008cb690
                                                            0x008cb696
                                                            0x008cb698
                                                            0x008cb69a
                                                            0x008cb6e5
                                                            0x008cb6e7
                                                            0x008cb6e9
                                                            0x008cb734
                                                            0x008cb736
                                                            0x008cb738
                                                            0x008cb780
                                                            0x008cb786
                                                            0x008cb788
                                                            0x008cb78a
                                                            0x008cb7c4
                                                            0x008cb7d6
                                                            0x008cb7df
                                                            0x008cb7e1
                                                            0x008cb7e3
                                                            0x008cbb4c
                                                            0x008cbb52
                                                            0x008cbb54
                                                            0x008cbb56
                                                            0x008cbb5b
                                                            0x008cbb61
                                                            0x008cbb61
                                                            0x008cbb63
                                                            0x008cbb65
                                                            0x008cbb65
                                                            0x008cbb75
                                                            0x008cbb7a
                                                            0x008cbb7b
                                                            0x008cbb80
                                                            0x008cbb81
                                                            0x008cbb81
                                                            0x00000000
                                                            0x008cbb86
                                                            0x008cb7eb
                                                            0x008cb7eb
                                                            0x008cb7ec
                                                            0x008cb7ec
                                                            0x008cb7f3
                                                            0x00000000
                                                            0x00000000
                                                            0x008cb7f9
                                                            0x008cb7ff
                                                            0x008cb805
                                                            0x008cb810
                                                            0x008cb810
                                                            0x008cb817
                                                            0x008cb819
                                                            0x008cbaea
                                                            0x008cbafa
                                                            0x008cbafc
                                                            0x008cbb01
                                                            0x008cbb06
                                                            0x008cbb06
                                                            0x008cbb07
                                                            0x008cbb0c
                                                            0x008cbb12
                                                            0x008cbb14
                                                            0x008cbb14
                                                            0x008cbb16
                                                            0x008cbb1d
                                                            0x008cbb1d
                                                            0x00000000
                                                            0x008cbb16
                                                            0x008cb827
                                                            0x008cb831
                                                            0x008cb83b
                                                            0x008cb841
                                                            0x008cb843
                                                            0x008cb845
                                                            0x00000000
                                                            0x00000000
                                                            0x008cb84b
                                                            0x00000000
                                                            0x008cb84b
                                                            0x008cb807
                                                            0x008cb80e
                                                            0x008cb853
                                                            0x008cb85a
                                                            0x008cb890
                                                            0x008cb892
                                                            0x008cb898
                                                            0x008cb89a
                                                            0x008cb8c0
                                                            0x008cb8cb
                                                            0x008cb8d1
                                                            0x008cb8d3
                                                            0x008cb91e
                                                            0x008cb934
                                                            0x008cb936
                                                            0x008cb938
                                                            0x008cb96f
                                                            0x008cb975
                                                            0x008cb97b
                                                            0x008cb99e
                                                            0x008cb9a2
                                                            0x008cb9e7
                                                            0x008cb9ee
                                                            0x008cb9f0
                                                            0x008cb9fc
                                                            0x008cb9ff
                                                            0x008cba02
                                                            0x008cba06
                                                            0x008cba10
                                                            0x008cba16
                                                            0x008cba18
                                                            0x008cba27
                                                            0x008cba27
                                                            0x008cba1a
                                                            0x008cba20
                                                            0x008cba20
                                                            0x008cba08
                                                            0x008cba0b
                                                            0x008cba0b
                                                            0x008cba29
                                                            0x008cba32
                                                            0x008cba3b
                                                            0x008cba44
                                                            0x008cba4d
                                                            0x008cba56
                                                            0x008cba5c
                                                            0x008cba62
                                                            0x008cba68
                                                            0x008cba6e
                                                            0x008cba74
                                                            0x008cba82
                                                            0x008cba84
                                                            0x008cba87
                                                            0x008cba89
                                                            0x008cbab4
                                                            0x008cbab9
                                                            0x008cbac1
                                                            0x008cbaca
                                                            0x008cbacc
                                                            0x008cbace
                                                            0x00000000
                                                            0x00000000
                                                            0x008cbadb
                                                            0x008cbae0
                                                            0x008cb908
                                                            0x008cb908
                                                            0x00000000
                                                            0x008cba8b
                                                            0x008cba8b
                                                            0x008cba9b
                                                            0x008cba9d
                                                            0x008cbaa2
                                                            0x008cbaa7
                                                            0x008cb909
                                                            0x008cb909
                                                            0x00000000
                                                            0x008cb909
                                                            0x008cba89
                                                            0x008cb9f2
                                                            0x00000000
                                                            0x008cb9f2
                                                            0x008cb9b4
                                                            0x008cb9b6
                                                            0x008cb9ca
                                                            0x008cb9cf
                                                            0x00000000
                                                            0x008cb9d5
                                                            0x008cb97d
                                                            0x008cb98d
                                                            0x008cb98f
                                                            0x008cb994
                                                            0x00000000
                                                            0x008cb994
                                                            0x008cb940
                                                            0x008cb942
                                                            0x008cb944
                                                            0x008cb949
                                                            0x008cb94f
                                                            0x008cb94f
                                                            0x008cb951
                                                            0x008cb953
                                                            0x008cb953
                                                            0x008cb963
                                                            0x008cb968
                                                            0x00000000
                                                            0x008cb968
                                                            0x008cb8db
                                                            0x008cb8dd
                                                            0x008cb8df
                                                            0x008cb8e4
                                                            0x008cb8ea
                                                            0x008cb8ea
                                                            0x008cb8ec
                                                            0x008cb8ee
                                                            0x008cb8ee
                                                            0x008cb8fe
                                                            0x008cb903
                                                            0x00000000
                                                            0x008cb903
                                                            0x008cb89c
                                                            0x008cb8ac
                                                            0x008cb8ae
                                                            0x008cb8b3
                                                            0x008cb8b8
                                                            0x00000000
                                                            0x008cb8b8
                                                            0x008cb85c
                                                            0x008cb86c
                                                            0x008cb86e
                                                            0x008cb873
                                                            0x008cb879
                                                            0x008cbb49
                                                            0x008cbb49
                                                            0x00000000
                                                            0x008cbb49
                                                            0x00000000
                                                            0x008cb80e
                                                            0x008cbb27
                                                            0x008cbb37
                                                            0x008cbb39
                                                            0x008cbb3e
                                                            0x008cbb44
                                                            0x00000000
                                                            0x008cbb44
                                                            0x008cb792
                                                            0x008cb794
                                                            0x008cb796
                                                            0x008cb79b
                                                            0x008cb7a1
                                                            0x008cb7a1
                                                            0x008cb7a3
                                                            0x008cb7a5
                                                            0x008cb7a5
                                                            0x008cb7b5
                                                            0x008cb7ba
                                                            0x00000000
                                                            0x008cb7ba
                                                            0x008cb740
                                                            0x008cb742
                                                            0x008cb744
                                                            0x008cb749
                                                            0x008cb74f
                                                            0x008cb74f
                                                            0x008cb751
                                                            0x008cb753
                                                            0x008cb753
                                                            0x008cb760
                                                            0x008cb765
                                                            0x00000000
                                                            0x008cb765
                                                            0x008cb6f1
                                                            0x008cb6f3
                                                            0x008cb6f5
                                                            0x008cb6fa
                                                            0x008cb700
                                                            0x008cb700
                                                            0x008cb702
                                                            0x008cb704
                                                            0x008cb704
                                                            0x008cb711
                                                            0x008cb716
                                                            0x00000000
                                                            0x008cb716
                                                            0x008cb6a2
                                                            0x008cb6a4
                                                            0x008cb6a6
                                                            0x008cb6ab
                                                            0x008cb6b1
                                                            0x008cb6b1
                                                            0x008cb6b3
                                                            0x008cb6b5
                                                            0x008cb6b5
                                                            0x008cb6c2
                                                            0x008cb6c7
                                                            0x00000000
                                                            0x008cb6c7
                                                            0x008cb62b
                                                            0x008cb62d
                                                            0x008cb62f
                                                            0x008cb634
                                                            0x008cb63a
                                                            0x008cb63a
                                                            0x008cb63c
                                                            0x008cb63e
                                                            0x008cb63e
                                                            0x008cb64b
                                                            0x008cb650
                                                            0x00000000
                                                            0x008cb650
                                                            0x008cb5dc
                                                            0x008cb5de
                                                            0x008cb5e0
                                                            0x008cb5e5
                                                            0x008cb5eb
                                                            0x008cb5eb
                                                            0x008cb5ed
                                                            0x008cb5ef
                                                            0x008cb5ef
                                                            0x008cb5fc
                                                            0x008cb601
                                                            0x00000000
                                                            0x008cb601
                                                            0x008cb579
                                                            0x008cb57b
                                                            0x008cb57d
                                                            0x008cb582
                                                            0x008cb588
                                                            0x008cb588
                                                            0x008cb58a
                                                            0x008cb58c
                                                            0x008cb58c
                                                            0x008cb599
                                                            0x008cb59e
                                                            0x00000000
                                                            0x008cb525
                                                            0x008cb52b
                                                            0x008cb52d
                                                            0x008cb52f
                                                            0x008cb534
                                                            0x008cb53a
                                                            0x008cb53a
                                                            0x008cb53c
                                                            0x008cb53e
                                                            0x008cb53e
                                                            0x008cb54b
                                                            0x008cb550
                                                            0x008cb501
                                                            0x008cb501
                                                            0x008cbbc0
                                                            0x008cbbc0
                                                            0x008cbbc7
                                                            0x008cbbd7
                                                            0x008cbbd7
                                                            0x008cb523
                                                            0x008cb4d7
                                                            0x008cb4db
                                                            0x008cb4e0
                                                            0x008cb4e6
                                                            0x008cb4e6
                                                            0x008cb4e8
                                                            0x008cb4ea
                                                            0x008cb4ea
                                                            0x008cb4f7
                                                            0x008cb4fc
                                                            0x00000000

                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,?,00000000,77D59EB0,00000000), ref: 008CB4D1
                                                            • SetFilePointerEx.KERNEL32(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB51F
                                                            • GetLastError.KERNEL32(?,?,?,00000000,77D59EB0,00000000), ref: 008CB525
                                                            • ReadFile.KERNEL32(00000000,008C44B0,00000040,?,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB56D
                                                            • GetLastError.KERNEL32(?,?,?,00000000,77D59EB0,00000000), ref: 008CB573
                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB5D0
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB5D6
                                                            • ReadFile.KERNEL32(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB61F
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB625
                                                            • SetFilePointerEx.KERNEL32(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB696
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB69C
                                                            • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB6E5
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB6EB
                                                            • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB734
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB73A
                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB786
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB78C
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • ReadFile.KERNEL32(00000000,?,00000028,00000018,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB7DF
                                                            • ReadFile.KERNEL32(00000000,?,00000028,00000028,00000000,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB841
                                                            • SetFilePointerEx.KERNEL32(00000000,?,00000000,00000000,00000000,00000034,00000001,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB8CB
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB8D5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: File$ErrorLast$Read$Pointer$Heap$AllocateProcess
                                                            • String ID: ($.wix$4$@Mqt$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$c:\agent\_work\66\s\src\burn\engine\section.cpp
                                                            • API String ID: 3411815225-1855129699
                                                            • Opcode ID: 43b3efd6b2b86a61c510acbce4edabcc918dd738eaf0034639de1bd32159a478
                                                            • Instruction ID: b0c7e2b85bb54ecc49e2c189a41f5ca3a66813631dab6ad31c4cc6efcfde97a6
                                                            • Opcode Fuzzy Hash: 43b3efd6b2b86a61c510acbce4edabcc918dd738eaf0034639de1bd32159a478
                                                            • Instruction Fuzzy Hash: 6712E47294163AAFDB209A558C47FAB7AB4FF40714F0141A9BE05FB280E775DD408BE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CA3D4 Relevance: 45.8, APIs: 8, Strings: 18, Instructions: 311registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 757 8ca3d4-8ca421 call 8c7303 760 8ca42f-8ca432 757->760 761 8ca423-8ca42a 757->761 762 8ca434-8ca440 call 8c7303 760->762 763 8ca457-8ca473 call 900823 760->763 764 8ca706-8ca711 call 8ffb09 761->764 768 8ca445-8ca44b 762->768 772 8ca4af-8ca4b1 763->772 773 8ca475-8ca47f call 8ffff0 763->773 774 8ca726-8ca73a call 8c287d * 2 764->774 775 8ca713-8ca723 call 8ffff0 764->775 768->763 771 8ca44d-8ca452 768->771 771->764 776 8ca4bd-8ca4da RegQueryValueExW 772->776 777 8ca4b3-8ca4b8 772->777 785 8ca484 773->785 797 8ca73c-8ca745 RegCloseKey 774->797 798 8ca749-8ca74b 774->798 775->774 782 8ca4dc-8ca4f0 call 8ffff0 776->782 783 8ca4f2-8ca4f4 776->783 777->764 790 8ca487-8ca491 call 8c8259 782->790 788 8ca526-8ca538 call 8c39df 783->788 789 8ca4f6 783->789 785->790 803 8ca53a-8ca55c call 8c38ba call 8ffb09 788->803 804 8ca561-8ca57c RegQueryValueExW 788->804 793 8ca4f8-8ca501 789->793 794 8ca503 789->794 801 8ca496-8ca49c 790->801 793->794 799 8ca50a-8ca521 call 8c38ba 794->799 800 8ca505 794->800 797->798 805 8ca74d-8ca74e call 8c3aa4 798->805 806 8ca753-8ca762 call 8e04e3 798->806 799->764 800->799 808 8ca49e-8ca4a3 801->808 809 8ca4a8-8ca4aa 801->809 803->775 811 8ca5ae-8ca5b4 804->811 812 8ca57e 804->812 805->806 808->764 809->774 820 8ca5ba-8ca5bd 811->820 821 8ca6b4-8ca6bb call 8e033f 811->821 817 8ca58b 812->817 818 8ca580-8ca589 812->818 824 8ca58d 817->824 825 8ca592-8ca5a9 call 8c38ba 817->825 818->817 826 8ca5bf-8ca5c3 820->826 827 8ca615-8ca619 820->827 830 8ca6c0 821->830 824->825 825->764 828 8ca608-8ca60c 826->828 829 8ca5c5-8ca5c8 826->829 827->821 833 8ca61f-8ca631 call 8c1fe0 827->833 837 8ca60e-8ca613 828->837 838 8ca5eb-8ca5f0 828->838 834 8ca5ca-8ca5e0 call 8ffb09 829->834 835 8ca5e5-8ca5e9 829->835 836 8ca6c2-8ca6c6 830->836 847 8ca63d-8ca657 ExpandEnvironmentStringsW 833->847 848 8ca633-8ca638 833->848 834->775 835->838 844 8ca5f5-8ca5f8 835->844 842 8ca6cf-8ca6e1 call 8dff10 836->842 843 8ca6c8-8ca6cd 836->843 845 8ca5fa-8ca603 call 8e02fb 837->845 838->775 856 8ca6ea-8ca6f4 call 8c8259 842->856 857 8ca6e3-8ca6e8 842->857 843->764 844->845 845->830 847->836 852 8ca659-8ca669 call 8c1fe0 847->852 848->764 852->848 860 8ca66b-8ca67b ExpandEnvironmentStringsW 852->860 861 8ca6f9-8ca6ff 856->861 857->764 860->836 862 8ca67d-8ca687 860->862 861->774 863 8ca701 861->863 865 8ca689-8ca692 862->865 866 8ca694 862->866 863->764 865->866 867 8ca69b-8ca6b2 call 8c38ba 866->867 868 8ca696 866->868 867->764 868->867
                                                            C-Code - Quality: 77%
                                                            			E008CA3D4(long _a4, intOrPtr _a8) {
				int _v8;
				char _v12;
				int _v16;
				int _v20;
				int _v24;
				intOrPtr _v32;
				void _v48;
				signed short _t76;
				signed short _t78;
				signed short _t81;
				signed short _t87;
				signed short _t89;
				signed short _t91;
				signed short _t95;
				char* _t103;
				signed short _t106;
				long _t109;
				long _t112;
				signed short _t116;
				signed short _t127;
				signed short _t130;
				WCHAR* _t131;
				signed int _t132;
				signed short _t136;
				long _t144;
				signed short _t145;
				signed short _t146;
				signed short _t147;
				signed short _t148;
				signed short _t149;
				signed short _t150;
				void* _t154;
				void* _t155;

				_t132 = 6;
				memset( &_v48, 0, _t132 << 2);
				_t155 = _t154 + 0xc;
				_t144 = _a4;
				_v12 = 0;
				_t131 = 0;
				_v20 = 0;
				_v16 = 0;
				_v24 = 0;
				asm("sbb eax, eax");
				_v8 = 0;
				_a4 = ( ~( *(_t144 + 0x24)) & 0x00000100) + 1;
				_t76 = E008C7303(_a8,  *((intOrPtr*)(_t144 + 0x1c)),  &_v12, 0); // executed
				_t145 = _t76;
				if(_t145 >= 0) {
					__eflags =  *(_t144 + 0x20);
					if( *(_t144 + 0x20) == 0) {
						L5:
						_t78 = E00900823( *((intOrPtr*)(_t144 + 0x18)), _v12, _a4,  &_v16); // executed
						_t146 = _t78;
						__eflags = _t146 - 0x80070002;
						if(_t146 != 0x80070002) {
							__eflags = _t146;
							if(_t146 >= 0) {
								_t81 = RegQueryValueExW(_v16, _v20, 0,  &_v24, 0,  &_v8); // executed
								_t147 = _t81;
								__eflags = _t147 - 2;
								if(_t147 != 2) {
									__eflags = _t147;
									if(__eflags == 0) {
										_t131 = E008C39DF(_v8 + 2, 1);
										__eflags = _t131;
										if(_t131 != 0) {
											_t87 = RegQueryValueExW(_v16, _v20, 0,  &_v24, _t131,  &_v8); // executed
											_t148 = _t87;
											__eflags = _t148;
											if(__eflags == 0) {
												_t89 = _v24 - 1;
												__eflags = _t89;
												if(_t89 == 0) {
													L50:
													_t91 = E008E033F( &_v48, _t131, 0);
													goto L51;
												} else {
													_t106 = _t89 - 1;
													__eflags = _t106;
													if(_t106 == 0) {
														__eflags =  *(_t144 + 0x28);
														if( *(_t144 + 0x28) == 0) {
															goto L50;
														} else {
															_t149 = E008C1FE0( &_v48, _v8);
															_t136 = _t149;
															__eflags = _t149;
															if(_t149 >= 0) {
																_v32 = 2;
																_t109 = ExpandEnvironmentStringsW(_t131, _v48, _v8);
																_a4 = _t109;
																__eflags = _t109 - _v8;
																if(_t109 <= _v8) {
																	goto L52;
																} else {
																	_t150 = E008C1FE0( &_v48, _t109);
																	_t136 = _t150;
																	__eflags = _t150;
																	if(_t150 < 0) {
																		goto L41;
																	} else {
																		_t112 = ExpandEnvironmentStringsW(_t131, _v48, _a4);
																		__eflags = _a4 - _t112;
																		if(_a4 == _t112) {
																			goto L52;
																		} else {
																			_t150 = GetLastError();
																			__eflags = _t150;
																			if(__eflags > 0) {
																				_t150 = _t150 & 0x0000ffff | 0x80070000;
																				__eflags = _t150;
																			}
																			if(__eflags >= 0) {
																				_t150 = 0x80004005;
																			}
																			E008C38BA(_t113, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x396, _t150);
																			_t136 = _t150;
																			_t103 = "Failed to get expand environment string.";
																			goto L58;
																		}
																	}
																}
															} else {
																L41:
																_t103 = "Failed to allocate string buffer.";
																goto L58;
															}
														}
													} else {
														_t116 = _t106;
														__eflags = _t116;
														if(_t116 == 0) {
															__eflags = _v8 - 4;
															if(_v8 != 4) {
																goto L34;
															} else {
																asm("cdq");
																_push(0);
																_push( *_t131);
																goto L36;
															}
														} else {
															__eflags = _t116 == 7;
															if(_t116 == 7) {
																__eflags = _v8 - 8;
																if(_v8 == 8) {
																	_push(_t131[2]);
																	_push( *_t131);
																	L36:
																	_push( &_v48);
																	_t91 = E008E02FB();
																	L51:
																	_t149 = _t91;
																	L52:
																	__eflags = _t149;
																	if(_t149 >= 0) {
																		_t150 = E008DFF10( &_v48,  *((intOrPtr*)(_t144 + 0x14)));
																		_t136 = _t150;
																		__eflags = _t150;
																		if(_t150 >= 0) {
																			_t95 = E008C8259(_a8,  *((intOrPtr*)(_t144 + 4)),  &_v48); // executed
																			_t150 = _t95;
																			_t136 = _t150;
																			__eflags = _t150;
																			if(_t150 < 0) {
																				_t103 = "Failed to set variable.";
																				goto L58;
																			}
																		} else {
																			_t103 = "Failed to change value type.";
																			goto L58;
																		}
																	} else {
																		_t103 = "Failed to read registry value.";
																		goto L58;
																	}
																} else {
																	L34:
																	_t150 = 0x8000ffff;
																	goto L59;
																}
															} else {
																_t150 = 0x80004001;
																E008FFB09(0x80004001, "Unsupported registry key value type. Type = \'%u\'", _v24);
																_t155 = _t155 + 0xc;
																goto L59;
															}
														}
													}
												}
											} else {
												if(__eflags > 0) {
													_t148 = _t148 & 0x0000ffff | 0x80070000;
													__eflags = _t148;
												}
												if(__eflags >= 0) {
													_t148 = 0x80004005;
												}
												E008C38BA(_t87, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x375, _t148);
												_t136 = _t148;
												_t103 = "Failed to query registry key value.";
												goto L58;
											}
										} else {
											_t150 = 0x8007000e;
											E008C38BA(_t84, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x372, 0x8007000e);
											_push("Failed to allocate memory registry value.");
											_push(0x8007000e);
											E008FFB09();
											goto L59;
										}
									} else {
										if(__eflags > 0) {
											_t147 = _t147 & 0x0000ffff | 0x80070000;
											__eflags = _t147;
										}
										if(__eflags >= 0) {
											_t147 = 0x80004005;
										}
										E008C38BA(_t81, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x36f, _t147);
										_t136 = _t147;
										_t103 = "Failed to query registry key value size.";
										goto L58;
									}
								} else {
									_push(_v20);
									E008FFFF0(_t81, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v12);
									_t155 = _t155 + 0x10;
									goto L7;
								}
							} else {
								_t103 = "Failed to open registry key.";
								goto L58;
							}
						} else {
							E008FFFF0(2, "Registry key not found. Key = \'%ls\'", _v12); // executed
							_t155 = _t155 + 0xc;
							L7:
							_t127 = E008C8259(_a8,  *((intOrPtr*)(_t144 + 4)),  &_v48); // executed
							_t150 = _t127;
							_t136 = _t150;
							__eflags = _t150;
							if(_t150 >= 0) {
								_t150 = 0;
							} else {
								_t103 = "Failed to clear variable.";
								goto L58;
							}
						}
					} else {
						_t130 = E008C7303(_a8,  *(_t144 + 0x20),  &_v20, 0); // executed
						_t150 = _t130;
						_t136 = _t150;
						__eflags = _t150;
						if(_t150 >= 0) {
							goto L5;
						} else {
							_t103 = "Failed to format value string.";
							goto L58;
						}
					}
				} else {
					_t136 = _t145;
					_t103 = "Failed to format key string.";
					L58:
					_push(_t103);
					_push(_t136);
					E008FFB09();
					if(_t150 < 0) {
						L59:
						_push(_t150);
						E008FFFF0(2, "RegistrySearchValue failed: ID \'%ls\', HRESULT 0x%x", _v12);
					}
				}
				E008C287D(_v12);
				E008C287D(_v20);
				if(_v16 != 0) {
					RegCloseKey(_v16); // executed
					_v16 = _v16 & 0x00000000;
				}
				if(_t131 != 0) {
					E008C3AA4(_t131);
				}
				E008E04E3( &_v48);
				return _t150;
			}




































                                                            0x008ca3e4
                                                            0x008ca3e5
                                                            0x008ca3e5
                                                            0x008ca3e7
                                                            0x008ca3ed
                                                            0x008ca3f0
                                                            0x008ca3f2
                                                            0x008ca3fa
                                                            0x008ca3fd
                                                            0x008ca400
                                                            0x008ca402
                                                            0x008ca40b
                                                            0x008ca418
                                                            0x008ca41d
                                                            0x008ca421
                                                            0x008ca42f
                                                            0x008ca432
                                                            0x008ca457
                                                            0x008ca464
                                                            0x008ca469
                                                            0x008ca46d
                                                            0x008ca473
                                                            0x008ca4af
                                                            0x008ca4b1
                                                            0x008ca4cf
                                                            0x008ca4d5
                                                            0x008ca4d7
                                                            0x008ca4da
                                                            0x008ca4f2
                                                            0x008ca4f4
                                                            0x008ca534
                                                            0x008ca536
                                                            0x008ca538
                                                            0x008ca572
                                                            0x008ca578
                                                            0x008ca57a
                                                            0x008ca57c
                                                            0x008ca5b1
                                                            0x008ca5b1
                                                            0x008ca5b4
                                                            0x008ca6b4
                                                            0x008ca6bb
                                                            0x00000000
                                                            0x008ca5ba
                                                            0x008ca5ba
                                                            0x008ca5ba
                                                            0x008ca5bd
                                                            0x008ca615
                                                            0x008ca619
                                                            0x00000000
                                                            0x008ca61f
                                                            0x008ca62b
                                                            0x008ca62d
                                                            0x008ca62f
                                                            0x008ca631
                                                            0x008ca640
                                                            0x008ca64b
                                                            0x008ca651
                                                            0x008ca654
                                                            0x008ca657
                                                            0x00000000
                                                            0x008ca659
                                                            0x008ca663
                                                            0x008ca665
                                                            0x008ca667
                                                            0x008ca669
                                                            0x00000000
                                                            0x008ca66b
                                                            0x008ca672
                                                            0x008ca678
                                                            0x008ca67b
                                                            0x00000000
                                                            0x008ca67d
                                                            0x008ca683
                                                            0x008ca685
                                                            0x008ca687
                                                            0x008ca68c
                                                            0x008ca692
                                                            0x008ca692
                                                            0x008ca694
                                                            0x008ca696
                                                            0x008ca696
                                                            0x008ca6a6
                                                            0x008ca6ab
                                                            0x008ca6ad
                                                            0x00000000
                                                            0x008ca6ad
                                                            0x008ca67b
                                                            0x008ca669
                                                            0x008ca633
                                                            0x008ca633
                                                            0x008ca633
                                                            0x00000000
                                                            0x008ca633
                                                            0x008ca631
                                                            0x008ca5bf
                                                            0x008ca5c0
                                                            0x008ca5c0
                                                            0x008ca5c3
                                                            0x008ca608
                                                            0x008ca60c
                                                            0x00000000
                                                            0x008ca60e
                                                            0x008ca610
                                                            0x008ca611
                                                            0x008ca612
                                                            0x00000000
                                                            0x008ca612
                                                            0x008ca5c5
                                                            0x008ca5c5
                                                            0x008ca5c8
                                                            0x008ca5e5
                                                            0x008ca5e9
                                                            0x008ca5f5
                                                            0x008ca5f8
                                                            0x008ca5fa
                                                            0x008ca5fd
                                                            0x008ca5fe
                                                            0x008ca6c0
                                                            0x008ca6c0
                                                            0x008ca6c2
                                                            0x008ca6c4
                                                            0x008ca6c6
                                                            0x008ca6db
                                                            0x008ca6dd
                                                            0x008ca6df
                                                            0x008ca6e1
                                                            0x008ca6f4
                                                            0x008ca6f9
                                                            0x008ca6fb
                                                            0x008ca6fd
                                                            0x008ca6ff
                                                            0x008ca701
                                                            0x00000000
                                                            0x008ca701
                                                            0x008ca6e3
                                                            0x008ca6e3
                                                            0x00000000
                                                            0x008ca6e3
                                                            0x008ca6c8
                                                            0x008ca6c8
                                                            0x00000000
                                                            0x008ca6c8
                                                            0x008ca5eb
                                                            0x008ca5eb
                                                            0x008ca5eb
                                                            0x00000000
                                                            0x008ca5eb
                                                            0x008ca5ca
                                                            0x008ca5cd
                                                            0x008ca5d8
                                                            0x008ca5dd
                                                            0x00000000
                                                            0x008ca5dd
                                                            0x008ca5c8
                                                            0x008ca5c3
                                                            0x008ca5bd
                                                            0x008ca57e
                                                            0x008ca57e
                                                            0x008ca583
                                                            0x008ca589
                                                            0x008ca589
                                                            0x008ca58b
                                                            0x008ca58d
                                                            0x008ca58d
                                                            0x008ca59d
                                                            0x008ca5a2
                                                            0x008ca5a4
                                                            0x00000000
                                                            0x008ca5a4
                                                            0x008ca53a
                                                            0x008ca53a
                                                            0x008ca54a
                                                            0x008ca54f
                                                            0x008ca554
                                                            0x008ca555
                                                            0x00000000
                                                            0x008ca55b
                                                            0x008ca4f6
                                                            0x008ca4f6
                                                            0x008ca4fb
                                                            0x008ca501
                                                            0x008ca501
                                                            0x008ca503
                                                            0x008ca505
                                                            0x008ca505
                                                            0x008ca515
                                                            0x008ca51a
                                                            0x008ca51c
                                                            0x00000000
                                                            0x008ca51c
                                                            0x008ca4dc
                                                            0x008ca4dc
                                                            0x008ca4e8
                                                            0x008ca4ed
                                                            0x00000000
                                                            0x008ca4ed
                                                            0x008ca4b3
                                                            0x008ca4b3
                                                            0x00000000
                                                            0x008ca4b3
                                                            0x008ca475
                                                            0x008ca47f
                                                            0x008ca484
                                                            0x008ca487
                                                            0x008ca491
                                                            0x008ca496
                                                            0x008ca498
                                                            0x008ca49a
                                                            0x008ca49c
                                                            0x008ca4a8
                                                            0x008ca49e
                                                            0x008ca49e
                                                            0x00000000
                                                            0x008ca49e
                                                            0x008ca49c
                                                            0x008ca434
                                                            0x008ca440
                                                            0x008ca445
                                                            0x008ca447
                                                            0x008ca449
                                                            0x008ca44b
                                                            0x00000000
                                                            0x008ca44d
                                                            0x008ca44d
                                                            0x00000000
                                                            0x008ca44d
                                                            0x008ca44b
                                                            0x008ca423
                                                            0x008ca423
                                                            0x008ca425
                                                            0x008ca706
                                                            0x008ca706
                                                            0x008ca707
                                                            0x008ca708
                                                            0x008ca711
                                                            0x008ca713
                                                            0x008ca713
                                                            0x008ca71e
                                                            0x008ca723
                                                            0x008ca711
                                                            0x008ca729
                                                            0x008ca731
                                                            0x008ca73a
                                                            0x008ca73f
                                                            0x008ca745
                                                            0x008ca745
                                                            0x008ca74b
                                                            0x008ca74e
                                                            0x008ca74e
                                                            0x008ca757
                                                            0x008ca762

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 008CA418
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 008CA440
                                                            • RegCloseKey.KERNEL32(00000000,?,00000000,?,?,?,?,?), ref: 008CA73F
                                                            Strings
                                                            • Failed to set variable., xrefs: 008CA701
                                                            • Failed to open registry key., xrefs: 008CA4B3
                                                            • Failed to format key string., xrefs: 008CA425
                                                            • Failed to query registry key value., xrefs: 008CA5A4
                                                            • Failed to get expand environment string., xrefs: 008CA6AD
                                                            • Failed to format value string., xrefs: 008CA44D
                                                            • Registry key not found. Key = '%ls', xrefs: 008CA478
                                                            • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 008CA717
                                                            • Failed to allocate string buffer., xrefs: 008CA633
                                                            • Failed to query registry key value size., xrefs: 008CA51C
                                                            • Unsupported registry key value type. Type = '%u', xrefs: 008CA5D2
                                                            • Failed to read registry value., xrefs: 008CA6C8
                                                            • Failed to change value type., xrefs: 008CA6E3, 008CA706
                                                            • @Mqt, xrefs: 008CA67D
                                                            • Failed to clear variable., xrefs: 008CA49E
                                                            • c:\agent\_work\66\s\src\burn\engine\search.cpp, xrefs: 008CA510, 008CA545, 008CA598, 008CA6A1
                                                            • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 008CA4E2
                                                            • Failed to allocate memory registry value., xrefs: 008CA54F
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Open@16$Close
                                                            • String ID: @Mqt$Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$c:\agent\_work\66\s\src\burn\engine\search.cpp
                                                            • API String ID: 2348241696-865356559
                                                            • Opcode ID: f1eb68fce4a0f55a87b8c66f621880f0f8ebff5c77038dbcf1538f8ec543a0e4
                                                            • Instruction ID: 2db3ed586e9de3e385f8d0f5c55c3328f5be6318aae7af03963f513a57e8dcb3
                                                            • Opcode Fuzzy Hash: f1eb68fce4a0f55a87b8c66f621880f0f8ebff5c77038dbcf1538f8ec543a0e4
                                                            • Instruction Fuzzy Hash: 7DA1C472E0112DABCF259AE8DC45FAE7AB9FF08718F108129F901F6291D671DD0097E2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C57A7 Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 477stringCOMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 871 8c57a7-8c57ee EnterCriticalSection lstrlenW call 8c1fe0 874 8c59d8-8c59e6 call 8ef75a 871->874 875 8c57f4-8c5801 call 8ffb09 871->875 880 8c59ec-8c5a09 call 8c8356 874->880 881 8c5806-8c5818 call 8ef75a 874->881 882 8c5c7b-8c5c89 LeaveCriticalSection 875->882 893 8c5a0f-8c5a13 call 8fedc0 880->893 894 8c5852 880->894 881->880 899 8c581e-8c582a 881->899 885 8c5c8b-8c5c8f 882->885 886 8c5cc2-8c5cc7 882->886 891 8c5cbc-8c5cbd call 8c3aa4 885->891 892 8c5c91 885->892 888 8c5ccf-8c5cd3 886->888 889 8c5cc9-8c5cca call 8fed9f 886->889 897 8c5cd5-8c5cd9 888->897 898 8c5cf3-8c5d06 call 8c287d * 3 888->898 889->888 891->886 900 8c5c93-8c5c97 892->900 913 8c5a18-8c5a1f 893->913 909 8c5857 894->909 903 8c5cdb-8c5cde call 8c2762 897->903 904 8c5ce3-8c5ce7 897->904 919 8c5d0b-8c5d11 898->919 905 8c582c-8c584c call 8c8356 899->905 906 8c5864-8c5866 899->906 907 8c5ca9-8c5cac call 8c287d 900->907 908 8c5c99-8c5c9d 900->908 903->904 918 8c5ce9-8c5cf1 call 8c2762 904->918 904->919 905->894 938 8c59d2-8c59d5 905->938 911 8c588e-8c58af call 8c8399 906->911 912 8c5868-8c5889 call 8c8356 906->912 917 8c5cb1-8c5cb4 907->917 916 8c5c9f-8c5ca7 call 8c2762 908->916 908->917 920 8c5858-8c585f call 8ffb09 909->920 945 8c58b5-8c58c7 911->945 946 8c5ac0-8c5ac5 911->946 912->894 943 8c588b 912->943 925 8c5aca-8c5ad8 call 8fedd0 913->925 926 8c5a25-8c5a44 call 8c38ba 913->926 916->917 917->900 922 8c5cb6-8c5cb9 917->922 918->919 941 8c5c78 920->941 922->891 951 8c5ada 925->951 952 8c5b12-8c5b19 925->952 948 8c5a65-8c5a66 926->948 938->874 941->882 943->911 949 8c58de-8c58ea call 8c39df 945->949 950 8c58c9-8c58d1 call 8c3b7c 945->950 946->909 948->920 967 8c5a9f-8c5abe call 8c38ba 949->967 968 8c58f0-8c58f4 949->968 970 8c5a46-8c5a60 call 8c38ba 950->970 971 8c58d7-8c58dc 950->971 956 8c5adc-8c5ade 951->956 957 8c5ae0-8c5ae3 951->957 953 8c5b3f-8c5b5a call 8fede0 952->953 954 8c5b1b-8c5b24 952->954 979 8c5b5c-8c5b5e 953->979 980 8c5bd0-8c5bd4 953->980 961 8c5b39-8c5b3d 954->961 962 8c5b26-8c5b35 call 8fedd0 954->962 959 8c5ae9-8c5aee 956->959 957->959 965 8c5af8-8c5b0d call 8c38ba 959->965 966 8c5af0-8c5af5 959->966 961->953 961->954 989 8c5b66 962->989 990 8c5b37 962->990 965->909 966->965 967->948 973 8c591c-8c5920 968->973 974 8c58f6-8c58fd 968->974 970->948 971->968 986 8c593e-8c5948 973->986 987 8c5922-8c5938 call 8c7f3b 973->987 974->973 984 8c58ff-8c591a call 8c8399 974->984 979->980 981 8c5b60 979->981 982 8c5c6c-8c5c71 980->982 983 8c5bda-8c5bf3 call 8c8337 980->983 992 8c5b9e-8c5ba1 981->992 993 8c5b62-8c5b64 981->993 982->941 997 8c5c73-8c5c76 982->997 1010 8c5bff-8c5c16 call 8fede0 983->1010 1011 8c5bf5-8c5bfa 983->1011 1014 8c5989-8c598b 984->1014 1000 8c595a-8c5971 call 8c7337 986->1000 1001 8c594a-8c5958 call 8c229e 986->1001 987->986 1015 8c5a6b-8c5a7c call 8ffb09 987->1015 995 8c5b6c-8c5b6f 989->995 996 8c5b68-8c5b6a 989->996 990->961 1002 8c5ba7-8c5bac 992->1002 993->1002 1004 8c5b75-8c5b7a 995->1004 996->1004 997->941 1019 8c5986 1000->1019 1020 8c5973-8c597c call 8c23f3 1000->1020 1027 8c5981-8c5983 1001->1027 1016 8c5bae-8c5bb3 1002->1016 1017 8c5bb6-8c5bcb call 8c38ba 1002->1017 1012 8c5b7c-8c5b81 1004->1012 1013 8c5b84-8c5b99 call 8c38ba 1004->1013 1034 8c5c4c-8c5c60 call 8c8399 1010->1034 1035 8c5c18 1010->1035 1011->909 1012->1013 1013->909 1022 8c5a95 1014->1022 1023 8c5991-8c59af call 8c8378 1014->1023 1015->941 1016->1017 1017->909 1019->1014 1020->1027 1022->967 1040 8c5a8b 1023->1040 1041 8c59b5-8c59cc call 8c8356 1023->1041 1027->1019 1034->982 1046 8c5c62-8c5c67 1034->1046 1038 8c5c28 1035->1038 1039 8c5c1a-8c5c26 1035->1039 1044 8c5c2a-8c5c2f 1038->1044 1045 8c5c32-8c5c47 call 8c38ba 1038->1045 1039->1038 1040->1022 1041->938 1049 8c5a81 1041->1049 1044->1045 1045->909 1046->909 1049->1040
                                                            C-Code - Quality: 64%
                                                            			E008C57A7(struct _CRITICAL_SECTION* _a4, signed int _a8, signed short _a12, signed short _a16, signed short _a20) {
				signed short _v8;
				char _v12;
				char _v16;
				signed short _v20;
				signed short _v24;
				signed int _v28;
				signed short _v32;
				signed short _v36;
				signed short _v40;
				signed short _t138;
				signed short _t143;
				signed short _t144;
				signed short _t155;
				signed int _t157;
				signed int _t163;
				intOrPtr* _t168;
				signed short _t169;
				signed int _t176;
				signed short _t177;
				signed int _t188;
				signed short _t196;
				signed int _t212;
				signed short _t213;
				void* _t218;
				signed short _t223;
				signed short _t224;
				WCHAR* _t232;
				signed int _t233;
				signed short _t234;
				signed int _t235;
				signed short _t236;
				signed int _t238;
				signed short _t239;
				void* _t240;
				signed int _t243;
				signed int _t244;
				signed short _t245;
				void* _t250;

				_t212 = 0;
				_v16 = 0;
				_v12 = 0;
				_v24 = 0;
				_v8 = 0;
				_v20 = 0;
				_v36 = 0;
				_v32 = 0;
				EnterCriticalSection(_a4);
				_t232 = _a8;
				_t243 = E008C1FE0( &_v16, lstrlenW(_t232) + 1);
				_a8 = _t243;
				if(_t243 >= 0) {
					while(1) {
						_push(0x5b);
						_t213 = E008EF75A(_t216);
						_t218 = _t232;
						__eflags = _t213;
						if(_t213 == 0) {
							break;
						}
						_t12 = _t213 + 2; // 0x2
						_push(0x5d);
						_t138 = E008EF75A(_t218);
						_v40 = _t138;
						__eflags = _t138;
						if(_t138 == 0) {
							break;
						}
						_t216 = (_t138 - _t213 >> 1) - 1;
						__eflags = _t216;
						_v20 = _t216;
						if(_t216 != 0) {
							__eflags = _t213 - _t232;
							if(_t213 <= _t232) {
								L12:
								_t26 = _t213 + 2; // 0x2
								__eflags = _a20;
								_v28 = 0 | _a20 == 0x00000000;
								_t244 = E008C8399(_a20 == 0,  &_v12, _t26, _t216);
								_a8 = _t244;
								__eflags = _t244;
								if(_t244 < 0) {
									_push("Failed to get variable name.");
									L7:
									_push(_t244);
									L8:
									E008FFB09();
									L83:
									_t212 = _v8;
									goto L84;
								}
								_t176 = _v8;
								_push(1);
								_t216 = 4 + _t176 * 4;
								_t177 = _v24;
								_push(4 + _t176 * 4);
								__eflags = _t177;
								if(_t177 == 0) {
									_t239 = E008C39DF();
									_v24 = _t239;
									__eflags = _t239;
									if(_t239 == 0) {
										_t238 = 0x8007000e;
										_t244 = 0x8007000e;
										_a8 = 0x8007000e;
										E008C38BA(_t178, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4bc, 0x8007000e);
										_push("Failed to allocate variable array.");
										L37:
										_push(_t238);
										goto L8;
									}
									L17:
									__eflags = _v20 - 2;
									if(_v20 < 2) {
										L20:
										__eflags = _a20;
										if(_a20 == 0) {
											L22:
											__eflags = _v36;
											_t212 = _v8;
											_t240 = _t239 + _t212 * 4;
											if(_v36 == 0) {
												_t244 = E008C7337(_t216, _a4, _v12, _t240);
												_a8 = _t244;
												__eflags = _t244 - 0x80070490;
												if(_t244 != 0x80070490) {
													L27:
													_t241 = _v28;
													L28:
													__eflags = _t244;
													if(_t244 < 0) {
														_push("Failed to set variable value.");
														goto L2;
													}
													_t212 = _t212 + 1;
													_v8 = _t212;
													_t244 = E008C8378(_t241,  &_v12, L"[%d]", _t212);
													_t250 = _t250 + 0x10;
													_a8 = _t244;
													__eflags = _t244;
													if(_t244 < 0) {
														_push("Failed to format placeholder string.");
														goto L2;
													}
													_t244 = E008C8356(_t241,  &_v16, _v12, 0);
													_a8 = _t244;
													__eflags = _t244;
													if(_t244 < 0) {
														_push("Failed to append placeholder.");
														goto L2;
													}
													L31:
													_t232 = _v40 + 2;
													__eflags = _t232;
													continue;
												}
												__eflags = 0;
												_t188 = E008C23F3(_t240, 0x90a534, 0);
												L26:
												_t244 = _t188;
												_a8 = _t244;
												goto L27;
											}
											_t188 = E008C229E(_t240, L"*****", 0);
											goto L26;
										}
										_t244 = E008C7F3B(_t216, _a4, _v12,  &_v36);
										_a8 = _t244;
										__eflags = _t244;
										if(_t244 < 0) {
											E008FFB09(_t244, "Failed to determine variable visibility: \'%ls\'.", _v12);
											goto L83;
										}
										goto L22;
									}
									_t216 = 0x5c;
									__eflags = _t216 -  *((intOrPtr*)(_t213 + 2));
									if(_t216 !=  *((intOrPtr*)(_t213 + 2))) {
										goto L20;
									}
									_t41 = _t213 + 4; // 0x4
									_t212 = _v8;
									_t241 = _v28;
									_t244 = E008C8399(_v28, _t239 + _t212 * 4, _t41, 1);
									_a8 = _t244;
									goto L28;
								}
								_push(_t177);
								_t196 = E008C3B7C();
								__eflags = _t196;
								if(_t196 == 0) {
									_t238 = 0x8007000e;
									_t244 = 0x8007000e;
									_a8 = 0x8007000e;
									E008C38BA(_t196, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4b6, 0x8007000e);
									_push("Failed to reallocate variable array.");
									goto L37;
								}
								_t239 = _t196;
								_v24 = _t239;
								goto L17;
							}
							__eflags = _a20;
							_t244 = E008C8356(0 | _a20 == 0x00000000,  &_v16, _t232, _t213 - _t232 >> 1);
							_a8 = _t244;
							__eflags = _t244;
							if(_t244 < 0) {
								L6:
								_push("Failed to append string.");
								goto L7;
							} else {
								_t216 = _v20;
								goto L12;
							}
						}
						__eflags = _a20;
						_t244 = E008C8356(0 | _a20 == 0x00000000,  &_v16, _t232, (_t138 - _t232 >> 1) + 1);
						_a8 = _t244;
						__eflags = _t244;
						if(_t244 >= 0) {
							goto L31;
						}
						goto L6;
					}
					__eflags = _a20;
					_t215 = 0 | _a20 == 0x00000000;
					_t244 = E008C8356(_a20 == 0,  &_v16, _t232, 0);
					_a8 = _t244;
					__eflags = _t244;
					if(_t244 < 0) {
						goto L6;
					}
					_t155 = _v8;
					_push(_t155); // executed
					L008FEDC0(); // executed
					_t234 = _t155;
					_v32 = _t234;
					__eflags = _t234;
					if(_t234 != 0) {
						_push(_v16);
						_push(0);
						_push(_t234);
						L008FEDD0();
						__eflags = 0;
						if(0 == 0) {
							_t223 = 0;
							_t235 = 0;
							__eflags = _v8;
							if(_v8 <= 0) {
								L56:
								_t236 = _v32;
								_t157 =  &_v20;
								_push(_t157);
								_push(0x90a534);
								_push(_t236);
								_push(_t223);
								_v20 = _t223;
								L008FEDE0();
								__eflags = _t157 - 0xea;
								if(_t157 == 0xea) {
									L70:
									__eflags = _a12;
									if(_a12 == 0) {
										L81:
										_t224 = _a16;
										__eflags = _t224;
										if(_t224 != 0) {
											 *_t224 = _v20;
										}
										goto L83;
									}
									_v20 = _v20 + 1;
									_t244 = E008C8337(_t215,  &_v12, _v20 + 1);
									_a8 = _t244;
									__eflags = _t244;
									if(_t244 >= 0) {
										_t163 =  &_v20;
										_push(_t163);
										_push(_v12);
										_push(_t236);
										_push(0);
										L008FEDE0();
										_t244 = _t163;
										_a8 = _t244;
										__eflags = _t244;
										if(__eflags == 0) {
											_t244 = E008C8399(_t215, _a12, _v12, 0);
											_a8 = _t244;
											__eflags = _t244;
											if(_t244 >= 0) {
												goto L81;
											}
											_push("Failed to copy string.");
											goto L7;
										}
										if(__eflags > 0) {
											_t244 = _t244 & 0x0000ffff | 0x80070000;
											_a8 = _t244;
											__eflags = _t244;
										}
										if(__eflags >= 0) {
											_t244 = 0x80004005;
											_a8 = 0x80004005;
										}
										E008C38BA(_t163, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x50e, _t244);
										_push("Failed to format record.");
										goto L7;
									}
									_push("Failed to allocate string.");
									goto L7;
								}
								__eflags = _t157;
								if(__eflags == 0) {
									goto L70;
								}
								if(__eflags > 0) {
									_t244 = _t157 & 0x0000ffff | 0x80070000;
									__eflags = _t244;
								} else {
									_t244 = _t157;
								}
								_a8 = _t244;
								__eflags = _t244;
								if(_t244 >= 0) {
									_t244 = 0x80004005;
									_a8 = 0x80004005;
								}
								E008C38BA(_t157, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x504, _t244);
								_push("Failed to get formatted length.");
								goto L7;
							} else {
								goto L52;
							}
							do {
								L52:
								_t168 =  *((intOrPtr*)(_v24 + _t235 * 4));
								__eflags =  *_t168 - _t223;
								if( *_t168 == _t223) {
									goto L55;
								}
								_push(_t168);
								_t86 = _t235 + 1; // 0x1
								_t169 = _t86;
								_push(_t169);
								_push(_v32);
								L008FEDD0();
								__eflags = _t169;
								if(__eflags != 0) {
									if(__eflags > 0) {
										_t244 = _t169 & 0x0000ffff | 0x80070000;
										__eflags = _t244;
									} else {
										_t244 = _t169;
									}
									_a8 = _t244;
									__eflags = _t244;
									if(_t244 >= 0) {
										_t244 = 0x80004005;
										_a8 = 0x80004005;
									}
									E008C38BA(_t169, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4f8, _t244);
									_push("Failed to set record string.");
									goto L7;
								}
								_t223 = 0;
								__eflags = 0;
								L55:
								_t235 = _t235 + 1;
								__eflags = _t235 - _v8;
							} while (_t235 < _v8);
							goto L56;
						}
						if(0 > 0) {
							_t244 = 0xffffffff80070000;
							__eflags = 0x80070000;
						} else {
							_t244 = 0;
						}
						_a8 = _t244;
						__eflags = _t244;
						if(_t244 >= 0) {
							_t244 = 0x80004005;
							_a8 = 0x80004005;
						}
						E008C38BA(0, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4f0, _t244);
						_push("Failed to set record format string.");
						goto L7;
					}
					_t238 = 0x8007000e;
					_t244 = 0x8007000e;
					_a8 = 0x8007000e;
					E008C38BA(_t155, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x4ec, 0x8007000e);
					_push("Failed to allocate record.");
					goto L37;
				} else {
					_push("Failed to allocate buffer for format string.");
					L2:
					_push(_t244);
					E008FFB09();
					L84:
					LeaveCriticalSection(_a4);
					_t143 = _v24;
					if(_t143 == 0) {
						L94:
						_t144 = _v32;
						if(_t144 != 0) {
							_push(_t144); // executed
							L008FED9F(); // executed
						}
						if(_a20 == 0) {
							__eflags = 0;
							E008C287D(0);
							E008C287D(_v16);
							E008C287D(_v12);
						} else {
							if(_v16 != 0) {
								E008C2762(_v16);
							}
							if(_v12 != 0) {
								E008C2762(_v12);
							}
						}
						return _t244;
					}
					_t233 = 0;
					if(_t212 == 0) {
						L93:
						E008C3AA4(_t143);
						goto L94;
					}
					_t245 = _t143;
					do {
						if(_a20 == 0) {
							E008C287D( *((intOrPtr*)(_t245 + _t233 * 4)));
						} else {
							if( *((intOrPtr*)(_t245 + _t233 * 4)) != 0) {
								E008C2762( *((intOrPtr*)(_t245 + _t233 * 4)));
							}
						}
						_t233 = _t233 + 1;
					} while (_t233 < _t212);
					_t244 = _a8;
					_t143 = _v24;
					goto L93;
				}
			}









































                                                            0x008c57b5
                                                            0x008c57b7
                                                            0x008c57ba
                                                            0x008c57bd
                                                            0x008c57c0
                                                            0x008c57c3
                                                            0x008c57c6
                                                            0x008c57c9
                                                            0x008c57cc
                                                            0x008c57d2
                                                            0x008c57e7
                                                            0x008c57e9
                                                            0x008c57ee
                                                            0x008c59d8
                                                            0x008c59d8
                                                            0x008c59e0
                                                            0x008c59e3
                                                            0x008c59e4
                                                            0x008c59e6
                                                            0x00000000
                                                            0x00000000
                                                            0x008c5806
                                                            0x008c5809
                                                            0x008c580c
                                                            0x008c5811
                                                            0x008c5816
                                                            0x008c5818
                                                            0x00000000
                                                            0x00000000
                                                            0x008c5824
                                                            0x008c5824
                                                            0x008c5827
                                                            0x008c582a
                                                            0x008c5864
                                                            0x008c5866
                                                            0x008c588e
                                                            0x008c5891
                                                            0x008c5894
                                                            0x008c58a0
                                                            0x008c58a8
                                                            0x008c58aa
                                                            0x008c58ad
                                                            0x008c58af
                                                            0x008c5ac0
                                                            0x008c5857
                                                            0x008c5857
                                                            0x008c5858
                                                            0x008c5858
                                                            0x008c5c78
                                                            0x008c5c78
                                                            0x00000000
                                                            0x008c5c78
                                                            0x008c58b5
                                                            0x008c58b8
                                                            0x008c58ba
                                                            0x008c58c1
                                                            0x008c58c4
                                                            0x008c58c5
                                                            0x008c58c7
                                                            0x008c58e3
                                                            0x008c58e5
                                                            0x008c58e8
                                                            0x008c58ea
                                                            0x008c5a9f
                                                            0x008c5aaa
                                                            0x008c5ab1
                                                            0x008c5ab4
                                                            0x008c5ab9
                                                            0x008c5a65
                                                            0x008c5a65
                                                            0x00000000
                                                            0x008c5a65
                                                            0x008c58f0
                                                            0x008c58f0
                                                            0x008c58f4
                                                            0x008c591c
                                                            0x008c591c
                                                            0x008c5920
                                                            0x008c593e
                                                            0x008c593e
                                                            0x008c5942
                                                            0x008c5945
                                                            0x008c5948
                                                            0x008c5966
                                                            0x008c5968
                                                            0x008c596b
                                                            0x008c5971
                                                            0x008c5986
                                                            0x008c5986
                                                            0x008c5989
                                                            0x008c5989
                                                            0x008c598b
                                                            0x008c5a95
                                                            0x00000000
                                                            0x008c5a95
                                                            0x008c5991
                                                            0x008c599d
                                                            0x008c59a5
                                                            0x008c59a7
                                                            0x008c59aa
                                                            0x008c59ad
                                                            0x008c59af
                                                            0x008c5a8b
                                                            0x00000000
                                                            0x008c5a8b
                                                            0x008c59c5
                                                            0x008c59c7
                                                            0x008c59ca
                                                            0x008c59cc
                                                            0x008c5a81
                                                            0x00000000
                                                            0x008c5a81
                                                            0x008c59d2
                                                            0x008c59d5
                                                            0x008c59d5
                                                            0x00000000
                                                            0x008c59d5
                                                            0x008c5973
                                                            0x008c597c
                                                            0x008c5981
                                                            0x008c5981
                                                            0x008c5983
                                                            0x00000000
                                                            0x008c5983
                                                            0x008c5953
                                                            0x00000000
                                                            0x008c5953
                                                            0x008c5931
                                                            0x008c5933
                                                            0x008c5936
                                                            0x008c5938
                                                            0x008c5a74
                                                            0x00000000
                                                            0x008c5a79
                                                            0x00000000
                                                            0x008c5938
                                                            0x008c58f8
                                                            0x008c58f9
                                                            0x008c58fd
                                                            0x00000000
                                                            0x00000000
                                                            0x008c58ff
                                                            0x008c5902
                                                            0x008c590b
                                                            0x008c5915
                                                            0x008c5917
                                                            0x00000000
                                                            0x008c5917
                                                            0x008c58c9
                                                            0x008c58ca
                                                            0x008c58cf
                                                            0x008c58d1
                                                            0x008c5a46
                                                            0x008c5a51
                                                            0x008c5a58
                                                            0x008c5a5b
                                                            0x008c5a60
                                                            0x00000000
                                                            0x008c5a60
                                                            0x008c58d7
                                                            0x008c58d9
                                                            0x00000000
                                                            0x008c58d9
                                                            0x008c5876
                                                            0x008c5882
                                                            0x008c5884
                                                            0x008c5887
                                                            0x008c5889
                                                            0x008c5852
                                                            0x008c5852
                                                            0x00000000
                                                            0x008c588b
                                                            0x008c588b
                                                            0x00000000
                                                            0x008c588b
                                                            0x008c5889
                                                            0x008c5839
                                                            0x008c5845
                                                            0x008c5847
                                                            0x008c584a
                                                            0x008c584c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c584c
                                                            0x008c59ee
                                                            0x008c59f1
                                                            0x008c5a02
                                                            0x008c5a04
                                                            0x008c5a07
                                                            0x008c5a09
                                                            0x00000000
                                                            0x00000000
                                                            0x008c5a0f
                                                            0x008c5a12
                                                            0x008c5a13
                                                            0x008c5a18
                                                            0x008c5a1a
                                                            0x008c5a1d
                                                            0x008c5a1f
                                                            0x008c5aca
                                                            0x008c5acf
                                                            0x008c5ad0
                                                            0x008c5ad1
                                                            0x008c5ad6
                                                            0x008c5ad8
                                                            0x008c5b12
                                                            0x008c5b14
                                                            0x008c5b16
                                                            0x008c5b19
                                                            0x008c5b3f
                                                            0x008c5b3f
                                                            0x008c5b42
                                                            0x008c5b45
                                                            0x008c5b46
                                                            0x008c5b4b
                                                            0x008c5b4c
                                                            0x008c5b4d
                                                            0x008c5b50
                                                            0x008c5b55
                                                            0x008c5b5a
                                                            0x008c5bd0
                                                            0x008c5bd0
                                                            0x008c5bd4
                                                            0x008c5c6c
                                                            0x008c5c6c
                                                            0x008c5c6f
                                                            0x008c5c71
                                                            0x008c5c76
                                                            0x008c5c76
                                                            0x00000000
                                                            0x008c5c71
                                                            0x008c5bdf
                                                            0x008c5bec
                                                            0x008c5bee
                                                            0x008c5bf1
                                                            0x008c5bf3
                                                            0x008c5bff
                                                            0x008c5c02
                                                            0x008c5c03
                                                            0x008c5c06
                                                            0x008c5c09
                                                            0x008c5c0a
                                                            0x008c5c0f
                                                            0x008c5c11
                                                            0x008c5c14
                                                            0x008c5c16
                                                            0x008c5c59
                                                            0x008c5c5b
                                                            0x008c5c5e
                                                            0x008c5c60
                                                            0x00000000
                                                            0x00000000
                                                            0x008c5c62
                                                            0x00000000
                                                            0x008c5c62
                                                            0x008c5c18
                                                            0x008c5c1d
                                                            0x008c5c23
                                                            0x008c5c26
                                                            0x008c5c26
                                                            0x008c5c28
                                                            0x008c5c2a
                                                            0x008c5c2f
                                                            0x008c5c2f
                                                            0x008c5c3d
                                                            0x008c5c42
                                                            0x00000000
                                                            0x008c5c42
                                                            0x008c5bf5
                                                            0x00000000
                                                            0x008c5bf5
                                                            0x008c5b5c
                                                            0x008c5b5e
                                                            0x00000000
                                                            0x00000000
                                                            0x008c5b60
                                                            0x008c5ba1
                                                            0x008c5ba1
                                                            0x008c5b62
                                                            0x008c5b62
                                                            0x008c5b62
                                                            0x008c5ba7
                                                            0x008c5baa
                                                            0x008c5bac
                                                            0x008c5bae
                                                            0x008c5bb3
                                                            0x008c5bb3
                                                            0x008c5bc1
                                                            0x008c5bc6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c5b1b
                                                            0x008c5b1b
                                                            0x008c5b1e
                                                            0x008c5b21
                                                            0x008c5b24
                                                            0x00000000
                                                            0x00000000
                                                            0x008c5b26
                                                            0x008c5b27
                                                            0x008c5b27
                                                            0x008c5b2a
                                                            0x008c5b2b
                                                            0x008c5b2e
                                                            0x008c5b33
                                                            0x008c5b35
                                                            0x008c5b66
                                                            0x008c5b6f
                                                            0x008c5b6f
                                                            0x008c5b68
                                                            0x008c5b68
                                                            0x008c5b68
                                                            0x008c5b75
                                                            0x008c5b78
                                                            0x008c5b7a
                                                            0x008c5b7c
                                                            0x008c5b81
                                                            0x008c5b81
                                                            0x008c5b8f
                                                            0x008c5b94
                                                            0x00000000
                                                            0x008c5b94
                                                            0x008c5b37
                                                            0x008c5b37
                                                            0x008c5b39
                                                            0x008c5b39
                                                            0x008c5b3a
                                                            0x008c5b3a
                                                            0x00000000
                                                            0x008c5b1b
                                                            0x008c5ada
                                                            0x008c5ae3
                                                            0x008c5ae3
                                                            0x008c5adc
                                                            0x008c5adc
                                                            0x008c5adc
                                                            0x008c5ae9
                                                            0x008c5aec
                                                            0x008c5aee
                                                            0x008c5af0
                                                            0x008c5af5
                                                            0x008c5af5
                                                            0x008c5b03
                                                            0x008c5b08
                                                            0x00000000
                                                            0x008c5b08
                                                            0x008c5a25
                                                            0x008c5a30
                                                            0x008c5a37
                                                            0x008c5a3a
                                                            0x008c5a3f
                                                            0x00000000
                                                            0x008c57f4
                                                            0x008c57f4
                                                            0x008c57f9
                                                            0x008c57f9
                                                            0x008c57fa
                                                            0x008c5c7b
                                                            0x008c5c7e
                                                            0x008c5c84
                                                            0x008c5c89
                                                            0x008c5cc2
                                                            0x008c5cc2
                                                            0x008c5cc7
                                                            0x008c5cc9
                                                            0x008c5cca
                                                            0x008c5cca
                                                            0x008c5cd3
                                                            0x008c5cf3
                                                            0x008c5cf6
                                                            0x008c5cfe
                                                            0x008c5d06
                                                            0x008c5cd5
                                                            0x008c5cd9
                                                            0x008c5cde
                                                            0x008c5cde
                                                            0x008c5ce7
                                                            0x008c5cec
                                                            0x008c5cec
                                                            0x008c5ce7
                                                            0x008c5d11
                                                            0x008c5d11
                                                            0x008c5c8b
                                                            0x008c5c8f
                                                            0x008c5cbc
                                                            0x008c5cbd
                                                            0x00000000
                                                            0x008c5cbd
                                                            0x008c5c91
                                                            0x008c5c93
                                                            0x008c5c97
                                                            0x008c5cac
                                                            0x008c5c99
                                                            0x008c5c9d
                                                            0x008c5ca2
                                                            0x008c5ca2
                                                            0x008c5c9d
                                                            0x008c5cb1
                                                            0x008c5cb2
                                                            0x008c5cb6
                                                            0x008c5cb9
                                                            0x00000000
                                                            0x008c5cb9

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(00000100,00000100,00000100,00000000,00000100,00000000,?,008CA889,00000100,000002C0,000002C0,00000100), ref: 008C57CC
                                                            • lstrlenW.KERNEL32(000002C0,?,008CA889,00000100,000002C0,000002C0,00000100), ref: 008C57D6
                                                            • _wcschr.LIBVCRUNTIME ref: 008C59DB
                                                            • LeaveCriticalSection.KERNEL32(00000100,00000000,000002C0,000002C0,00000000,000002C0,00000001,?,008CA889,00000100,000002C0,000002C0,00000100), ref: 008C5C7E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                            • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$c:\agent\_work\66\s\src\burn\engine\variable.cpp
                                                            • API String ID: 1026845265-1173883696
                                                            • Opcode ID: 86ac4e53099aacff43d495fc939d442a2c224a1293addcf3ce33e3a8a50d0666
                                                            • Instruction ID: b718c223339ef1083f37e786de055b6d0a837bbe4659ff9333629968f2d92f28
                                                            • Opcode Fuzzy Hash: 86ac4e53099aacff43d495fc939d442a2c224a1293addcf3ce33e3a8a50d0666
                                                            • Instruction Fuzzy Hash: C1F1937190062AEEDF109F658C41FAF7B74FB44B64F15812DB915EB280D734EE818BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D741D Relevance: 37.0, APIs: 1, Strings: 20, Instructions: 290COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1051 8d741d-8d7462 call 8ef600 call 8c762d 1056 8d746e-8d747f call 8cc3ca 1051->1056 1057 8d7464-8d7469 1051->1057 1063 8d748b-8d749c call 8cc231 1056->1063 1064 8d7481-8d7486 1056->1064 1058 8d7707-8d770e call 8ffb09 1057->1058 1065 8d770f-8d7714 1058->1065 1073 8d749e-8d74a3 1063->1073 1074 8d74a8-8d74bd call 8cc489 1063->1074 1064->1058 1067 8d771c-8d7720 1065->1067 1068 8d7716-8d7717 call 8c2762 1065->1068 1071 8d772a-8d772f 1067->1071 1072 8d7722-8d7725 call 8c2762 1067->1072 1068->1067 1076 8d7737-8d7744 call 8cc180 1071->1076 1077 8d7731-8d7732 call 8c2762 1071->1077 1072->1071 1073->1058 1083 8d74bf-8d74c4 1074->1083 1084 8d74c9-8d74d9 call 8ebcf0 1074->1084 1085 8d774e-8d7752 1076->1085 1086 8d7746-8d7749 call 8c2762 1076->1086 1077->1076 1083->1058 1092 8d74db-8d74e0 1084->1092 1093 8d74e5-8d7558 call 8d5bae 1084->1093 1090 8d775c-8d7760 1085->1090 1091 8d7754-8d7757 call 8c2762 1085->1091 1086->1085 1095 8d776a-8d7770 1090->1095 1096 8d7762-8d7765 call 8c3aa4 1090->1096 1091->1090 1092->1058 1100 8d755a-8d755f 1093->1100 1101 8d7564-8d7569 1093->1101 1096->1095 1100->1058 1102 8d756b 1101->1102 1103 8d7570-8d75a7 call 8c563d GetCurrentProcess call 900141 call 8c8274 1101->1103 1102->1103 1110 8d75a9 1103->1110 1111 8d75c1-8d75d8 call 8c8274 1103->1111 1112 8d75ae-8d75bc call 8ffb09 1110->1112 1117 8d75da-8d75df 1111->1117 1118 8d75e1-8d75e6 1111->1118 1112->1065 1117->1112 1119 8d75e8-8d75fa call 8c821a 1118->1119 1120 8d7642-8d7647 1118->1120 1131 8d75fc-8d7601 1119->1131 1132 8d7606-8d7616 call 8c3533 1119->1132 1121 8d7649-8d765b call 8c821a 1120->1121 1122 8d7667-8d7670 1120->1122 1121->1122 1135 8d765d-8d7662 1121->1135 1125 8d767c-8d7690 call 8da3f3 1122->1125 1126 8d7672-8d7675 1122->1126 1138 8d7699 1125->1138 1139 8d7692-8d7697 1125->1139 1126->1125 1130 8d7677-8d767a 1126->1130 1130->1125 1136 8d769f-8d76a2 1130->1136 1131->1058 1142 8d7618-8d761d 1132->1142 1143 8d7622-8d7636 call 8c821a 1132->1143 1135->1058 1140 8d76a9-8d76bf call 8cd552 1136->1140 1141 8d76a4-8d76a7 1136->1141 1138->1136 1139->1058 1148 8d76c8-8d76d7 call 8ccb82 1140->1148 1149 8d76c1-8d76c6 1140->1149 1141->1065 1141->1140 1142->1058 1143->1120 1150 8d7638-8d763d 1143->1150 1152 8d76dc-8d76e0 1148->1152 1149->1058 1150->1058 1153 8d76e9-8d7700 call 8cc8a5 1152->1153 1154 8d76e2-8d76e7 1152->1154 1153->1065 1157 8d7702 1153->1157 1154->1058 1157->1058
                                                            C-Code - Quality: 77%
                                                            			E008D741D(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v124;
				void* __ebx;
				void* __edi;
				void* _t70;
				intOrPtr _t73;
				intOrPtr _t76;
				intOrPtr _t81;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr* _t108;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t113;
				void* _t141;
				void* _t142;
				intOrPtr _t143;
				intOrPtr _t150;
				intOrPtr _t153;

				_t141 = __edx;
				_v16 = 0;
				_v28 = 0;
				_v20 = 0;
				_v32 = 0;
				E008EF600(_t142,  &_v124, 0, 0x58);
				_t143 = _a4;
				_v36 = 0;
				_v8 = 0;
				_v12 = 0;
				_v24 = 0;
				_t11 = _t143 + 0x88; // 0x8c5482
				_t136 = _t11;
				_t70 = E008C762D(_t11); // executed
				if(_t70 >= 0) {
					_t13 = _t143 + 0x48; // 0x8c5442
					_t73 = E008CC3CA(_t13,  &_v124); // executed
					__eflags = _t73;
					if(_t73 >= 0) {
						_t76 = E008CC231( &_v124,  &_v28);
						__eflags = _t76;
						if(_t76 >= 0) {
							__eflags = E008CC489( &_v124,  &_v20,  &_v32);
							if(__eflags >= 0) {
								_t81 = E008EBCF0(__eflags, _v20, _v32, _t143); // executed
								__eflags = _t81;
								if(_t81 >= 0) {
									_t22 = _t143 + 0x1c0; // 0x8c55ba
									_t23 = _t143 + 0x4d8; // 0x8c58d2
									_t24 = _t143 + 0x140; // 0x8c553a
									_t25 = _t143 + 0x400; // 0x8c57fa
									_t26 = _t143 + 0x3fc; // 0x8c57f6
									_t27 = _t143 + 0x4d4; // 0x8c58ce
									_t30 = _t143 + 0x3ec; // 0x8c57e6
									_t31 = _t143 + 0x494; // 0x8c588e
									_t32 = _t143 + 0x490; // 0x8c588a
									_t137 = _t32;
									_t33 = _t143 + 0x4b8; // 0x8c58b2
									_t34 = _t143 + 0x4a0; // 0x8c589a
									_t35 = _t143 + 0x1c; // 0x8c5416
									_t36 = _t143 + 0x4e0; // 0x12ebec7d
									_t37 = _t143 + 0x4dc; // 0x89f88b00
									_t96 = E008D5BAE( *_t37,  *_t36, _t35, _t34, _t33, _t136, _t32, _t31, _t30,  &_v8,  &_v24, _t27, _t26, _t25, _t24, _t23, _t22,  &_v16);
									__eflags = _t96;
									if(_t96 >= 0) {
										_t97 = _v16;
										__eflags = _t97;
										if(_t97 == 0) {
											_t97 = 0x90a534;
										}
										E008C563D(2, 0x20000009, _t97);
										E00900141(GetCurrentProcess(),  &_v36); // executed
										asm("cdq");
										_t150 = E008C8274(_t136, L"WixBundleElevated", _v36, _t141, 1);
										__eflags = _t150;
										if(_t150 >= 0) {
											_t41 = _t143 + 0x20; // 0x840f01e8
											asm("cdq");
											_t150 = E008C8274(_t136, L"WixBundleUILevel",  *_t41, _t141, 1);
											__eflags = _t150;
											if(_t150 >= 0) {
												_t106 = _v8;
												__eflags = _t106;
												if(_t106 == 0) {
													L26:
													_t107 = _v24;
													__eflags = _t107;
													if(_t107 == 0) {
														L29:
														_t47 = _t143 + 0x490; // 0x8c588a
														_t108 = _t47;
														__eflags =  *_t108;
														if( *_t108 == 0) {
															L32:
															_t49 = _t143 + 0x100; // 0x8c54fa
															_t110 = E008DA3F3(_t136, _t49, _t136, _v8);
															__eflags = _t110;
															if(_t110 >= 0) {
																_t50 = _t143 + 0x490; // 0x8c588a
																_t108 = _t50;
																goto L35;
															} else {
																_push("Failed to initialize internal cache functionality.");
																goto L43;
															}
														} else {
															__eflags =  *_t108 - 1;
															if( *_t108 == 1) {
																goto L32;
															} else {
																__eflags =  *_t108 - 3;
																if( *_t108 != 3) {
																	L35:
																	__eflags =  *_t108 - 1;
																	if(__eflags == 0) {
																		L37:
																		_t51 = _t143 + 0xcc; // 0x8c54c6
																		_t136 = _t51;
																		_t52 = _t143 + 0x110; // 0xfff9e89d, executed
																		_t111 = E008CD552(_t137, _t141, _t143, __eflags,  *_t52, _t51); // executed
																		__eflags = _t111;
																		if(_t111 >= 0) {
																			_t54 = _t143 + 0xbc; // 0x8c54b6
																			_t113 = E008CCB82(_t54, 0,  &_v124,  *_t136); // executed
																			_t153 = _t113;
																			__eflags = _t153;
																			if(_t153 >= 0) {
																				_t55 = _t143 + 0xbc; // 0x8c54b6
																				_t56 = _t143 + 0x2b0; // 0x8c56aa
																				_t153 = E008CC8A5(_t141, _t56, _t55);
																				__eflags = _t153;
																				if(_t153 < 0) {
																					_push("Failed to load catalog files.");
																					goto L43;
																				}
																			} else {
																				_push("Failed to extract bootstrapper application payloads.");
																				goto L43;
																			}
																		} else {
																			_push("Failed to get unique temporary folder for bootstrapper application.");
																			goto L43;
																		}
																	} else {
																		__eflags =  *_t108 - 3;
																		if(__eflags == 0) {
																			goto L37;
																		}
																	}
																} else {
																	goto L32;
																}
															}
														}
													} else {
														_t153 = E008C821A(_t136, L"WixBundleOriginalSource", _t107, 0);
														__eflags = _t153;
														if(_t153 >= 0) {
															goto L29;
														} else {
															_push("Failed to set original source variable.");
															goto L43;
														}
													}
												} else {
													_t153 = E008C821A(_t136, L"WixBundleSourceProcessPath", _t106, 1);
													__eflags = _t153;
													if(_t153 >= 0) {
														_t153 = E008C3533(_t137, _v8,  &_v12);
														__eflags = _t153;
														if(_t153 >= 0) {
															_t153 = E008C821A(_t136, L"WixBundleSourceProcessFolder", _v12, 1);
															__eflags = _t153;
															if(_t153 >= 0) {
																goto L26;
															} else {
																_push("Failed to set source process folder variable.");
																goto L43;
															}
														} else {
															_push("Failed to get source process folder from path.");
															goto L43;
														}
													} else {
														_push("Failed to set source process path variable.");
														goto L43;
													}
												}
											} else {
												_push(L"WixBundleUILevel");
												goto L16;
											}
										} else {
											_push(L"WixBundleElevated");
											L16:
											_push("Failed to overwrite the %ls built-in variable.");
											_push(_t150);
											E008FFB09();
										}
									} else {
										_push("Failed to parse command line.");
										goto L43;
									}
								} else {
									_push("Failed to load manifest.");
									goto L43;
								}
							} else {
								_push("Failed to get manifest stream from container.");
								goto L43;
							}
						} else {
							_push("Failed to open manifest stream.");
							goto L43;
						}
					} else {
						_push("Failed to open attached UX container.");
						goto L43;
					}
				} else {
					_push("Failed to initialize variables.");
					L43:
					_push(_t153);
					E008FFB09();
				}
				_t117 = _v24;
				if(_v24 != 0) {
					E008C2762(_t117);
				}
				if(_v12 != 0) {
					E008C2762(_v12);
				}
				_t118 = _v8;
				if(_v8 != 0) {
					E008C2762(_t118);
				}
				E008CC180(_t136,  &_v124);
				if(_v28 != 0) {
					E008C2762(_v28);
				}
				if(_v16 != 0) {
					E008C2762(_v16);
				}
				if(_v20 != 0) {
					E008C3AA4(_v20); // executed
				}
				return _t153;
			}































                                                            0x008d741d
                                                            0x008d742f
                                                            0x008d7432
                                                            0x008d7435
                                                            0x008d7438
                                                            0x008d743b
                                                            0x008d7440
                                                            0x008d7446
                                                            0x008d7449
                                                            0x008d744c
                                                            0x008d744f
                                                            0x008d7452
                                                            0x008d7452
                                                            0x008d7459
                                                            0x008d7462
                                                            0x008d7472
                                                            0x008d7476
                                                            0x008d747d
                                                            0x008d747f
                                                            0x008d7493
                                                            0x008d749a
                                                            0x008d749c
                                                            0x008d74bb
                                                            0x008d74bd
                                                            0x008d74d0
                                                            0x008d74d7
                                                            0x008d74d9
                                                            0x008d74e9
                                                            0x008d74f0
                                                            0x008d74f7
                                                            0x008d74fe
                                                            0x008d7505
                                                            0x008d750c
                                                            0x008d751b
                                                            0x008d7522
                                                            0x008d7529
                                                            0x008d7529
                                                            0x008d7531
                                                            0x008d7538
                                                            0x008d753f
                                                            0x008d7543
                                                            0x008d7549
                                                            0x008d754f
                                                            0x008d7556
                                                            0x008d7558
                                                            0x008d7564
                                                            0x008d7567
                                                            0x008d7569
                                                            0x008d756b
                                                            0x008d756b
                                                            0x008d7578
                                                            0x008d758b
                                                            0x008d7595
                                                            0x008d75a3
                                                            0x008d75a5
                                                            0x008d75a7
                                                            0x008d75c1
                                                            0x008d75c6
                                                            0x008d75d4
                                                            0x008d75d6
                                                            0x008d75d8
                                                            0x008d75e1
                                                            0x008d75e4
                                                            0x008d75e6
                                                            0x008d7642
                                                            0x008d7642
                                                            0x008d7645
                                                            0x008d7647
                                                            0x008d7667
                                                            0x008d7667
                                                            0x008d7667
                                                            0x008d766d
                                                            0x008d7670
                                                            0x008d767c
                                                            0x008d767f
                                                            0x008d7687
                                                            0x008d768e
                                                            0x008d7690
                                                            0x008d7699
                                                            0x008d7699
                                                            0x00000000
                                                            0x008d7692
                                                            0x008d7692
                                                            0x00000000
                                                            0x008d7692
                                                            0x008d7672
                                                            0x008d7672
                                                            0x008d7675
                                                            0x00000000
                                                            0x008d7677
                                                            0x008d7677
                                                            0x008d767a
                                                            0x008d769f
                                                            0x008d769f
                                                            0x008d76a2
                                                            0x008d76a9
                                                            0x008d76a9
                                                            0x008d76a9
                                                            0x008d76b0
                                                            0x008d76b6
                                                            0x008d76bd
                                                            0x008d76bf
                                                            0x008d76ce
                                                            0x008d76d7
                                                            0x008d76dc
                                                            0x008d76de
                                                            0x008d76e0
                                                            0x008d76e9
                                                            0x008d76f0
                                                            0x008d76fc
                                                            0x008d76fe
                                                            0x008d7700
                                                            0x008d7702
                                                            0x00000000
                                                            0x008d7702
                                                            0x008d76e2
                                                            0x008d76e2
                                                            0x00000000
                                                            0x008d76e2
                                                            0x008d76c1
                                                            0x008d76c1
                                                            0x00000000
                                                            0x008d76c1
                                                            0x008d76a4
                                                            0x008d76a4
                                                            0x008d76a7
                                                            0x00000000
                                                            0x00000000
                                                            0x008d76a7
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008d767a
                                                            0x008d7675
                                                            0x008d7649
                                                            0x008d7657
                                                            0x008d7659
                                                            0x008d765b
                                                            0x00000000
                                                            0x008d765d
                                                            0x008d765d
                                                            0x00000000
                                                            0x008d765d
                                                            0x008d765b
                                                            0x008d75e8
                                                            0x008d75f6
                                                            0x008d75f8
                                                            0x008d75fa
                                                            0x008d7612
                                                            0x008d7614
                                                            0x008d7616
                                                            0x008d7632
                                                            0x008d7634
                                                            0x008d7636
                                                            0x00000000
                                                            0x008d7638
                                                            0x008d7638
                                                            0x00000000
                                                            0x008d7638
                                                            0x008d7618
                                                            0x008d7618
                                                            0x00000000
                                                            0x008d7618
                                                            0x008d75fc
                                                            0x008d75fc
                                                            0x00000000
                                                            0x008d75fc
                                                            0x008d75fa
                                                            0x008d75da
                                                            0x008d75da
                                                            0x00000000
                                                            0x008d75da
                                                            0x008d75a9
                                                            0x008d75a9
                                                            0x008d75ae
                                                            0x008d75ae
                                                            0x008d75b3
                                                            0x008d75b4
                                                            0x008d75b9
                                                            0x008d755a
                                                            0x008d755a
                                                            0x00000000
                                                            0x008d755a
                                                            0x008d74db
                                                            0x008d74db
                                                            0x00000000
                                                            0x008d74db
                                                            0x008d74bf
                                                            0x008d74bf
                                                            0x00000000
                                                            0x008d74bf
                                                            0x008d749e
                                                            0x008d749e
                                                            0x00000000
                                                            0x008d749e
                                                            0x008d7481
                                                            0x008d7481
                                                            0x00000000
                                                            0x008d7481
                                                            0x008d7464
                                                            0x008d7464
                                                            0x008d7707
                                                            0x008d7707
                                                            0x008d7708
                                                            0x008d770e
                                                            0x008d770f
                                                            0x008d7714
                                                            0x008d7717
                                                            0x008d7717
                                                            0x008d7720
                                                            0x008d7725
                                                            0x008d7725
                                                            0x008d772a
                                                            0x008d772f
                                                            0x008d7732
                                                            0x008d7732
                                                            0x008d773b
                                                            0x008d7744
                                                            0x008d7749
                                                            0x008d7749
                                                            0x008d7752
                                                            0x008d7757
                                                            0x008d7757
                                                            0x008d7760
                                                            0x008d7765
                                                            0x008d7765
                                                            0x008d7770

                                                            Strings
                                                            • Failed to load catalog files., xrefs: 008D7702
                                                            • Failed to initialize variables., xrefs: 008D7464
                                                            • Failed to open attached UX container., xrefs: 008D7481
                                                            • WixBundleElevated, xrefs: 008D7598, 008D75A9
                                                            • Failed to parse command line., xrefs: 008D755A
                                                            • Failed to set original source variable., xrefs: 008D765D
                                                            • WixBundleOriginalSource, xrefs: 008D764C
                                                            • Failed to load manifest., xrefs: 008D74DB
                                                            • Failed to initialize internal cache functionality., xrefs: 008D7692
                                                            • Failed to open manifest stream., xrefs: 008D749E
                                                            • Failed to set source process folder variable., xrefs: 008D7638
                                                            • WixBundleUILevel, xrefs: 008D75C9, 008D75DA
                                                            • Failed to get unique temporary folder for bootstrapper application., xrefs: 008D76C1
                                                            • Failed to set source process path variable., xrefs: 008D75FC
                                                            • Failed to overwrite the %ls built-in variable., xrefs: 008D75AE
                                                            • Failed to extract bootstrapper application payloads., xrefs: 008D76E2
                                                            • WixBundleSourceProcessFolder, xrefs: 008D7627
                                                            • Failed to get source process folder from path., xrefs: 008D7618
                                                            • WixBundleSourceProcessPath, xrefs: 008D75EB
                                                            • Failed to get manifest stream from container., xrefs: 008D74BF
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalInitializeSection
                                                            • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleUILevel
                                                            • API String ID: 32694325-1564579409
                                                            • Opcode ID: 0fc772abf54380410b60053edbccffa0351070c729a4a467dea0870cc5de52e3
                                                            • Instruction ID: a2908e5825a14514207011b47ed974463f0713d813ea14b8dd3608d5e973b550
                                                            • Opcode Fuzzy Hash: 0fc772abf54380410b60053edbccffa0351070c729a4a467dea0870cc5de52e3
                                                            • Instruction Fuzzy Hash: FBA14172A44A1ABADB129AA4CC81FEEB77CFB14714F104727F505E7281E770EA4487D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C762D Relevance: 34.9, APIs: 1, Strings: 22, Instructions: 419COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1263 8c762d-8c7ee0 InitializeCriticalSection 1264 8c7ee3-8c7f07 call 8c565e 1263->1264 1267 8c7f09-8c7f10 1264->1267 1268 8c7f14-8c7f25 call 8ffb09 1264->1268 1267->1264 1269 8c7f12 1267->1269 1271 8c7f28-8c7f38 call 8edd1f 1268->1271 1269->1271
                                                            C-Code - Quality: 82%
                                                            			E008C762D(struct _CRITICAL_SECTION* _a4) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				intOrPtr _v84;
				char* _v88;
				intOrPtr _v92;
				char _v96;
				char _v100;
				intOrPtr _v104;
				char* _v108;
				intOrPtr _v112;
				char _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				char* _v128;
				intOrPtr _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char* _v148;
				intOrPtr _v152;
				char _v156;
				char _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				char _v176;
				char _v180;
				intOrPtr _v184;
				char* _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				char _v200;
				intOrPtr _v204;
				char* _v208;
				intOrPtr _v212;
				char _v216;
				char _v220;
				intOrPtr _v224;
				char* _v228;
				intOrPtr _v232;
				char _v236;
				char _v240;
				intOrPtr _v244;
				char* _v248;
				intOrPtr _v252;
				char _v256;
				char _v260;
				intOrPtr _v264;
				char* _v268;
				void* _v280;
				char* _v284;
				char* _v288;
				char _v292;
				char _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				char* _v308;
				char _v312;
				char _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				char* _v328;
				char _v332;
				char _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				char* _v348;
				void* _v360;
				intOrPtr _v364;
				char* _v368;
				void* _v380;
				intOrPtr _v384;
				char* _v388;
				void* _v400;
				intOrPtr _v404;
				char* _v408;
				char _v412;
				char _v416;
				intOrPtr _v420;
				char* _v424;
				char* _v428;
				char _v432;
				char _v436;
				intOrPtr _v440;
				intOrPtr _v444;
				char* _v448;
				void* _v460;
				char* _v464;
				char* _v468;
				void* _v480;
				intOrPtr _v484;
				char* _v488;
				char _v492;
				char _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				char* _v508;
				void* _v520;
				intOrPtr _v524;
				char* _v528;
				char _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				char* _v548;
				char _v552;
				char _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				char* _v568;
				char _v572;
				char _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char* _v588;
				char _v592;
				char _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				char* _v608;
				void* _v620;
				intOrPtr _v624;
				char* _v628;
				char _v632;
				char _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				char* _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				char* _v668;
				char _v672;
				char _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				char* _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				char* _v708;
				char _v712;
				char _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				char* _v728;
				void* _v740;
				intOrPtr _v744;
				char* _v748;
				char _v752;
				char _v756;
				intOrPtr _v760;
				intOrPtr _v764;
				char* _v768;
				char _v772;
				char _v776;
				intOrPtr _v780;
				intOrPtr _v784;
				char* _v788;
				char _v792;
				char _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				char* _v808;
				char _v812;
				char _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				char* _v828;
				char _v832;
				char _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				char* _v848;
				char _v852;
				char _v856;
				intOrPtr _v860;
				intOrPtr _v864;
				char* _v868;
				char _v872;
				char _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				char* _v888;
				char _v892;
				char _v896;
				intOrPtr _v900;
				intOrPtr _v904;
				char* _v908;
				char _v912;
				char _v916;
				intOrPtr _v920;
				intOrPtr _v924;
				char* _v928;
				char _v932;
				char _v936;
				intOrPtr _v940;
				intOrPtr _v944;
				char* _v948;
				void* _v960;
				char* _v964;
				char* _v968;
				char _v972;
				char _v976;
				intOrPtr _v980;
				intOrPtr _v984;
				char* _v988;
				void* _v1000;
				intOrPtr _v1004;
				char* _v1008;
				void* _v1020;
				intOrPtr _v1024;
				char* _v1028;
				char _v1032;
				char _v1036;
				intOrPtr _v1040;
				intOrPtr _v1044;
				char* _v1048;
				char _v1052;
				char _v1056;
				intOrPtr _v1060;
				intOrPtr _v1064;
				char* _v1068;
				void* _v1080;
				intOrPtr _v1084;
				char* _v1088;
				void* _v1100;
				intOrPtr _v1104;
				char* _v1108;
				void* _v1120;
				intOrPtr _v1124;
				char* _v1128;
				char _v1132;
				char _v1136;
				intOrPtr _v1140;
				intOrPtr _v1144;
				char* _v1148;
				char _v1152;
				char _v1156;
				intOrPtr _v1160;
				intOrPtr _v1164;
				char* _v1168;
				char _v1172;
				char _v1176;
				intOrPtr _v1180;
				intOrPtr _v1184;
				char* _v1188;
				char _v1192;
				char _v1196;
				intOrPtr _v1200;
				intOrPtr _v1204;
				char* _v1208;
				char _v1212;
				char _v1216;
				intOrPtr _v1220;
				intOrPtr _v1224;
				char* _v1228;
				char _v1232;
				char _v1236;
				intOrPtr _v1240;
				intOrPtr _v1244;
				char* _v1248;
				char _v1252;
				char _v1256;
				intOrPtr _v1260;
				intOrPtr _v1264;
				char* _v1268;
				struct _CRITICAL_SECTION* _v1272;
				intOrPtr _v1276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t298;
				struct _CRITICAL_SECTION* _t300;
				intOrPtr _t301;
				void* _t322;
				char _t326;
				intOrPtr _t328;
				intOrPtr _t329;
				char* _t330;
				char* _t336;
				intOrPtr _t337;
				char* _t359;
				intOrPtr* _t362;
				signed int _t363;

				_t298 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t298 ^ _t363;
				_t300 = _a4;
				_v1272 = _t300;
				InitializeCriticalSection(_t300);
				_t326 = 0;
				_v1268 = L"AdminToolsFolder";
				_v1260 = 0x30;
				_v1264 = 0x8c5ff8;
				_v1244 = 0x8c5ff8;
				_v1224 = 0x8c5ff8;
				_t336 =  &M008C62CC;
				_v1184 = 0x8c5ff8;
				_v1256 = 0;
				_v1252 = 0;
				_v1248 = L"AppDataFolder";
				_v1240 = 0x1a;
				_v1236 = 0;
				_v1232 = 0;
				_v1228 = L"CommonAppDataFolder";
				_v1220 = 0x23;
				_v1216 = 0;
				_v1212 = 0;
				_v1208 = L"CommonFiles64Folder";
				_v1204 = 0x8c6540;
				_t301 = 0x2b;
				_v1200 = _t301;
				_v1180 = _t301;
				_v1160 = _t301;
				_v1196 = 0;
				_v1192 = 0;
				_v1188 = L"CommonFilesFolder";
				_v1176 = 0;
				_v1172 = 0;
				_v1168 = L"CommonFiles6432Folder";
				_v1164 = 0x8c5ec2;
				_v1156 = 0;
				_v1152 = 0;
				_v1148 = L"CompatibilityMode";
				_v1144 = _t336;
				_v1140 = 0xc;
				_v1136 = 0;
				_v1132 = 0;
				_v1128 = L"Date";
				_v1124 = 0x8c605f;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v1108 = L"ComputerName";
				_v1104 = 0x8c5f5a;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v1084 = 0x8c5ff8;
				_v1088 = L"DesktopFolder";
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v1064 = 0x8c5ff8;
				_t328 = 6;
				_v1068 = L"FavoritesFolder";
				_v1060 = 0x8c5ff8;
				_v1056 = 0;
				_v1052 = 0;
				_v1048 = L"FontsFolder";
				_v1044 = 0x8c5ff8;
				_v1040 = 0x14;
				_v1036 = 0;
				_v1032 = 0;
				_v1028 = L"InstallerName";
				_v1024 = 0x8c617a;
				asm("stosd");
				_push(5);
				asm("stosd");
				asm("stosd");
				_v1008 = L"InstallerVersion";
				_v1004 = 0x8c61a7;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v988 = L"LocalAppDataFolder";
				_v984 = 0x8c5ff8;
				_v980 = 0x1c;
				_v976 = 0;
				_v972 = 0;
				_v968 = L"LogonUser";
				_v964 =  &M008C6203;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v880 = _t328;
				_t329 = 9;
				_v924 = _t336;
				_v904 = _t336;
				_v884 = _t336;
				_v864 = _t336;
				_v844 = _t336;
				_v824 = _t336;
				_v804 = _t336;
				_v784 = _t336;
				_t337 = 0xb;
				_v948 = L"MyPicturesFolder";
				_v944 = 0x8c5ff8;
				_v940 = 0x27;
				_v936 = 0;
				_v932 = 0;
				_v928 = L"NTProductType";
				_v920 = 4;
				_v916 = 0;
				_v912 = 0;
				_v908 = L"NTSuiteBackOffice";
				_v900 = 0;
				_v896 = 0;
				_v892 = 0;
				_v888 = L"NTSuiteDataCenter";
				_v876 = 0;
				_v872 = 0;
				_v868 = L"NTSuiteEnterprise";
				_v860 = 7;
				_v856 = 0;
				_v852 = 0;
				_v848 = L"NTSuitePersonal";
				_v840 = 8;
				_v836 = 0;
				_v832 = 0;
				_v828 = L"NTSuiteSmallBusiness";
				_v820 = 0x8c5ff8;
				_v816 = 0;
				_v812 = 0;
				_v808 = L"NTSuiteSmallBusinessRestricted";
				_v800 = 0xa;
				_v796 = 0;
				_v792 = 0;
				_v788 = L"NTSuiteWebServer";
				_v780 = _t337;
				_v776 = 0;
				_v772 = 0;
				_v768 = L"PersonalFolder";
				_v764 = 0x8c5ff8;
				_v760 = 0;
				_v756 = 0;
				_v752 = 0;
				_v748 = L"Privileged";
				_v744 = 0x8c6490;
				asm("stosd");
				_push(0x26);
				asm("stosd");
				asm("stosd");
				_v700 = 0;
				_v680 = 0;
				_v660 = 0;
				_v684 = 0x8c5ff8;
				_v644 = 0x8c5ff8;
				_v664 = 0x8c5ec2;
				_t359 =  &M008C695F;
				_v728 = L"ProcessorArchitecture";
				_v724 = 0x8c675f;
				_v720 = 0xe;
				_v716 = 0;
				_v712 = 0;
				_v708 = L"ProgramFiles64Folder";
				_v704 = 0x8c6540;
				_v696 = 0;
				_v692 = 0;
				_v688 = L"ProgramFilesFolder";
				_v676 = 0;
				_v672 = 0;
				_v668 = L"ProgramFiles6432Folder";
				_v656 = 0;
				_v652 = 0;
				_v648 = L"ProgramMenuFolder";
				_v640 = 2;
				_v636 = 0;
				_v632 = 0;
				_v628 = L"RebootPending";
				_v624 = 0x8c64d7;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v600 = _t329;
				_v604 = 0x8c5ff8;
				_t330 =  &M008C65DC;
				_v564 = 0x8c5ff8;
				_v544 = 0x8c5ff8;
				_v524 = _t330;
				_v608 = L"SendToFolder";
				_v596 = 0;
				_v592 = 0;
				_v588 = L"ServicePackLevel";
				_v584 = _t359;
				_v580 = 3;
				_v576 = 0;
				_v572 = 0;
				_v568 = L"StartMenuFolder";
				_v560 = _t337;
				_v556 = 0;
				_v552 = 0;
				_v548 = L"StartupFolder";
				_v540 = 7;
				_v536 = 0;
				_v532 = 0;
				_v528 = L"SystemFolder";
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v504 = _t330;
				_v508 = L"System64Folder";
				_v500 = 1;
				_v496 = 0;
				_v492 = 0;
				_v488 = L"SystemLanguageID";
				_v484 = 0x8c5e2c;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v468 = L"TempFolder";
				_v464 =  &M008C67C2;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v444 = 0x8c5ff8;
				_v448 = L"TemplateFolder";
				_v440 = 0x15;
				_v436 = 0;
				_v432 = 0;
				_v428 = L"TerminalServer";
				_v424 =  &M008C62CC;
				_v420 = 0xd;
				_v416 = 0;
				_v412 = 0;
				_v408 = L"UserUILanguageID";
				_v404 = 0x8c5e90;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v388 = L"UserLanguageID";
				_v384 = 0x8c5e5e;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v368 = L"VersionMsi";
				_v364 = 0x8c6898;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v344 = _t359;
				_v324 = _t359;
				_v340 = 1;
				_v304 = 0x8c5ff8;
				_v348 = L"VersionNT";
				_v336 = 0;
				_v332 = 0;
				_v328 = L"VersionNT64";
				_v320 = 2;
				_v316 = 0;
				_v312 = 0;
				_v308 = L"WindowsFolder";
				_v300 = 0x24;
				_v296 = 0;
				_v292 = 0;
				_v288 = L"WindowsVolume";
				_v284 =  &M008C6B30;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v268 = L"WixBundleAction";
				_v264 = 0x8c62a1;
				_v260 = 0;
				_v256 = 0;
				_v252 = 1;
				_v248 = L"WixBundleExecutePackageCacheFolder";
				_v244 = 0x8c65b1;
				_v240 = 0;
				_v236 = 0;
				_v232 = 1;
				_v212 = 1;
				_v196 = 1;
				_v192 = 1;
				_v172 = 1;
				_v152 = 1;
				_v132 = 1;
				_v112 = 1;
				_v92 = 1;
				_v72 = 1;
				_v52 = 1;
				_v32 = 1;
				_v12 = 1;
				_t362 =  &_v1256;
				_v228 = L"WixBundleExecutePackageAction";
				_v224 = 0x8c65b1;
				_v220 = 0;
				_v216 = 0;
				_v208 = L"WixBundleForcedRestartPackage";
				_v204 = 0x8c65b1;
				_v200 = 0;
				_v188 = L"WixBundleInstalled";
				_v184 = 0x8c62a1;
				_v180 = 0;
				_v176 = 0;
				_v168 = L"WixBundleElevated";
				_v164 = 0x8c62a1;
				_v160 = 0;
				_v156 = 0;
				_v148 = L"WixBundleActiveParent";
				_v144 = 0x8c65b1;
				_v140 = 0;
				_v136 = 0;
				_v128 = L"WixBundleProviderKey";
				_v124 = 0x8c65b1;
				_v120 = 0x90a534;
				_v116 = 0;
				_v108 = L"WixBundleSourceProcessPath";
				_v104 = 0x8c65b1;
				_v100 = 0;
				_v96 = 0;
				_v88 = L"WixBundleSourceProcessFolder";
				_v84 = 0x8c65b1;
				_v80 = 0;
				_v76 = 0;
				_v68 = L"WixBundleTag";
				_v64 = 0x8c65b1;
				_v60 = 0x90a534;
				_v56 = 0;
				_v48 = L"WixBundleUILevel";
				_v44 = 0x8c62a1;
				_v40 = 0;
				_v36 = 0;
				_v28 = L"WixBundleVersion";
				_v24 = 0x8c686d;
				_v20 = 0;
				_v16 = 0;
				while(1) {
					_v1276 =  *((intOrPtr*)(_t362 - 0xc));
					_t322 = E008C565E(0x8c65b1, _v1272,  *((intOrPtr*)(_t362 - 0xc)),  *((intOrPtr*)(_t362 - 8)),  *((intOrPtr*)(_t362 - 4)),  *_t362,  *((intOrPtr*)(_t362 + 4))); // executed
					_t357 = _t322;
					if(_t322 < 0) {
						break;
					}
					_t326 = _t326 + 1;
					_t362 = _t362 + 0x14;
					if(_t326 < 0x3f) {
						continue;
					} else {
					}
					L5:
					return E008EDD1F(_t326, _v8 ^ _t363, 0x8c62a1, _t357, _t362);
				}
				E008FFB09(_t357, "Failed to add built-in variable: %ls.", _v1276);
				goto L5;
			}



















































































































































































































































































































                                                            0x008c7636
                                                            0x008c763d
                                                            0x008c7640
                                                            0x008c7647
                                                            0x008c764d
                                                            0x008c7653
                                                            0x008c7655
                                                            0x008c7664
                                                            0x008c766e
                                                            0x008c767a
                                                            0x008c7685
                                                            0x008c768b
                                                            0x008c7690
                                                            0x008c7696
                                                            0x008c769c
                                                            0x008c76a2
                                                            0x008c76ac
                                                            0x008c76b6
                                                            0x008c76bc
                                                            0x008c76c2
                                                            0x008c76cc
                                                            0x008c76d6
                                                            0x008c76dc
                                                            0x008c76e2
                                                            0x008c76ec
                                                            0x008c76f8
                                                            0x008c76f9
                                                            0x008c76ff
                                                            0x008c7705
                                                            0x008c770d
                                                            0x008c7713
                                                            0x008c7719
                                                            0x008c7723
                                                            0x008c7729
                                                            0x008c772f
                                                            0x008c7739
                                                            0x008c773f
                                                            0x008c7745
                                                            0x008c774b
                                                            0x008c7755
                                                            0x008c775b
                                                            0x008c7765
                                                            0x008c776b
                                                            0x008c7771
                                                            0x008c777b
                                                            0x008c7785
                                                            0x008c7788
                                                            0x008c7789
                                                            0x008c778c
                                                            0x008c779c
                                                            0x008c77a6
                                                            0x008c77a7
                                                            0x008c77a8
                                                            0x008c77ab
                                                            0x008c77b7
                                                            0x008c77c1
                                                            0x008c77c2
                                                            0x008c77c3
                                                            0x008c77c4
                                                            0x008c77ca
                                                            0x008c77cb
                                                            0x008c77d5
                                                            0x008c77db
                                                            0x008c77e1
                                                            0x008c77e7
                                                            0x008c77f1
                                                            0x008c77fb
                                                            0x008c7805
                                                            0x008c780b
                                                            0x008c7813
                                                            0x008c781d
                                                            0x008c782d
                                                            0x008c782e
                                                            0x008c7830
                                                            0x008c7831
                                                            0x008c7834
                                                            0x008c7844
                                                            0x008c784e
                                                            0x008c784f
                                                            0x008c7850
                                                            0x008c7853
                                                            0x008c7863
                                                            0x008c786d
                                                            0x008c7877
                                                            0x008c787d
                                                            0x008c7883
                                                            0x008c788d
                                                            0x008c7897
                                                            0x008c7898
                                                            0x008c7899
                                                            0x008c789d
                                                            0x008c78a8
                                                            0x008c78ab
                                                            0x008c78b1
                                                            0x008c78b7
                                                            0x008c78bd
                                                            0x008c78c3
                                                            0x008c78c9
                                                            0x008c78cf
                                                            0x008c78d5
                                                            0x008c78db
                                                            0x008c78dc
                                                            0x008c78e6
                                                            0x008c78ec
                                                            0x008c78f6
                                                            0x008c78fc
                                                            0x008c7902
                                                            0x008c790c
                                                            0x008c7916
                                                            0x008c791c
                                                            0x008c7922
                                                            0x008c792c
                                                            0x008c7932
                                                            0x008c7938
                                                            0x008c793e
                                                            0x008c7948
                                                            0x008c794e
                                                            0x008c7954
                                                            0x008c795e
                                                            0x008c7968
                                                            0x008c796e
                                                            0x008c7974
                                                            0x008c797e
                                                            0x008c7988
                                                            0x008c798e
                                                            0x008c7994
                                                            0x008c799e
                                                            0x008c79a4
                                                            0x008c79aa
                                                            0x008c79b0
                                                            0x008c79ba
                                                            0x008c79c4
                                                            0x008c79ca
                                                            0x008c79d0
                                                            0x008c79da
                                                            0x008c79e0
                                                            0x008c79e6
                                                            0x008c79ec
                                                            0x008c79f6
                                                            0x008c79fc
                                                            0x008c7a04
                                                            0x008c7a0a
                                                            0x008c7a16
                                                            0x008c7a20
                                                            0x008c7a2a
                                                            0x008c7a2b
                                                            0x008c7a2d
                                                            0x008c7a2e
                                                            0x008c7a30
                                                            0x008c7a3b
                                                            0x008c7a41
                                                            0x008c7a49
                                                            0x008c7a4f
                                                            0x008c7a5b
                                                            0x008c7a61
                                                            0x008c7a66
                                                            0x008c7a70
                                                            0x008c7a7a
                                                            0x008c7a84
                                                            0x008c7a8a
                                                            0x008c7a90
                                                            0x008c7a9a
                                                            0x008c7aa4
                                                            0x008c7aaa
                                                            0x008c7ab0
                                                            0x008c7aba
                                                            0x008c7ac0
                                                            0x008c7ac6
                                                            0x008c7ad0
                                                            0x008c7ad6
                                                            0x008c7adc
                                                            0x008c7ae6
                                                            0x008c7af0
                                                            0x008c7af6
                                                            0x008c7afc
                                                            0x008c7b06
                                                            0x008c7b10
                                                            0x008c7b11
                                                            0x008c7b12
                                                            0x008c7b18
                                                            0x008c7b24
                                                            0x008c7b2a
                                                            0x008c7b2f
                                                            0x008c7b35
                                                            0x008c7b3d
                                                            0x008c7b43
                                                            0x008c7b4d
                                                            0x008c7b53
                                                            0x008c7b59
                                                            0x008c7b63
                                                            0x008c7b69
                                                            0x008c7b73
                                                            0x008c7b79
                                                            0x008c7b7f
                                                            0x008c7b89
                                                            0x008c7b8f
                                                            0x008c7b95
                                                            0x008c7b9b
                                                            0x008c7ba5
                                                            0x008c7baf
                                                            0x008c7bb5
                                                            0x008c7bbb
                                                            0x008c7bc5
                                                            0x008c7bc6
                                                            0x008c7bc7
                                                            0x008c7bc8
                                                            0x008c7bd1
                                                            0x008c7bdb
                                                            0x008c7be1
                                                            0x008c7be7
                                                            0x008c7bef
                                                            0x008c7bf9
                                                            0x008c7c09
                                                            0x008c7c0f
                                                            0x008c7c10
                                                            0x008c7c13
                                                            0x008c7c23
                                                            0x008c7c2d
                                                            0x008c7c2e
                                                            0x008c7c2f
                                                            0x008c7c32
                                                            0x008c7c3e
                                                            0x008c7c48
                                                            0x008c7c52
                                                            0x008c7c58
                                                            0x008c7c5e
                                                            0x008c7c68
                                                            0x008c7c72
                                                            0x008c7c7c
                                                            0x008c7c82
                                                            0x008c7c88
                                                            0x008c7c92
                                                            0x008c7c9c
                                                            0x008c7c9d
                                                            0x008c7c9e
                                                            0x008c7ca1
                                                            0x008c7cb1
                                                            0x008c7cbb
                                                            0x008c7cbc
                                                            0x008c7cbd
                                                            0x008c7cc0
                                                            0x008c7cd0
                                                            0x008c7cda
                                                            0x008c7cdb
                                                            0x008c7cdc
                                                            0x008c7cdf
                                                            0x008c7ceb
                                                            0x008c7cf3
                                                            0x008c7cfa
                                                            0x008c7d05
                                                            0x008c7d14
                                                            0x008c7d1a
                                                            0x008c7d20
                                                            0x008c7d2a
                                                            0x008c7d34
                                                            0x008c7d3a
                                                            0x008c7d40
                                                            0x008c7d4a
                                                            0x008c7d54
                                                            0x008c7d5a
                                                            0x008c7d60
                                                            0x008c7d6a
                                                            0x008c7d74
                                                            0x008c7d75
                                                            0x008c7d76
                                                            0x008c7d77
                                                            0x008c7d81
                                                            0x008c7d87
                                                            0x008c7d8d
                                                            0x008c7d93
                                                            0x008c7d99
                                                            0x008c7da3
                                                            0x008c7da9
                                                            0x008c7daf
                                                            0x008c7dba
                                                            0x008c7dc0
                                                            0x008c7dc6
                                                            0x008c7dcc
                                                            0x008c7dd2
                                                            0x008c7dd8
                                                            0x008c7dde
                                                            0x008c7de1
                                                            0x008c7de4
                                                            0x008c7de7
                                                            0x008c7dea
                                                            0x008c7ded
                                                            0x008c7df0
                                                            0x008c7df3
                                                            0x008c7df9
                                                            0x008c7e03
                                                            0x008c7e09
                                                            0x008c7e0f
                                                            0x008c7e15
                                                            0x008c7e1f
                                                            0x008c7e25
                                                            0x008c7e2b
                                                            0x008c7e35
                                                            0x008c7e3b
                                                            0x008c7e41
                                                            0x008c7e47
                                                            0x008c7e51
                                                            0x008c7e57
                                                            0x008c7e5d
                                                            0x008c7e63
                                                            0x008c7e6d
                                                            0x008c7e73
                                                            0x008c7e79
                                                            0x008c7e7f
                                                            0x008c7e86
                                                            0x008c7e89
                                                            0x008c7e8c
                                                            0x008c7e8f
                                                            0x008c7e96
                                                            0x008c7e99
                                                            0x008c7e9c
                                                            0x008c7e9f
                                                            0x008c7ea6
                                                            0x008c7ea9
                                                            0x008c7eac
                                                            0x008c7eaf
                                                            0x008c7eb6
                                                            0x008c7eb9
                                                            0x008c7ebc
                                                            0x008c7ebf
                                                            0x008c7ec6
                                                            0x008c7ec9
                                                            0x008c7ecc
                                                            0x008c7ecf
                                                            0x008c7ed6
                                                            0x008c7edd
                                                            0x008c7ee0
                                                            0x008c7ee3
                                                            0x008c7eeb
                                                            0x008c7efe
                                                            0x008c7f03
                                                            0x008c7f07
                                                            0x00000000
                                                            0x00000000
                                                            0x008c7f09
                                                            0x008c7f0a
                                                            0x008c7f10
                                                            0x00000000
                                                            0x00000000
                                                            0x008c7f12
                                                            0x008c7f28
                                                            0x008c7f38
                                                            0x008c7f38
                                                            0x008c7f20
                                                            0x00000000

                                                            APIs
                                                            • InitializeCriticalSection.KERNEL32(008D745E,008C53FA,00000000,008C5482), ref: 008C764D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalInitializeSection
                                                            • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleUILevel$WixBundleVersion
                                                            • API String ID: 32694325-3635313340
                                                            • Opcode ID: 0be4b1db1377e56c9ab85495625daece651c51a4fe461ee2b116c0ec9ae5d1ec
                                                            • Instruction ID: da3d99b8631f5716ed1aaeb9daaba6410672696498d546f1fbe802c7ed6cd523
                                                            • Opcode Fuzzy Hash: 0be4b1db1377e56c9ab85495625daece651c51a4fe461ee2b116c0ec9ae5d1ec
                                                            • Instruction Fuzzy Hash: D33245B0D157299FDB658F5AC98878DFAF4FB48308F9081EED21CA6251D7B04B888F45
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D819F Relevance: 33.4, APIs: 7, Strings: 12, Instructions: 152COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1275 8d819f-8d81e8 call 8ef600 1278 8d81ee-8d81fc GetCurrentProcess call 900141 1275->1278 1279 8d8361-8d836e call 8c229e 1275->1279 1282 8d8201-8d820e 1278->1282 1286 8d837d-8d838d call 8edd1f 1279->1286 1287 8d8370 1279->1287 1284 8d829c-8d82aa GetTempPathW 1282->1284 1285 8d8214-8d8223 GetWindowsDirectoryW 1282->1285 1291 8d82ac-8d82b6 1284->1291 1292 8d82e4-8d82f6 UuidCreate 1284->1292 1289 8d825d-8d826e call 8c347e 1285->1289 1290 8d8225-8d822f 1285->1290 1293 8d8375-8d837c call 8ffb09 1287->1293 1311 8d827a-8d8290 call 8c379b 1289->1311 1312 8d8270-8d8275 1289->1312 1307 8d823c 1290->1307 1308 8d8231-8d823a 1290->1308 1309 8d82b8-8d82c1 1291->1309 1310 8d82c3 1291->1310 1297 8d82ff-8d8314 StringFromGUID2 1292->1297 1298 8d82f8-8d82fd 1292->1298 1293->1286 1299 8d8316-8d8330 call 8c38ba 1297->1299 1300 8d8332-8d8353 call 8c2022 1297->1300 1298->1293 1299->1293 1321 8d835c 1300->1321 1322 8d8355-8d835a 1300->1322 1316 8d823e 1307->1316 1317 8d8243-8d8258 call 8c38ba 1307->1317 1308->1307 1309->1310 1318 8d82ca-8d82df call 8c38ba 1310->1318 1319 8d82c5 1310->1319 1311->1292 1325 8d8292-8d8297 1311->1325 1312->1293 1316->1317 1317->1293 1318->1293 1319->1318 1321->1279 1322->1293 1325->1293
                                                            C-Code - Quality: 54%
                                                            			E008D819F(void* __edx, intOrPtr _a8) {
				signed int _v8;
				char _v88;
				short _v608;
				char _v624;
				signed int _v628;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				intOrPtr _t23;
				signed short _t32;
				signed int _t33;
				signed short _t35;
				intOrPtr _t49;
				void* _t50;
				void* _t55;
				void* _t56;
				signed short _t58;
				signed int _t62;
				signed short _t70;

				_t55 = __edx;
				_t18 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t18 ^ _t62;
				_v628 = _v628 & 0x00000000;
				_t49 = _a8;
				E008EF600(_t56,  &_v608, 0, 0x208);
				_t57 =  &_v624;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t23 =  *0x92aa70; // 0x802088
				if(_t23 != 0) {
					L25:
					_t58 = E008C229E(_t49, _t23, 0);
					__eflags = _t58;
					if(_t58 < 0) {
						_push("Failed to copy working folder path.");
						goto L27;
					}
				} else {
					E00900141(GetCurrentProcess(),  &_v628); // executed
					if(_v628 == 0) {
						_t32 = GetTempPathW(0x104,  &_v608);
						__eflags = _t32;
						if(_t32 != 0) {
							goto L18;
						} else {
							_t58 = GetLastError();
							__eflags = _t58;
							if(__eflags > 0) {
								_t58 = _t58 & 0x0000ffff | 0x80070000;
								__eflags = _t58;
							}
							if(__eflags >= 0) {
								_t58 = 0x80004005;
							}
							E008C38BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x46b, _t58);
							_push("Failed to get temp path for working folder.");
							goto L27;
						}
					} else {
						_t57 = 0x104;
						if(GetWindowsDirectoryW( &_v608, 0x104) != 0) {
							_t58 = E008C347E(_t50, __eflags,  &_v608, 0x104);
							__eflags = _t58;
							if(_t58 >= 0) {
								_t58 = E008C379B(_t50,  &_v608, 0x104, L"Temp\\");
								__eflags = _t58;
								if(_t58 >= 0) {
									L18:
									_t33 =  &_v624;
									__imp__UuidCreate(_t33);
									_t58 = _t33 | 0x00000001;
									__eflags = _t58;
									if(_t58 >= 0) {
										_t35 =  &_v624;
										__imp__StringFromGUID2(_t35,  &_v88, 0x27);
										__eflags = _t35;
										if(_t35 != 0) {
											_push( &_v88);
											_t58 = E008C2022(0x92aa70, L"%ls%ls\\",  &_v608);
											__eflags = _t58;
											if(_t58 >= 0) {
												_t23 =  *0x92aa70; // 0x802088
												goto L25;
											} else {
												_push("Failed to append bundle id on to temp path for working folder.");
												goto L27;
											}
										} else {
											_t58 = 0x8007000e;
											E008C38BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x475, 0x8007000e);
											_push("Failed to convert working folder guid into string.");
											goto L27;
										}
									} else {
										_push("Failed to create working folder guid.");
										goto L27;
									}
								} else {
									_push("Failed to concat Temp directory on windows path for working folder.");
									goto L27;
								}
							} else {
								_push("Failed to ensure windows path for working folder ended in backslash.");
								goto L27;
							}
						} else {
							_t58 = GetLastError();
							if(_t58 > 0) {
								_t58 = _t58 & 0x0000ffff | 0x80070000;
								_t70 = _t58;
							}
							if(_t70 >= 0) {
								_t58 = 0x80004005;
							}
							E008C38BA(_t47, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x460, _t58);
							_push("Failed to get windows path for working folder.");
							L27:
							_push(_t58);
							E008FFB09();
						}
					}
				}
				return E008EDD1F(_t49, _v8 ^ _t62, _t55, _t57, _t58);
			}























                                                            0x008d819f
                                                            0x008d81a8
                                                            0x008d81af
                                                            0x008d81b2
                                                            0x008d81c0
                                                            0x008d81cd
                                                            0x008d81d4
                                                            0x008d81da
                                                            0x008d81de
                                                            0x008d81df
                                                            0x008d81e0
                                                            0x008d81e1
                                                            0x008d81e8
                                                            0x008d8361
                                                            0x008d836a
                                                            0x008d836c
                                                            0x008d836e
                                                            0x008d8370
                                                            0x00000000
                                                            0x008d8370
                                                            0x008d81ee
                                                            0x008d81fc
                                                            0x008d820e
                                                            0x008d82a2
                                                            0x008d82a8
                                                            0x008d82aa
                                                            0x00000000
                                                            0x008d82ac
                                                            0x008d82b2
                                                            0x008d82b4
                                                            0x008d82b6
                                                            0x008d82bb
                                                            0x008d82c1
                                                            0x008d82c1
                                                            0x008d82c3
                                                            0x008d82c5
                                                            0x008d82c5
                                                            0x008d82d5
                                                            0x008d82da
                                                            0x00000000
                                                            0x008d82da
                                                            0x008d8214
                                                            0x008d8214
                                                            0x008d8223
                                                            0x008d826a
                                                            0x008d826c
                                                            0x008d826e
                                                            0x008d828c
                                                            0x008d828e
                                                            0x008d8290
                                                            0x008d82e4
                                                            0x008d82e4
                                                            0x008d82eb
                                                            0x008d82f3
                                                            0x008d82f3
                                                            0x008d82f6
                                                            0x008d8305
                                                            0x008d830c
                                                            0x008d8312
                                                            0x008d8314
                                                            0x008d8335
                                                            0x008d834c
                                                            0x008d8351
                                                            0x008d8353
                                                            0x008d835c
                                                            0x00000000
                                                            0x008d8355
                                                            0x008d8355
                                                            0x00000000
                                                            0x008d8355
                                                            0x008d8316
                                                            0x008d8316
                                                            0x008d8326
                                                            0x008d832b
                                                            0x00000000
                                                            0x008d832b
                                                            0x008d82f8
                                                            0x008d82f8
                                                            0x00000000
                                                            0x008d82f8
                                                            0x008d8292
                                                            0x008d8292
                                                            0x00000000
                                                            0x008d8292
                                                            0x008d8270
                                                            0x008d8270
                                                            0x00000000
                                                            0x008d8270
                                                            0x008d8225
                                                            0x008d822b
                                                            0x008d822f
                                                            0x008d8234
                                                            0x008d823a
                                                            0x008d823a
                                                            0x008d823c
                                                            0x008d823e
                                                            0x008d823e
                                                            0x008d824e
                                                            0x008d8253
                                                            0x008d8375
                                                            0x008d8375
                                                            0x008d8376
                                                            0x008d837c
                                                            0x008d8223
                                                            0x008d820e
                                                            0x008d838d

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,008C54C6), ref: 008D81F5
                                                              • Part of subcall function 00900141: OpenProcessToken.ADVAPI32(?,00000008,?,008C53FA,00000000,?,?,?,?,?,?,?,008D7590,00000000), ref: 0090015F
                                                              • Part of subcall function 00900141: GetLastError.KERNEL32(?,?,?,?,?,?,?,008D7590,00000000), ref: 00900169
                                                              • Part of subcall function 00900141: FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,008D7590,00000000), ref: 009001F3
                                                            • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 008D821B
                                                            • GetLastError.KERNEL32 ref: 008D8225
                                                            • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 008D82A2
                                                            • GetLastError.KERNEL32 ref: 008D82AC
                                                            • UuidCreate.RPCRT4(?), ref: 008D82EB
                                                            Strings
                                                            • Failed to append bundle id on to temp path for working folder., xrefs: 008D8355
                                                            • Failed to concat Temp directory on windows path for working folder., xrefs: 008D8292
                                                            • Failed to convert working folder guid into string., xrefs: 008D832B
                                                            • Temp\, xrefs: 008D827A
                                                            • Failed to copy working folder path., xrefs: 008D8370
                                                            • Failed to ensure windows path for working folder ended in backslash., xrefs: 008D8270
                                                            • Failed to get windows path for working folder., xrefs: 008D8253
                                                            • Failed to get temp path for working folder., xrefs: 008D82DA
                                                            • %ls%ls\, xrefs: 008D833D
                                                            • @Mqt, xrefs: 008D8225, 008D82AC
                                                            • Failed to create working folder guid., xrefs: 008D82F8
                                                            • c:\agent\_work\66\s\src\burn\engine\cache.cpp, xrefs: 008D8249, 008D82D0, 008D8321
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$Process$ChangeCloseCreateCurrentDirectoryFindNotificationOpenPathTempTokenUuidWindows
                                                            • String ID: %ls%ls\$@Mqt$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$c:\agent\_work\66\s\src\burn\engine\cache.cpp
                                                            • API String ID: 2898636500-4258657029
                                                            • Opcode ID: f4e3955a1657e366b3252391292e6ce8491c3d7762885c29f8cd30460f603831
                                                            • Instruction ID: 0eb501082642decf28d10607d3a0c4382f5ec942b3edbe6d8d677aec088a1475
                                                            • Opcode Fuzzy Hash: f4e3955a1657e366b3252391292e6ce8491c3d7762885c29f8cd30460f603831
                                                            • Instruction Fuzzy Hash: CC41F772F44729FBD72096A48C0AF9F73A8FB40B14F014266BA09F7340EA74DD4586D6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E0EA0 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 216COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1328 8e0ea0-8e0ecc CoInitializeEx 1329 8e0ece-8e0edb call 8ffb09 1328->1329 1330 8e0ee0-8e0f2b call 8fed43 1328->1330 1335 8e1143-8e1153 call 8edd1f 1329->1335 1336 8e0f2d-8e0f50 call 8c38ba call 8ffb09 1330->1336 1337 8e0f55-8e0f77 call 8fed64 1330->1337 1352 8e113c-8e113d CoUninitialize 1336->1352 1344 8e0f7d-8e0f85 1337->1344 1345 8e1031-8e103c SetEvent 1337->1345 1348 8e0f8b-8e0f91 1344->1348 1349 8e1134-8e1137 call 8fed74 1344->1349 1350 8e103e-8e1048 1345->1350 1351 8e107b-8e1089 WaitForSingleObject 1345->1351 1348->1349 1353 8e0f97-8e0f9f 1348->1353 1349->1352 1364 8e104a-8e1053 1350->1364 1365 8e1055 1350->1365 1355 8e10bd-8e10c8 ResetEvent 1351->1355 1356 8e108b-8e1095 1351->1356 1352->1335 1360 8e1019-8e102c call 8ffb09 1353->1360 1361 8e0fa1-8e0fa3 1353->1361 1358 8e10ff-8e1105 1355->1358 1359 8e10ca-8e10d4 1355->1359 1380 8e1097-8e10a0 1356->1380 1381 8e10a2 1356->1381 1362 8e112f 1358->1362 1363 8e1107-8e110a 1358->1363 1386 8e10d6-8e10df 1359->1386 1387 8e10e1 1359->1387 1360->1349 1366 8e0fb6-8e0fb9 1361->1366 1367 8e0fa5 1361->1367 1362->1349 1370 8e110c-8e1126 call 8c38ba 1363->1370 1371 8e112b-8e112d 1363->1371 1364->1365 1372 8e1059-8e1069 call 8c38ba 1365->1372 1373 8e1057 1365->1373 1377 8e0fbb 1366->1377 1378 8e1013 1366->1378 1375 8e0fab-8e0fb4 1367->1375 1376 8e0fa7-8e0fa9 1367->1376 1406 8e106e-8e1076 call 8ffb09 1370->1406 1371->1349 1372->1406 1373->1372 1388 8e1015-8e1017 1375->1388 1376->1388 1389 8e0fde-8e0fe3 1377->1389 1390 8e100f-8e1011 1377->1390 1391 8e0fec-8e0ff1 1377->1391 1392 8e0ffa-8e0fff 1377->1392 1393 8e1008-8e100d 1377->1393 1394 8e0fc9-8e0fce 1377->1394 1395 8e0fd7-8e0fdc 1377->1395 1396 8e0fe5-8e0fea 1377->1396 1397 8e0fc2-8e0fc7 1377->1397 1398 8e0ff3-8e0ff8 1377->1398 1399 8e0fd0-8e0fd5 1377->1399 1400 8e1001-8e1006 1377->1400 1378->1388 1380->1381 1382 8e10a6-8e10bb call 8c38ba 1381->1382 1383 8e10a4 1381->1383 1382->1406 1383->1382 1386->1387 1404 8e10e5-8e10fa call 8c38ba 1387->1404 1405 8e10e3 1387->1405 1388->1345 1388->1360 1389->1360 1390->1360 1391->1360 1392->1360 1393->1360 1394->1360 1395->1360 1396->1360 1397->1360 1398->1360 1399->1360 1400->1360 1404->1406 1405->1404 1406->1349
                                                            C-Code - Quality: 17%
                                                            			E008E0EA0(void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				signed int _t27;
				signed int _t28;
				long _t29;
				signed int _t30;
				signed int _t32;
				signed short _t44;
				intOrPtr _t49;
				signed int _t50;
				signed int _t56;
				signed int _t63;
				signed int _t68;

				_t60 = __edx;
				_t22 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t22 ^ _t68;
				_t49 = _a4;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t62 = 0;
				__imp__CoInitializeEx(0, 0);
				_t63 = 0;
				if(0 >= 0) {
					_t50 =  *0x92aa94; // 0x0
					 *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t50 * 4)) + 4)) = _t49;
					_t27 =  &_v20;
					_push(_t27);
					_push(0xffffffff);
					_push(E008E082C);
					_push(E008E05D3);
					_push(E008E0937);
					_push(E008E0797);
					_push(E008E0671);
					_push(E008E0619);
					_push(E008E05C4); // executed
					L008FED43(); // executed
					_v24 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						_push(0);
						_push(0);
						_push(E008E0626);
						_push(0);
						_push(0x90a5bf);
						_push("<the>.cab");
						_push(_t27); // executed
						L008FED64(); // executed
						_t62 = 0x80004005;
						__eflags = _t27;
						if(_t27 != 0) {
							L29:
							_t28 = SetEvent( *(_t49 + 0x28));
							__eflags = _t28;
							if(_t28 != 0) {
								_t29 = WaitForSingleObject( *(_t49 + 0x24), 0xffffffff);
								__eflags = _t29 - 0xffffffff;
								if(_t29 != 0xffffffff) {
									_t30 = ResetEvent( *(_t49 + 0x24));
									__eflags = _t30;
									if(_t30 != 0) {
										_t32 =  *((intOrPtr*)(_t49 + 0x2c)) - 1;
										__eflags = _t32;
										if(_t32 == 0) {
											_t63 = 0x80070103;
											L53:
											_push(_v24);
											L008FED74(); // executed
											L54:
											__imp__CoUninitialize(); // executed
											L55:
											return E008EDD1F(_t49, _v8 ^ _t68, _t60, _t62, _t63);
										}
										_t35 = _t32 == 4;
										__eflags = _t32 == 4;
										if(_t32 == 4) {
											_t63 = 0;
											goto L53;
										}
										_t63 = 0x8007139f;
										E008C38BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x1c7, 0x8007139f);
										_push("Invalid operation for this state.");
										L35:
										_push(_t63);
										E008FFB09();
										goto L53;
									}
									_t63 = GetLastError();
									__eflags = _t63;
									if(__eflags > 0) {
										_t63 = _t63 & 0x0000ffff | 0x80070000;
										__eflags = _t63;
									}
									if(__eflags >= 0) {
										_t63 = _t62;
									}
									E008C38BA(_t38, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x1b8, _t63);
									_push("Failed to reset begin operation event.");
									goto L35;
								}
								_t63 = GetLastError();
								__eflags = _t63;
								if(__eflags > 0) {
									_t63 = _t63 & 0x0000ffff | 0x80070000;
									__eflags = _t63;
								}
								if(__eflags >= 0) {
									_t63 = _t62;
								}
								E008C38BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x1b3, _t63);
								_push("Failed to wait for begin operation event.");
								goto L35;
							}
							_t63 = GetLastError();
							__eflags = _t63;
							if(__eflags > 0) {
								_t63 = _t63 & 0x0000ffff | 0x80070000;
								__eflags = _t63;
							}
							if(__eflags >= 0) {
								_t63 = _t62;
							}
							E008C38BA(_t42, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x1ad, _t63);
							_push("Failed to set operation complete event.");
							goto L35;
						}
						_t63 =  *(_t49 + 0x30);
						_t10 = _t62 - 1; // 0x80004004
						_t60 = _t10;
						__eflags = _t63 - _t10;
						if(_t63 == _t10) {
							goto L53;
						}
						__eflags = _t63 - 0x80070103;
						if(_t63 == 0x80070103) {
							goto L53;
						}
						_t44 = _v16;
						_t56 = _v20;
						__eflags = _t63;
						if(_t63 < 0) {
							L28:
							_push(_t44);
							_push(_t56);
							E008FFB09(_t63, "Failed to extract all files from container, erf: %d:%X:%d", _v12);
							goto L53;
						}
						__eflags = _t44;
						if(__eflags == 0) {
							__eflags = _t56 - 0xb;
							if(_t56 > 0xb) {
								_t63 = 0x80004005;
								L27:
								__eflags = _t63;
								if(_t63 >= 0) {
									goto L29;
								}
								goto L28;
							}
							switch( *((intOrPtr*)(_t56 * 4 +  &M008E1158))) {
								case 0:
									_t63 = 0x8000ffff;
									goto L28;
								case 1:
									__esi = 0x80070002;
									goto L28;
								case 2:
									__esi = 0x80070001;
									goto L28;
								case 3:
									__esi = 0x80070309;
									goto L28;
								case 4:
									__esi = 0x80070570;
									goto L28;
								case 5:
									__esi = 0x8007000e;
									goto L28;
								case 6:
									__esi = 0x8007026a;
									goto L28;
								case 7:
									__esi = 0x8007025d;
									goto L28;
								case 8:
									__esi = 0x8007001d;
									goto L28;
								case 9:
									__esi = 0x8007000d;
									goto L28;
								case 0xa:
									__esi = 0x8007065d;
									goto L28;
								case 0xb:
									__esi = __edx;
									goto L28;
							}
						}
						if(__eflags > 0) {
							_t63 = _t44 & 0x0000ffff | 0x80070000;
						} else {
							_t63 = _t44;
						}
						goto L27;
					}
					_t62 = 0x80004005;
					_t63 = 0x80004005;
					E008C38BA(_t27, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x169, 0x80004005);
					_push("Failed to initialize cabinet.dll.");
					_push(0x80004005);
					E008FFB09();
					goto L54;
				}
				_push("Failed to initialize COM.");
				_push(0);
				E008FFB09();
				goto L55;
			}























                                                            0x008e0ea0
                                                            0x008e0ea6
                                                            0x008e0ead
                                                            0x008e0eb1
                                                            0x008e0ebb
                                                            0x008e0ebc
                                                            0x008e0ebd
                                                            0x008e0ebe
                                                            0x008e0ec2
                                                            0x008e0ec8
                                                            0x008e0ecc
                                                            0x008e0ee0
                                                            0x008e0eef
                                                            0x008e0ef5
                                                            0x008e0ef8
                                                            0x008e0ef9
                                                            0x008e0efb
                                                            0x008e0f00
                                                            0x008e0f05
                                                            0x008e0f0a
                                                            0x008e0f0f
                                                            0x008e0f14
                                                            0x008e0f19
                                                            0x008e0f1e
                                                            0x008e0f26
                                                            0x008e0f29
                                                            0x008e0f2b
                                                            0x008e0f55
                                                            0x008e0f56
                                                            0x008e0f57
                                                            0x008e0f5c
                                                            0x008e0f5d
                                                            0x008e0f62
                                                            0x008e0f67
                                                            0x008e0f68
                                                            0x008e0f70
                                                            0x008e0f75
                                                            0x008e0f77
                                                            0x008e1031
                                                            0x008e1034
                                                            0x008e103a
                                                            0x008e103c
                                                            0x008e1080
                                                            0x008e1086
                                                            0x008e1089
                                                            0x008e10c0
                                                            0x008e10c6
                                                            0x008e10c8
                                                            0x008e1102
                                                            0x008e1102
                                                            0x008e1105
                                                            0x008e112f
                                                            0x008e1134
                                                            0x008e1134
                                                            0x008e1137
                                                            0x008e113c
                                                            0x008e113d
                                                            0x008e1143
                                                            0x008e1153
                                                            0x008e1153
                                                            0x008e1107
                                                            0x008e1107
                                                            0x008e110a
                                                            0x008e112b
                                                            0x00000000
                                                            0x008e112b
                                                            0x008e110c
                                                            0x008e111c
                                                            0x008e1121
                                                            0x008e106e
                                                            0x008e106e
                                                            0x008e106f
                                                            0x00000000
                                                            0x008e1075
                                                            0x008e10d0
                                                            0x008e10d2
                                                            0x008e10d4
                                                            0x008e10d9
                                                            0x008e10df
                                                            0x008e10df
                                                            0x008e10e1
                                                            0x008e10e3
                                                            0x008e10e3
                                                            0x008e10f0
                                                            0x008e10f5
                                                            0x00000000
                                                            0x008e10f5
                                                            0x008e1091
                                                            0x008e1093
                                                            0x008e1095
                                                            0x008e109a
                                                            0x008e10a0
                                                            0x008e10a0
                                                            0x008e10a2
                                                            0x008e10a4
                                                            0x008e10a4
                                                            0x008e10b1
                                                            0x008e10b6
                                                            0x00000000
                                                            0x008e10b6
                                                            0x008e1044
                                                            0x008e1046
                                                            0x008e1048
                                                            0x008e104d
                                                            0x008e1053
                                                            0x008e1053
                                                            0x008e1055
                                                            0x008e1057
                                                            0x008e1057
                                                            0x008e1064
                                                            0x008e1069
                                                            0x00000000
                                                            0x008e1069
                                                            0x008e0f7d
                                                            0x008e0f80
                                                            0x008e0f80
                                                            0x008e0f83
                                                            0x008e0f85
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0f8b
                                                            0x008e0f91
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0f97
                                                            0x008e0f9a
                                                            0x008e0f9d
                                                            0x008e0f9f
                                                            0x008e1019
                                                            0x008e1019
                                                            0x008e101a
                                                            0x008e1024
                                                            0x00000000
                                                            0x008e1029
                                                            0x008e0fa1
                                                            0x008e0fa3
                                                            0x008e0fb6
                                                            0x008e0fb9
                                                            0x008e1013
                                                            0x008e1015
                                                            0x008e1015
                                                            0x008e1017
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e1017
                                                            0x008e0fbb
                                                            0x00000000
                                                            0x008e0fc2
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0fc9
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0fd0
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0fd7
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0fde
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0fe5
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0fec
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0ff3
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0ffa
                                                            0x00000000
                                                            0x00000000
                                                            0x008e1001
                                                            0x00000000
                                                            0x00000000
                                                            0x008e1008
                                                            0x00000000
                                                            0x00000000
                                                            0x008e100f
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0fbb
                                                            0x008e0fa5
                                                            0x008e0fae
                                                            0x008e0fa7
                                                            0x008e0fa7
                                                            0x008e0fa7
                                                            0x00000000
                                                            0x008e0fa5
                                                            0x008e0f2d
                                                            0x008e0f3d
                                                            0x008e0f3f
                                                            0x008e0f44
                                                            0x008e0f49
                                                            0x008e0f4a
                                                            0x00000000
                                                            0x008e0f4f
                                                            0x008e0ece
                                                            0x008e0ed3
                                                            0x008e0ed4
                                                            0x00000000

                                                            APIs
                                                            • CoInitializeEx.OLE32(00000000,00000000), ref: 008E0EC2
                                                            • CoUninitialize.OLE32 ref: 008E113D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: InitializeUninitialize
                                                            • String ID: <the>.cab$@Mqt$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 3442037557-1567645859
                                                            • Opcode ID: 98014cd10a66a31a70022c4287098e02ae8b5500ae7f311ebf8084c675b4b20c
                                                            • Instruction ID: ec841a51ab46d4e05277e4d0b5a941251913e6ed90e1985596e7c4e4df8ed51e
                                                            • Opcode Fuzzy Hash: 98014cd10a66a31a70022c4287098e02ae8b5500ae7f311ebf8084c675b4b20c
                                                            • Instruction Fuzzy Hash: 26517F37B546EAE7CF20566B9C09E7B7524FB43728B120225BD12FB281D57D8C8095D2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008DE60C Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 134registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1412 8de60c-8de644 1413 8de666-8de687 RegisterClassW 1412->1413 1414 8de646-8de65a TlsSetValue 1412->1414 1416 8de689-8de693 1413->1416 1417 8de6c1-8de6f8 CreateWindowExW 1413->1417 1414->1413 1415 8de65c-8de661 1414->1415 1418 8de790-8de7a4 UnregisterClassW 1415->1418 1423 8de695-8de69e 1416->1423 1424 8de6a0 1416->1424 1419 8de72f-8de743 SetEvent 1417->1419 1420 8de6fa-8de704 1417->1420 1422 8de76f-8de77a GetMessageW 1419->1422 1432 8de706-8de70f 1420->1432 1433 8de711 1420->1433 1425 8de77c 1422->1425 1426 8de745-8de748 1422->1426 1423->1424 1428 8de6a7-8de6bc call 8c38ba 1424->1428 1429 8de6a2 1424->1429 1425->1418 1430 8de77e-8de783 1426->1430 1431 8de74a-8de759 IsDialogMessageW 1426->1431 1438 8de788-8de78f call 8ffb09 1428->1438 1429->1428 1430->1438 1431->1422 1436 8de75b-8de769 TranslateMessage DispatchMessageW 1431->1436 1432->1433 1434 8de718-8de72d call 8c38ba 1433->1434 1435 8de713 1433->1435 1434->1438 1435->1434 1436->1422 1438->1418
                                                            C-Code - Quality: 80%
                                                            			E008DE60C(signed int _a4) {
				int _v8;
				void _v12;
				struct tagMSG _v40;
				struct _WNDCLASSW _v80;
				int _t35;
				short _t39;
				struct HWND__* _t43;
				struct HWND__* _t46;
				struct HWND__* _t51;
				void** _t61;
				signed int _t62;
				void* _t74;
				struct HWND__* _t76;

				_t61 = _a4;
				_t62 = 0xa;
				_t76 = 0;
				_t35 = memset( &_v80, 0, _t62 << 2);
				_push(7);
				_v12 = 0;
				memset( &_v40, _t35, 0 << 2);
				_t74 = _t61[2];
				_v8 = 0;
				_t11 =  *((intOrPtr*)(_t74 + 0x490)) == 2;
				_a4 = 0 | _t11;
				if(_t11 != 0 || TlsSetValue( *(_t74 + 0x498),  *(_t74 + 0x4b0)) != 0) {
					_v80.hInstance = _t61[1];
					_v80.lpfnWndProc = 0x8de7a7;
					_v80.lpszClassName = L"WixBurnMessageWindow";
					_t39 = RegisterClassW( &_v80); // executed
					__eflags = _t39;
					if(_t39 != 0) {
						_v12 = _a4;
						_v8 = _t74 + 0xb8;
						_t43 = CreateWindowExW(0x80, _v80.lpszClassName, _t76, 0x90000000, 0x80000000, 8, _t76, _t76, _t76, _t76, _t61[1],  &_v12); // executed
						__eflags = _t43;
						if(_t43 != 0) {
							 *(_t74 + 0x3e0) = _t43;
							SetEvent( *_t61);
							while(1) {
								_t46 = GetMessageW( &_v40, _t76, _t76, _t76);
								__eflags = _t46;
								if(_t46 == 0) {
									break;
								}
								__eflags = _t46 - 0xffffffff;
								if(_t46 == 0xffffffff) {
									_t76 = 0x8000ffff;
									_push("Unexpected return value from message pump.");
									L22:
									_push(_t76);
									E008FFB09();
									goto L23;
								}
								_t51 = IsDialogMessageW(_v40,  &_v40);
								__eflags = _t51;
								if(_t51 == 0) {
									TranslateMessage( &_v40);
									DispatchMessageW( &_v40);
								}
							}
							goto L23;
						}
						_t76 = GetLastError();
						__eflags = _t76;
						if(__eflags > 0) {
							_t76 = _t76 & 0x0000ffff | 0x80070000;
							__eflags = _t76;
						}
						if(__eflags >= 0) {
							_t76 = 0x80004005;
						}
						E008C38BA(_t56, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\uithread.cpp", 0x8a, _t76);
						_push("Failed to create window.");
						goto L22;
					}
					_t76 = GetLastError();
					__eflags = _t76;
					if(__eflags > 0) {
						_t76 = _t76 & 0x0000ffff | 0x80070000;
						__eflags = _t76;
					}
					if(__eflags >= 0) {
						_t76 = 0x80004005;
					}
					E008C38BA(_t58, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\uithread.cpp", 0x80, _t76);
					_push("Failed to register window.");
					goto L22;
				} else {
					_t76 = 0x8007139f;
					L23:
					UnregisterClassW(L"WixBurnMessageWindow", _t61[1]);
					return _t76;
				}
			}
















                                                            0x008de613
                                                            0x008de61c
                                                            0x008de620
                                                            0x008de622
                                                            0x008de624
                                                            0x008de62a
                                                            0x008de62d
                                                            0x008de62f
                                                            0x008de634
                                                            0x008de63e
                                                            0x008de641
                                                            0x008de644
                                                            0x008de669
                                                            0x008de670
                                                            0x008de677
                                                            0x008de67e
                                                            0x008de684
                                                            0x008de687
                                                            0x008de6c4
                                                            0x008de6cd
                                                            0x008de6f0
                                                            0x008de6f6
                                                            0x008de6f8
                                                            0x008de72f
                                                            0x008de737
                                                            0x008de76f
                                                            0x008de776
                                                            0x008de778
                                                            0x008de77a
                                                            0x00000000
                                                            0x00000000
                                                            0x008de745
                                                            0x008de748
                                                            0x008de77e
                                                            0x008de783
                                                            0x008de788
                                                            0x008de788
                                                            0x008de789
                                                            0x00000000
                                                            0x008de78f
                                                            0x008de751
                                                            0x008de757
                                                            0x008de759
                                                            0x008de75f
                                                            0x008de769
                                                            0x008de769
                                                            0x008de759
                                                            0x00000000
                                                            0x008de77c
                                                            0x008de700
                                                            0x008de702
                                                            0x008de704
                                                            0x008de709
                                                            0x008de70f
                                                            0x008de70f
                                                            0x008de711
                                                            0x008de713
                                                            0x008de713
                                                            0x008de723
                                                            0x008de728
                                                            0x00000000
                                                            0x008de728
                                                            0x008de68f
                                                            0x008de691
                                                            0x008de693
                                                            0x008de698
                                                            0x008de69e
                                                            0x008de69e
                                                            0x008de6a0
                                                            0x008de6a2
                                                            0x008de6a2
                                                            0x008de6b2
                                                            0x008de6b7
                                                            0x00000000
                                                            0x008de65c
                                                            0x008de65c
                                                            0x008de790
                                                            0x008de798
                                                            0x008de7a4
                                                            0x008de7a4

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                            • String ID: @Mqt$Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$c:\agent\_work\66\s\src\burn\engine\uithread.cpp
                                                            • API String ID: 213125376-3224418139
                                                            • Opcode ID: 926391fc884ef992793d84303bdd4643457e7d5ad01a21ce3a23ff66a4e2e388
                                                            • Instruction ID: 9dde0dc6932464c812b17763b7e373ca73ee8453843c5a60ba347cf90d9758dc
                                                            • Opcode Fuzzy Hash: 926391fc884ef992793d84303bdd4643457e7d5ad01a21ce3a23ff66a4e2e388
                                                            • Instruction Fuzzy Hash: 9B41C576A04229AFDB209F94DC48ADEBFB8FF04764F104266F905FA240D7319940DBE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E3845 Relevance: 28.6, APIs: 1, Strings: 15, Instructions: 577COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E008E3845(void* __ecx, int __edx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				short _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				int _v104;
				intOrPtr* _v108;
				int _v112;
				char _v116;
				char _v120;
				int _v124;
				int _v128;
				int _v132;
				signed int _v136;
				signed int _v140;
				char _v144;
				int _v148;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t189;
				void* _t198;
				int _t201;
				int _t209;
				signed int _t210;
				int _t211;
				intOrPtr* _t213;
				int _t219;
				int _t222;
				intOrPtr* _t228;
				int _t229;
				int _t231;
				int _t233;
				intOrPtr _t246;
				intOrPtr* _t254;
				intOrPtr* _t265;
				int _t268;
				int _t273;
				intOrPtr* _t278;
				int _t288;
				intOrPtr* _t289;
				intOrPtr _t290;
				intOrPtr _t291;
				intOrPtr* _t297;
				intOrPtr* _t299;
				void* _t300;
				int _t306;
				intOrPtr _t308;
				int _t311;
				intOrPtr _t315;
				int _t316;
				int _t322;
				void* _t323;
				void* _t325;
				intOrPtr* _t326;
				int _t327;
				int _t328;
				intOrPtr* _t331;
				signed int _t332;
				void* _t333;
				void* _t334;

				_t319 = __edx;
				_t300 = __ecx;
				_t189 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t189 ^ _t332;
				_v140 = _v140 | 0xffffffff;
				_t299 = _a4;
				_t322 = 0;
				_v100 = _a8;
				_v92 = 0;
				_v120 = 0;
				_v96 = 0;
				_v144 = 0;
				_v104 = 0;
				E008EF600(0,  &_v88, 0, 0x4e);
				_t334 = _t333 + 0xc;
				_v116 = 0;
				_v112 = 0;
				_v132 = 0;
				_t198 = E009022AF(_t300,  *(_t299 + 0x90), 0, 2 + (0 |  *((intOrPtr*)(_t299 + 0x14)) != 0x00000000) * 2, L"VersionString",  &_v92); // executed
				_t323 = _t198;
				if(_t323 < 0) {
					__eflags = _t323 - 0x80070645;
					if(_t323 == 0x80070645) {
						L22:
						_t201 = E008E7B1B(_t299,  &_v144,  &_v96); // executed
						__eflags = _t201;
						if(_t201 < 0) {
							L34:
							 *((intOrPtr*)(_t299 + 0x40)) = 2;
							_t324 = _t322;
							goto L35;
						} else {
							__eflags =  *((intOrPtr*)(_t299 + 0x14)) - _t322;
							_t273 = E009022AF(_t300, _v96, _t322, 2 + (0 |  *((intOrPtr*)(_t299 + 0x14)) != _t322) * 2, L"VersionString",  &_v92);
							__eflags = _t273;
							if(_t273 < 0) {
								goto L34;
							} else {
								_t324 = E009044B2(_v92, _t322,  &_v116);
								__eflags = _t324;
								if(_t324 >= 0) {
									__eflags =  *((intOrPtr*)(_t299 + 0x9c)) - _v112;
									if(__eflags > 0) {
										goto L34;
									} else {
										if(__eflags < 0) {
											L29:
											E008C563D(2, 0x2000006c,  *_t299);
											_t334 = _t334 + 0x1c;
											_t278 =  *((intOrPtr*)(_v100 + 0x10));
											_t324 = E008CD644(_v100, 1,  *((intOrPtr*)( *_t278 + 0x34))(_t278,  *_t299, _v96, _v144, _v96, _v92,  *(_t299 + 0x90)));
											__eflags = _t324;
											if(_t324 >= 0) {
												_t74 = _t299 + 0xa0; // 0x158
												_t324 = E008C229E(_t74, _v96, _t322);
												__eflags = _t324;
												if(_t324 >= 0) {
													 *((intOrPtr*)(_t299 + 0xa8)) = _v116;
													 *((intOrPtr*)(_t299 + 0xac)) = _v112;
													 *(_t299 + 0xd8) = 1;
													goto L34;
												} else {
													_push("Failed to copy the installed ProductCode to the package.");
													goto L120;
												}
											} else {
												E008C38BA(_t280, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\msiengine.cpp", 0x1c4, _t324);
												_push("UX aborted detect compatible MSI package.");
												goto L120;
											}
										} else {
											__eflags =  *(_t299 + 0x98) - _v116;
											if( *(_t299 + 0x98) >= _v116) {
												goto L34;
											} else {
												goto L29;
											}
										}
									}
								} else {
									_push(_v96);
									goto L3;
								}
							}
						}
					} else {
						__eflags = _t323 - 0x80070648;
						if(_t323 == 0x80070648) {
							goto L22;
						} else {
							_push( *(_t299 + 0x90));
							_push("Failed to get product information for ProductCode: %ls");
							goto L21;
						}
					}
				} else {
					_t23 = _t299 + 0xa8; // 0x160
					_t288 = E009044B2(_v92, 0, _t23);
					_t324 = _t288;
					if(_t288 >= 0) {
						_t319 =  *(_t299 + 0x98);
						_t28 = _t299 + 0xa8; // 0x160
						_t289 = _t28;
						_t315 =  *_t289;
						_t290 =  *((intOrPtr*)(_t289 + 4));
						__eflags =  *((intOrPtr*)(_t299 + 0x9c)) - _t290;
						if(__eflags > 0) {
							L11:
							_t316 = 2;
							_v104 = _t316;
							goto L13;
						} else {
							if(__eflags < 0) {
								L7:
								_t316 = 1;
								_v104 = 1;
								_push(5);
							} else {
								__eflags = _t319 - _t315;
								if(_t319 >= _t315) {
									__eflags =  *((intOrPtr*)(_t299 + 0x9c)) - _t290;
									if(__eflags < 0) {
										L12:
										_t316 = _t322;
									} else {
										if(__eflags > 0) {
											goto L11;
										} else {
											__eflags = _t319 - _t315;
											if(_t319 <= _t315) {
												goto L12;
											} else {
												goto L11;
											}
										}
									}
									L13:
									_push(4);
								} else {
									goto L7;
								}
							}
						}
						_pop(_t291);
						 *((intOrPtr*)(_t299 + 0x40)) = _t291;
						__eflags = _t316;
						if(_t316 == 0) {
							L35:
							_v124 = _t322;
							__eflags =  *((intOrPtr*)(_t299 + 0xc8)) - _t322;
							if( *((intOrPtr*)(_t299 + 0xc8)) <= _t322) {
								L93:
								__eflags =  *(_t299 + 0xc0);
								if( *(_t299 + 0xc0) != 0) {
									_t209 = _t322;
									_v124 = _t322;
									do {
										_t319 =  *((intOrPtr*)(_t299 + 0xbc)) + _t209;
										__eflags =  *((intOrPtr*)(_t299 + 0x40)) - 4;
										_v128 = _t319;
										if( *((intOrPtr*)(_t299 + 0x40)) < 4) {
											L98:
											_t210 = 2;
											_v140 = _t210;
											goto L99;
										} else {
											_t324 = E0090268C( *(_t299 + 0x90),  *_t319,  &_v140);
											__eflags = _t324;
											if(_t324 < 0) {
												_push("Failed to query feature state.");
												goto L120;
											} else {
												_t210 = _v140;
												_t319 = _v128;
												__eflags = _t210 - 0xffffffff;
												if(_t210 == 0xffffffff) {
													goto L98;
												}
												L99:
												_t211 = _t210 - 1;
												__eflags = _t211;
												if(_t211 == 0) {
													 *((intOrPtr*)(_t319 + 0x1c)) = 2;
													_push(2);
													goto L113;
												} else {
													_t219 = _t211 - 1;
													__eflags = _t219;
													if(_t219 == 0) {
														__eflags = 1;
														goto L111;
													} else {
														_t222 = _t219 - 1;
														__eflags = _t222;
														if(_t222 == 0) {
															_push(3);
															_pop(1);
															L111:
															 *((intOrPtr*)(_t319 + 0x1c)) = 1;
															_t325 = 1;
															goto L114;
														} else {
															_t223 = _t222 != 1;
															__eflags = _t222 != 1;
															if(_t222 != 1) {
																_t324 = 0x8000ffff;
																E008C38BA(_t223, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\msiengine.cpp", 0x283, 0x8000ffff);
																_push("Invalid state value.");
																goto L120;
															} else {
																 *((intOrPtr*)(_t319 + 0x1c)) = 4;
																_push(4);
																L113:
																_pop(_t325);
																L114:
																_t213 =  *((intOrPtr*)(_v100 + 0x10));
																_t324 = E008CD644(_v100, 1,  *((intOrPtr*)( *_t213 + 0x40))(_t213,  *_t299,  *_t319, _t325));
																__eflags = _t324;
																if(_t324 < 0) {
																	E008C38BA(_t215, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\msiengine.cpp", 0x289, _t324);
																	_push("UX aborted detect.");
																	goto L120;
																} else {
																	goto L115;
																}
															}
														}
													}
												}
											}
										}
										goto L121;
										L115:
										_t322 = _t322 + 1;
										_t209 = _v124 + 0x28;
										_v124 = _t209;
										__eflags = _t322 -  *(_t299 + 0xc0);
									} while (_t322 <  *(_t299 + 0xc0));
								}
							} else {
								_t306 = _t322;
								_v128 = _t322;
								do {
									_t228 =  *((intOrPtr*)(_t299 + 0xc4)) + _t306;
									_v148 = _t322;
									_t307 =  &_v88;
									_v108 = _t228;
									_push( &_v88);
									_push(_t322);
									_push( *_t228);
									while(1) {
										_t229 = E0090204D(); // executed
										_t324 = _t229;
										__eflags = _t324 - 0x80070103;
										if(_t324 == 0x80070103) {
											goto L92;
										}
										__eflags = _t324;
										if(_t324 < 0) {
											_push("Failed to enum related products.");
											goto L120;
										} else {
											_t231 = CompareStringW(_t322, 1,  *(_t299 + 0x90), 0xffffffff,  &_v88, 0xffffffff);
											__eflags = _t231 - 2;
											if(_t231 == 2) {
												L89:
												_t326 = _v108;
												goto L90;
											} else {
												_t327 = E009022AF(_t307,  &_v88, _t322, 2, L"VersionString",  &_v92);
												__eflags = _t327 - 0x80070645;
												if(_t327 == 0x80070645) {
													L44:
													_t324 = E009022AF(_t307,  &_v88, _t322, 4, L"VersionString",  &_v92);
													__eflags = _t324 - 0x80070645;
													if(_t324 == 0x80070645) {
														goto L89;
													} else {
														__eflags = _t324 - 0x80070648;
														if(_t324 == 0x80070648) {
															goto L89;
														} else {
															__eflags = _t324;
															if(_t324 < 0) {
																_push( &_v88);
																_push("Failed to get version for product in machine context: %ls");
																goto L21;
															} else {
																_v136 = 1;
																goto L48;
															}
														}
													}
												} else {
													__eflags = _t327 - 0x80070648;
													if(_t327 == 0x80070648) {
														goto L44;
													} else {
														__eflags = _t327;
														if(_t327 < 0) {
															_push( &_v88);
															_push("Failed to get version for product in user unmanaged context: %ls");
															L21:
															_push(_t324);
															E008FFB09();
														} else {
															_v136 = _t322;
															L48:
															_t324 = E009044B2(_v92, _t322,  &_v116);
															__eflags = _t324;
															if(_t324 < 0) {
																_push( &_v88);
																goto L3;
															} else {
																_t326 = _v108;
																_t308 = _v116;
																_t246 = _v112;
																__eflags =  *((intOrPtr*)(_t326 + 0x18)) - _t322;
																if( *((intOrPtr*)(_t326 + 0x18)) == _t322) {
																	L58:
																	__eflags =  *((intOrPtr*)(_t326 + 0x1c)) - _t322;
																	if( *((intOrPtr*)(_t326 + 0x1c)) == _t322) {
																		L67:
																		_v132 = _t322;
																		__eflags =  *((intOrPtr*)(_t326 + 0x34)) - _t322;
																		if( *((intOrPtr*)(_t326 + 0x34)) == _t322) {
																			L78:
																			__eflags =  *((intOrPtr*)(_t326 + 0x28)) - _t322;
																			if( *((intOrPtr*)(_t326 + 0x28)) == _t322) {
																				_push(3);
																				_pop(1);
																				goto L87;
																			} else {
																				__eflags = _v104 - 3;
																				if(_v104 == 3) {
																					L85:
																					_t328 = _t322;
																				} else {
																					__eflags =  *((intOrPtr*)(_t299 + 0x40)) - 2;
																					if( *((intOrPtr*)(_t299 + 0x40)) != 2) {
																						goto L85;
																					} else {
																						 *((intOrPtr*)(_t299 + 0x40)) = 1;
																						L87:
																						_v104 = 1;
																						_t328 = 1;
																					}
																				}
																			}
																			E008C563D(2, 0x20000067,  &_v88);
																			_t334 = _t334 + 0x1c;
																			_t254 =  *((intOrPtr*)(_v100 + 0x10));
																			_t319 =  &_v88;
																			_t324 = E008CD644(_v100, 1,  *((intOrPtr*)( *_t254 + 0x38))(_t254,  *_t299,  &_v88, _v136, _v116, _v112, _t328, E008D425D(_v136), E008D457D(_v116, _v112), _v132, E008D4274(_t328)));
																			__eflags = _t324;
																			if(_t324 < 0) {
																				_push(_t324);
																				_push(0x257);
																				goto L17;
																			} else {
																				goto L89;
																			}
																		} else {
																			_t319 = _v136;
																			__eflags = E009022AF(_t308,  &_v88, _t322, 2 + _v136 * 2, L"Language",  &_v120);
																			if(__eflags < 0) {
																				L84:
																				E008FFAAB(_t319, __eflags, _t262, 0xe0000098, _t322,  &_v88, _v120, _t322);
																				goto L90;
																			} else {
																				__eflags = E008C2ABF(_t308, _v120, _t322,  &_v132);
																				if(__eflags < 0) {
																					goto L84;
																				} else {
																					_t311 = _t322;
																					_t319 = _t322;
																					__eflags =  *((intOrPtr*)(_t326 + 0x34)) - _t311;
																					if( *((intOrPtr*)(_t326 + 0x34)) > _t311) {
																						_t265 =  *((intOrPtr*)(_t326 + 0x30));
																						while(1) {
																							__eflags = _v132 -  *_t265;
																							_t326 = _v108;
																							if(_v132 ==  *_t265) {
																								break;
																							}
																							_t319 = _t319 + 1;
																							_t265 = _t265 + 4;
																							__eflags = _t319 -  *((intOrPtr*)(_t326 + 0x34));
																							if(_t319 <  *((intOrPtr*)(_t326 + 0x34))) {
																								continue;
																							} else {
																							}
																							goto L76;
																						}
																						_t311 = 1;
																						__eflags = 1;
																					}
																					L76:
																					__eflags =  *((intOrPtr*)(_t326 + 0x2c)) - _t322;
																					if( *((intOrPtr*)(_t326 + 0x2c)) == _t322) {
																						__eflags = _t311;
																						if(_t311 != 0) {
																							goto L90;
																						} else {
																							goto L78;
																						}
																					} else {
																						__eflags = _t311;
																						if(_t311 == 0) {
																							goto L90;
																						} else {
																							goto L78;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		__eflags =  *((intOrPtr*)(_t326 + 0x24)) - _t322;
																		if( *((intOrPtr*)(_t326 + 0x24)) == _t322) {
																			__eflags = _t246 -  *((intOrPtr*)(_t326 + 0x14));
																			if(__eflags > 0) {
																				goto L90;
																			} else {
																				if(__eflags < 0) {
																					goto L67;
																				} else {
																					__eflags = _t308 -  *((intOrPtr*)(_t326 + 0x10));
																					if(_t308 >=  *((intOrPtr*)(_t326 + 0x10))) {
																						goto L90;
																					} else {
																						goto L67;
																					}
																				}
																			}
																		} else {
																			__eflags = _t246 -  *((intOrPtr*)(_t326 + 0x14));
																			if(__eflags < 0) {
																				goto L67;
																			} else {
																				if(__eflags > 0) {
																					goto L90;
																				} else {
																					__eflags = _t308 -  *((intOrPtr*)(_t326 + 0x10));
																					if(_t308 <=  *((intOrPtr*)(_t326 + 0x10))) {
																						goto L67;
																					} else {
																						goto L90;
																					}
																				}
																			}
																		}
																	}
																} else {
																	__eflags =  *((intOrPtr*)(_t326 + 0x20)) - _t322;
																	if( *((intOrPtr*)(_t326 + 0x20)) == _t322) {
																		__eflags = _t246 -  *((intOrPtr*)(_t326 + 0xc));
																		if(__eflags < 0) {
																			goto L90;
																		} else {
																			if(__eflags > 0) {
																				goto L58;
																			} else {
																				__eflags = _t308 -  *((intOrPtr*)(_t326 + 8));
																				if(_t308 <=  *((intOrPtr*)(_t326 + 8))) {
																					goto L90;
																				} else {
																					goto L58;
																				}
																			}
																		}
																	} else {
																		__eflags = _t246 -  *((intOrPtr*)(_t326 + 0xc));
																		if(__eflags > 0) {
																			goto L58;
																		} else {
																			if(__eflags < 0) {
																				L90:
																				_t307 =  &_v88;
																				_t233 = _v148 + 1;
																				__eflags = _t233;
																				_push( &_v88);
																				_push(_t233);
																				_push( *_t326);
																				_v148 = _t233;
																				continue;
																			} else {
																				__eflags = _t308 -  *((intOrPtr*)(_t326 + 8));
																				if(_t308 >=  *((intOrPtr*)(_t326 + 8))) {
																					goto L58;
																				} else {
																					goto L90;
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
										goto L121;
									}
									L92:
									_t324 = _t322;
									_t268 = _v124 + 1;
									_t306 = _v128 + 0x38;
									_v124 = _t268;
									_v128 = _t306;
									__eflags = _t268 -  *((intOrPtr*)(_t299 + 0xc8));
								} while (_t268 <  *((intOrPtr*)(_t299 + 0xc8)));
								goto L93;
							}
						} else {
							_t36 = _t299 + 0xa8; // 0x160
							_t331 = _t36;
							E008C563D(2, 0x20000067,  *(_t299 + 0x90));
							_t334 = _t334 + 0x1c;
							_t297 =  *((intOrPtr*)(_v100 + 0x10));
							_t324 = E008CD644(_v100, 1,  *((intOrPtr*)( *_t297 + 0x38))(_t297,  *_t299,  *(_t299 + 0x90),  *((intOrPtr*)(_t299 + 0x14)),  *_t331,  *((intOrPtr*)(_t331 + 4)), _v104, E008D425D( *((intOrPtr*)(_t299 + 0x14))), E008D457D( *_t331,  *((intOrPtr*)(_t331 + 4))),  *((intOrPtr*)(_t299 + 0x94)), E008D4274(_t316)));
							__eflags = _t324;
							if(_t324 >= 0) {
								goto L35;
							} else {
								_push(_t324);
								_push(0x1af);
								L17:
								_push("c:\\agent\\_work\\66\\s\\src\\burn\\engine\\msiengine.cpp");
								E008C38BA(_t256);
								_push("UX aborted detect related MSI package.");
								L120:
								_push(_t324);
								E008FFB09();
							}
						}
					} else {
						_push( *(_t299 + 0x90));
						L3:
						E008FFB09(_t324, "Failed to convert version: %ls to DWORD64 for ProductCode: %ls", _v92);
					}
				}
				L121:
				if(_v144 != 0) {
					E008C2762(_v144);
				}
				if(_v96 != 0) {
					E008C2762(_v96);
				}
				if(_v120 != 0) {
					E008C2762(_v120);
				}
				if(_v92 != 0) {
					E008C2762(_v92);
				}
				return E008EDD1F(_t299, _v8 ^ _t332, _t319, _t322, _t324);
			}
































































                                                            0x008e3845
                                                            0x008e3845
                                                            0x008e384e
                                                            0x008e3855
                                                            0x008e385b
                                                            0x008e3863
                                                            0x008e3868
                                                            0x008e386a
                                                            0x008e3872
                                                            0x008e3877
                                                            0x008e387a
                                                            0x008e387d
                                                            0x008e3883
                                                            0x008e3886
                                                            0x008e388b
                                                            0x008e388e
                                                            0x008e3894
                                                            0x008e3897
                                                            0x008e38b7
                                                            0x008e38bc
                                                            0x008e38c0
                                                            0x008e39d1
                                                            0x008e39d7
                                                            0x008e39fa
                                                            0x008e3a06
                                                            0x008e3a0b
                                                            0x008e3a0d
                                                            0x008e3b11
                                                            0x008e3b11
                                                            0x008e3b18
                                                            0x00000000
                                                            0x008e3a13
                                                            0x008e3a19
                                                            0x008e3a30
                                                            0x008e3a35
                                                            0x008e3a37
                                                            0x00000000
                                                            0x008e3a3d
                                                            0x008e3a4a
                                                            0x008e3a4c
                                                            0x008e3a4e
                                                            0x008e3a5e
                                                            0x008e3a61
                                                            0x00000000
                                                            0x008e3a67
                                                            0x008e3a67
                                                            0x008e3a78
                                                            0x008e3a93
                                                            0x008e3a9b
                                                            0x008e3a9e
                                                            0x008e3ab5
                                                            0x008e3ab7
                                                            0x008e3ab9
                                                            0x008e3ad9
                                                            0x008e3ae5
                                                            0x008e3ae7
                                                            0x008e3ae9
                                                            0x008e3af8
                                                            0x008e3b01
                                                            0x008e3b07
                                                            0x00000000
                                                            0x008e3aeb
                                                            0x008e3aeb
                                                            0x00000000
                                                            0x008e3aeb
                                                            0x008e3abb
                                                            0x008e3ac6
                                                            0x008e3acb
                                                            0x00000000
                                                            0x008e3acb
                                                            0x008e3a69
                                                            0x008e3a6f
                                                            0x008e3a72
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3a72
                                                            0x008e3a67
                                                            0x008e3a50
                                                            0x008e3a50
                                                            0x00000000
                                                            0x008e3a50
                                                            0x008e3a4e
                                                            0x008e3a37
                                                            0x008e39d9
                                                            0x008e39d9
                                                            0x008e39df
                                                            0x00000000
                                                            0x008e39e1
                                                            0x008e39e1
                                                            0x008e39e7
                                                            0x00000000
                                                            0x008e39e7
                                                            0x008e39df
                                                            0x008e38c6
                                                            0x008e38c6
                                                            0x008e38d1
                                                            0x008e38d6
                                                            0x008e38da
                                                            0x008e38f8
                                                            0x008e38fe
                                                            0x008e38fe
                                                            0x008e3904
                                                            0x008e3906
                                                            0x008e3909
                                                            0x008e390f
                                                            0x008e392f
                                                            0x008e3931
                                                            0x008e3932
                                                            0x00000000
                                                            0x008e3911
                                                            0x008e3911
                                                            0x008e3917
                                                            0x008e3919
                                                            0x008e391a
                                                            0x008e391d
                                                            0x008e3913
                                                            0x008e3913
                                                            0x008e3915
                                                            0x008e3921
                                                            0x008e3927
                                                            0x008e3937
                                                            0x008e3937
                                                            0x008e3929
                                                            0x008e3929
                                                            0x00000000
                                                            0x008e392b
                                                            0x008e392b
                                                            0x008e392d
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e392d
                                                            0x008e3929
                                                            0x008e3939
                                                            0x008e3939
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3915
                                                            0x008e3911
                                                            0x008e393b
                                                            0x008e393c
                                                            0x008e393f
                                                            0x008e3941
                                                            0x008e3b1a
                                                            0x008e3b1a
                                                            0x008e3b1d
                                                            0x008e3b23
                                                            0x008e3dd7
                                                            0x008e3ddd
                                                            0x008e3ddf
                                                            0x008e3de5
                                                            0x008e3de7
                                                            0x008e3dea
                                                            0x008e3df0
                                                            0x008e3df2
                                                            0x008e3df6
                                                            0x008e3df9
                                                            0x008e3e27
                                                            0x008e3e29
                                                            0x008e3e2a
                                                            0x00000000
                                                            0x008e3dfb
                                                            0x008e3e0f
                                                            0x008e3e11
                                                            0x008e3e13
                                                            0x008e3ee0
                                                            0x00000000
                                                            0x008e3e19
                                                            0x008e3e19
                                                            0x008e3e1f
                                                            0x008e3e22
                                                            0x008e3e25
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3e30
                                                            0x008e3e30
                                                            0x008e3e30
                                                            0x008e3e33
                                                            0x008e3e9c
                                                            0x008e3ea3
                                                            0x00000000
                                                            0x008e3e35
                                                            0x008e3e35
                                                            0x008e3e35
                                                            0x008e3e38
                                                            0x008e3e94
                                                            0x00000000
                                                            0x008e3e3a
                                                            0x008e3e3a
                                                            0x008e3e3a
                                                            0x008e3e3d
                                                            0x008e3e8d
                                                            0x008e3e8f
                                                            0x008e3e95
                                                            0x008e3e95
                                                            0x008e3e98
                                                            0x00000000
                                                            0x008e3e3f
                                                            0x008e3e3f
                                                            0x008e3e3f
                                                            0x008e3e42
                                                            0x008e3ee7
                                                            0x008e3ef7
                                                            0x008e3efc
                                                            0x00000000
                                                            0x008e3e48
                                                            0x008e3e48
                                                            0x008e3e4f
                                                            0x008e3ea5
                                                            0x008e3ea5
                                                            0x008e3ea6
                                                            0x008e3eac
                                                            0x008e3ec2
                                                            0x008e3ec4
                                                            0x008e3ec6
                                                            0x008e3f0e
                                                            0x008e3f13
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3ec6
                                                            0x008e3e42
                                                            0x008e3e3d
                                                            0x008e3e38
                                                            0x008e3e33
                                                            0x008e3e13
                                                            0x00000000
                                                            0x008e3ec8
                                                            0x008e3ecb
                                                            0x008e3ecc
                                                            0x008e3ecf
                                                            0x008e3ed2
                                                            0x008e3ed2
                                                            0x008e3ede
                                                            0x008e3b29
                                                            0x008e3b29
                                                            0x008e3b2b
                                                            0x008e3b2e
                                                            0x008e3b34
                                                            0x008e3b36
                                                            0x008e3b3c
                                                            0x008e3b3f
                                                            0x008e3b42
                                                            0x008e3b43
                                                            0x008e3b44
                                                            0x008e3da6
                                                            0x008e3da6
                                                            0x008e3dab
                                                            0x008e3dad
                                                            0x008e3db3
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3b4b
                                                            0x008e3b4d
                                                            0x008e3e83
                                                            0x00000000
                                                            0x008e3b53
                                                            0x008e3b64
                                                            0x008e3b6a
                                                            0x008e3b6d
                                                            0x008e3d8f
                                                            0x008e3d8f
                                                            0x00000000
                                                            0x008e3b73
                                                            0x008e3b88
                                                            0x008e3b8a
                                                            0x008e3b90
                                                            0x008e3baa
                                                            0x008e3bbf
                                                            0x008e3bc1
                                                            0x008e3bc7
                                                            0x00000000
                                                            0x008e3bcd
                                                            0x008e3bcd
                                                            0x008e3bd3
                                                            0x00000000
                                                            0x008e3bd9
                                                            0x008e3bd9
                                                            0x008e3bdb
                                                            0x008e3e78
                                                            0x008e3e79
                                                            0x00000000
                                                            0x008e3be1
                                                            0x008e3be1
                                                            0x00000000
                                                            0x008e3be1
                                                            0x008e3bdb
                                                            0x008e3bd3
                                                            0x008e3b92
                                                            0x008e3b92
                                                            0x008e3b98
                                                            0x00000000
                                                            0x008e3b9a
                                                            0x008e3b9a
                                                            0x008e3b9c
                                                            0x008e3e56
                                                            0x008e3e57
                                                            0x008e39ec
                                                            0x008e39ec
                                                            0x008e39ed
                                                            0x008e3ba2
                                                            0x008e3ba2
                                                            0x008e3beb
                                                            0x008e3bf8
                                                            0x008e3bfa
                                                            0x008e3bfc
                                                            0x008e3e6f
                                                            0x00000000
                                                            0x008e3c02
                                                            0x008e3c02
                                                            0x008e3c05
                                                            0x008e3c08
                                                            0x008e3c0b
                                                            0x008e3c0e
                                                            0x008e3c3e
                                                            0x008e3c3e
                                                            0x008e3c41
                                                            0x008e3c71
                                                            0x008e3c71
                                                            0x008e3c74
                                                            0x008e3c77
                                                            0x008e3ce0
                                                            0x008e3ce0
                                                            0x008e3ce3
                                                            0x008e3d1d
                                                            0x008e3d1f
                                                            0x00000000
                                                            0x008e3ce5
                                                            0x008e3ce5
                                                            0x008e3ce9
                                                            0x008e3d19
                                                            0x008e3d19
                                                            0x008e3ceb
                                                            0x008e3ceb
                                                            0x008e3cef
                                                            0x00000000
                                                            0x008e3cf1
                                                            0x008e3cf4
                                                            0x008e3d20
                                                            0x008e3d20
                                                            0x008e3d23
                                                            0x008e3d23
                                                            0x008e3cef
                                                            0x008e3ce9
                                                            0x008e3d52
                                                            0x008e3d5a
                                                            0x008e3d63
                                                            0x008e3d70
                                                            0x008e3d85
                                                            0x008e3d87
                                                            0x008e3d89
                                                            0x008e3e61
                                                            0x008e3e62
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3c79
                                                            0x008e3c79
                                                            0x008e3c9a
                                                            0x008e3c9c
                                                            0x008e3d03
                                                            0x008e3d12
                                                            0x00000000
                                                            0x008e3c9e
                                                            0x008e3cab
                                                            0x008e3cad
                                                            0x00000000
                                                            0x008e3caf
                                                            0x008e3caf
                                                            0x008e3cb1
                                                            0x008e3cb3
                                                            0x008e3cb6
                                                            0x008e3cb8
                                                            0x008e3cbb
                                                            0x008e3cbe
                                                            0x008e3cc0
                                                            0x008e3cc3
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3cc5
                                                            0x008e3cc6
                                                            0x008e3cc9
                                                            0x008e3ccc
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3cce
                                                            0x00000000
                                                            0x008e3ccc
                                                            0x008e3cd2
                                                            0x008e3cd2
                                                            0x008e3cd2
                                                            0x008e3cd3
                                                            0x008e3cd3
                                                            0x008e3cd6
                                                            0x008e3cf9
                                                            0x008e3cfb
                                                            0x00000000
                                                            0x008e3d01
                                                            0x00000000
                                                            0x008e3d01
                                                            0x008e3cd8
                                                            0x008e3cd8
                                                            0x008e3cda
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3cda
                                                            0x008e3cd6
                                                            0x008e3cad
                                                            0x008e3c9c
                                                            0x008e3c43
                                                            0x008e3c43
                                                            0x008e3c46
                                                            0x008e3c5d
                                                            0x008e3c60
                                                            0x00000000
                                                            0x008e3c66
                                                            0x008e3c66
                                                            0x00000000
                                                            0x008e3c68
                                                            0x008e3c68
                                                            0x008e3c6b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3c6b
                                                            0x008e3c66
                                                            0x008e3c48
                                                            0x008e3c48
                                                            0x008e3c4b
                                                            0x00000000
                                                            0x008e3c4d
                                                            0x008e3c4d
                                                            0x00000000
                                                            0x008e3c53
                                                            0x008e3c53
                                                            0x008e3c56
                                                            0x00000000
                                                            0x008e3c58
                                                            0x00000000
                                                            0x008e3c58
                                                            0x008e3c56
                                                            0x008e3c4d
                                                            0x008e3c4b
                                                            0x008e3c46
                                                            0x008e3c10
                                                            0x008e3c10
                                                            0x008e3c13
                                                            0x008e3c2a
                                                            0x008e3c2d
                                                            0x00000000
                                                            0x008e3c33
                                                            0x008e3c33
                                                            0x00000000
                                                            0x008e3c35
                                                            0x008e3c35
                                                            0x008e3c38
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e3c38
                                                            0x008e3c33
                                                            0x008e3c15
                                                            0x008e3c15
                                                            0x008e3c18
                                                            0x00000000
                                                            0x008e3c1a
                                                            0x008e3c1a
                                                            0x008e3d92
                                                            0x008e3d98
                                                            0x008e3d9b
                                                            0x008e3d9b
                                                            0x008e3d9c
                                                            0x008e3d9d
                                                            0x008e3d9e
                                                            0x008e3da0
                                                            0x00000000
                                                            0x008e3c20
                                                            0x008e3c20
                                                            0x008e3c23
                                                            0x00000000
                                                            0x008e3c25
                                                            0x00000000
                                                            0x008e3c25
                                                            0x008e3c23
                                                            0x008e3c1a
                                                            0x008e3c18
                                                            0x008e3c13
                                                            0x008e3c0e
                                                            0x008e3bfc
                                                            0x008e3b9c
                                                            0x008e3b98
                                                            0x008e3b90
                                                            0x008e3b6d
                                                            0x00000000
                                                            0x008e3b4d
                                                            0x008e3db9
                                                            0x008e3dbc
                                                            0x008e3dc1
                                                            0x008e3dc2
                                                            0x008e3dc5
                                                            0x008e3dc8
                                                            0x008e3dcb
                                                            0x008e3dcb
                                                            0x00000000
                                                            0x008e3b2e
                                                            0x008e3947
                                                            0x008e3954
                                                            0x008e3954
                                                            0x008e397b
                                                            0x008e3983
                                                            0x008e3989
                                                            0x008e39ad
                                                            0x008e39af
                                                            0x008e39b1
                                                            0x00000000
                                                            0x008e39b7
                                                            0x008e39b7
                                                            0x008e39b8
                                                            0x008e39bd
                                                            0x008e39bd
                                                            0x008e39c2
                                                            0x008e39c7
                                                            0x008e3f18
                                                            0x008e3f18
                                                            0x008e3f19
                                                            0x008e3f1f
                                                            0x008e39b1
                                                            0x008e38dc
                                                            0x008e38dc
                                                            0x008e38e2
                                                            0x008e38eb
                                                            0x008e38f0
                                                            0x008e38da
                                                            0x008e3f20
                                                            0x008e3f27
                                                            0x008e3f2f
                                                            0x008e3f2f
                                                            0x008e3f38
                                                            0x008e3f3d
                                                            0x008e3f3d
                                                            0x008e3f46
                                                            0x008e3f4b
                                                            0x008e3f4b
                                                            0x008e3f54
                                                            0x008e3f59
                                                            0x008e3f59
                                                            0x008e3f6e

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: lstrlen
                                                            • String ID: Failed to convert version: %ls to DWORD64 for ProductCode: %ls$Failed to copy the installed ProductCode to the package.$Failed to enum related products.$Failed to get product information for ProductCode: %ls$Failed to get version for product in machine context: %ls$Failed to get version for product in user unmanaged context: %ls$Failed to query feature state.$Invalid state value.$Language$UX aborted detect compatible MSI package.$UX aborted detect related MSI package.$UX aborted detect.$VersionString$c:\agent\_work\66\s\src\burn\engine\msiengine.cpp$msasn1.dll
                                                            • API String ID: 1659193697-341873357
                                                            • Opcode ID: 7c44ee6532fee792ebffecc2a652614c66dc65416f284be1e4b1b3415638cd4b
                                                            • Instruction ID: 9ca71b3ab4a90d792c42deee90ee0581d08d4aa543980f9faa731ea6a070055f
                                                            • Opcode Fuzzy Hash: 7c44ee6532fee792ebffecc2a652614c66dc65416f284be1e4b1b3415638cd4b
                                                            • Instruction Fuzzy Hash: 2D22BF31A00259AFDF219FA6CC89FAEBBB9FF46304F244169E905EB156D7319E40CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C4326 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 157stringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1651 8c4326-8c437d InitializeCriticalSection * 2 call 8d4c89 * 2 1656 8c44a1-8c44ab call 8cb45a 1651->1656 1657 8c4383 1651->1657 1662 8c44b0-8c44b4 1656->1662 1658 8c4389-8c4396 1657->1658 1660 8c439c-8c43c8 lstrlenW * 2 CompareStringW 1658->1660 1661 8c4494-8c449b 1658->1661 1663 8c441a-8c4446 lstrlenW * 2 CompareStringW 1660->1663 1664 8c43ca-8c43ed lstrlenW 1660->1664 1661->1656 1661->1658 1665 8c44b6-8c44c2 call 8ffb09 1662->1665 1666 8c44c3-8c44c9 1662->1666 1663->1661 1670 8c4448-8c446b lstrlenW 1663->1670 1667 8c44d7-8c44ec call 8c38ba 1664->1667 1668 8c43f3-8c43f8 1664->1668 1665->1666 1682 8c44f1-8c44f8 1667->1682 1668->1667 1671 8c43fe-8c440e call 8c2abf 1668->1671 1674 8c4471-8c4476 1670->1674 1675 8c4503-8c451d call 8c38ba 1670->1675 1684 8c44cc-8c44d5 1671->1684 1685 8c4414 1671->1685 1674->1675 1679 8c447c-8c448c call 8c2abf 1674->1679 1675->1682 1679->1684 1689 8c448e 1679->1689 1686 8c44f9-8c4501 call 8ffb09 1682->1686 1684->1686 1685->1663 1686->1666 1689->1661
                                                            C-Code - Quality: 65%
                                                            			E008C4326(void* __ecx, union _LARGE_INTEGER* __edx, void* __eflags, struct _CRITICAL_SECTION* _a4, signed int _a8) {
				char _v8;
				void* _t50;
				int _t55;
				WCHAR* _t56;
				int _t62;
				WCHAR* _t63;
				signed int _t69;
				intOrPtr* _t72;
				signed int _t76;
				struct _CRITICAL_SECTION* _t79;
				signed int _t83;
				void* _t89;
				void* _t93;
				union _LARGE_INTEGER* _t96;
				struct _CRITICAL_SECTION* _t98;
				void* _t100;
				void* _t103;

				_t96 = __edx;
				_push(__ecx);
				_a8 = _a8 | 0xffffffff;
				_t98 = _a4;
				_v8 = _a8;
				 *(_t98 + 0x498) =  *(_t98 + 0x498) | 0xffffffff;
				 *(_t98 + 0x494) = 1;
				InitializeCriticalSection(_t98);
				_t9 = _t98 + 0xd0; // 0xd0
				InitializeCriticalSection(_t9);
				_t10 = _t98 + 0x4a0; // 0x4a0
				E008D4C89(_t10);
				_t11 = _t98 + 0x4b8; // 0x4b8
				E008D4C89(_t11);
				_t83 = 0;
				if( *((intOrPtr*)(_t98 + 0x4dc)) <= 0) {
					L14:
					_t40 = _t98 + 0x48; // 0x48
					_t50 = E008CB45A(_t96, _t40, _v8, _a8); // executed
					_t103 = _t50;
					if(_t103 < 0) {
						_push("Failed to initialize engine section.");
						_push(_t103);
						E008FFB09();
					}
					L16:
					return _t103;
				}
				do {
					if( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)))) != 0x2d) {
						goto L13;
					}
					_t55 = lstrlenW(L"burn.filehandle.attached");
					_t56 = L"burn.filehandle.attached";
					if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t56), _t56, _t55) != 2) {
						L8:
						_t62 = lstrlenW(L"burn.filehandle.self");
						_t63 = L"burn.filehandle.self";
						if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t63), _t63, _t62) != 2) {
							goto L13;
						}
						_t69 = lstrlenW(L"burn.filehandle.self");
						_t72 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t69 * 2;
						_t89 = 0x3d;
						_a4 = _t72;
						if(_t89 !=  *((intOrPtr*)(_t72 - 2)) || 0 ==  *_t72) {
							_t100 = 0x80070057;
							E008C38BA(_t72, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\engine.cpp", 0x140, 0x80070057);
							_push(L"burn.filehandle.self");
							L19:
							_push("Missing required parameter for switch: %ls");
							_t103 = _t100;
							_push(_t100);
							goto L20;
						} else {
							_t103 = E008C2ABF( &_v8, _t72, 0,  &_v8);
							if(_t103 < 0) {
								L17:
								_push(_a4);
								_push("Failed to parse file handle: \'%ls\'");
								_push(_t103);
								L20:
								E008FFB09();
								goto L16;
							}
							goto L13;
						}
					}
					_t76 = lstrlenW(L"burn.filehandle.attached");
					_t79 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t76 * 2;
					_t93 = 0x3d;
					_a4 = _t79;
					if(_t93 !=  *((intOrPtr*)(_t79 - 2)) || 0 ==  *_t79) {
						_t100 = 0x80070057;
						E008C38BA(_t79, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\engine.cpp", 0x135, 0x80070057);
						_push(L"burn.filehandle.attached");
						goto L19;
					} else {
						_t103 = E008C2ABF( &_a8, _t79, 0,  &_a8);
						if(_t103 < 0) {
							goto L17;
						}
						goto L8;
					}
					L13:
					_t83 = _t83 + 1;
				} while (_t83 <  *((intOrPtr*)(_t98 + 0x4dc)));
				goto L14;
			}




















                                                            0x008c4326
                                                            0x008c4329
                                                            0x008c432d
                                                            0x008c433a
                                                            0x008c433e
                                                            0x008c4341
                                                            0x008c4348
                                                            0x008c4352
                                                            0x008c4354
                                                            0x008c435b
                                                            0x008c435d
                                                            0x008c4364
                                                            0x008c4369
                                                            0x008c4370
                                                            0x008c4375
                                                            0x008c437d
                                                            0x008c44a1
                                                            0x008c44a4
                                                            0x008c44ab
                                                            0x008c44b0
                                                            0x008c44b4
                                                            0x008c44b6
                                                            0x008c44bb
                                                            0x008c44bc
                                                            0x008c44c2
                                                            0x008c44c3
                                                            0x008c44c9
                                                            0x008c44c9
                                                            0x008c4389
                                                            0x008c4396
                                                            0x00000000
                                                            0x00000000
                                                            0x008c43a1
                                                            0x008c43a4
                                                            0x008c43c8
                                                            0x008c441a
                                                            0x008c441f
                                                            0x008c4422
                                                            0x008c4446
                                                            0x00000000
                                                            0x00000000
                                                            0x008c444d
                                                            0x008c4461
                                                            0x008c4463
                                                            0x008c4464
                                                            0x008c446b
                                                            0x008c4503
                                                            0x008c4513
                                                            0x008c4518
                                                            0x008c44f1
                                                            0x008c44f1
                                                            0x008c44f6
                                                            0x008c44f8
                                                            0x00000000
                                                            0x008c447c
                                                            0x008c4488
                                                            0x008c448c
                                                            0x008c44cc
                                                            0x008c44cc
                                                            0x008c44cf
                                                            0x008c44d4
                                                            0x008c44f9
                                                            0x008c44f9
                                                            0x00000000
                                                            0x008c44fe
                                                            0x00000000
                                                            0x008c448e
                                                            0x008c446b
                                                            0x008c43cf
                                                            0x008c43e3
                                                            0x008c43e5
                                                            0x008c43e6
                                                            0x008c43ed
                                                            0x008c44d7
                                                            0x008c44e7
                                                            0x008c44ec
                                                            0x00000000
                                                            0x008c43fe
                                                            0x008c440a
                                                            0x008c440e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c4414
                                                            0x008c4494
                                                            0x008c4494
                                                            0x008c4495
                                                            0x00000000

                                                            APIs
                                                            • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,008C52A3,?,?,00000000,?,?), ref: 008C4352
                                                            • InitializeCriticalSection.KERNEL32(000000D0,?,?,008C52A3,?,?,00000000,?,?), ref: 008C435B
                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,008C52A3,?,?,00000000,?,?), ref: 008C43A1
                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,008C52A3,?,?,00000000,?,?), ref: 008C43AB
                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,008C52A3,?,?,00000000,?,?), ref: 008C43BF
                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,008C52A3,?,?,00000000,?,?), ref: 008C43CF
                                                            • lstrlenW.KERNEL32(burn.filehandle.self,?,?,008C52A3,?,?,00000000,?,?), ref: 008C441F
                                                            • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,008C52A3,?,?,00000000,?,?), ref: 008C4429
                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,008C52A3,?,?,00000000,?,?), ref: 008C443D
                                                            • lstrlenW.KERNEL32(burn.filehandle.self,?,?,008C52A3,?,?,00000000,?,?), ref: 008C444D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                            • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$c:\agent\_work\66\s\src\burn\engine\engine.cpp
                                                            • API String ID: 3039292287-2540856168
                                                            • Opcode ID: e0046db98e77e9abc03d94f8f4a60e3c2ae30beb089a88a29735cafe917e38f6
                                                            • Instruction ID: 63641d13ac12d73b2821358dd42579052b25157c9afd2fa594ece5e6948a6445
                                                            • Opcode Fuzzy Hash: e0046db98e77e9abc03d94f8f4a60e3c2ae30beb089a88a29735cafe917e38f6
                                                            • Instruction Fuzzy Hash: 2E51EF71A44315BFC724AB68CC96F9A7B69FF50720F10411AF618E7290DBB4E940CBE5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CC252 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 131fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1691 8cc252-8cc284 1692 8cc2ee-8cc30a GetCurrentProcess * 2 DuplicateHandle 1691->1692 1693 8cc286-8cc2a4 CreateFileW 1691->1693 1694 8cc30c-8cc316 1692->1694 1695 8cc344 1692->1695 1696 8cc2aa-8cc2b4 1693->1696 1697 8cc346-8cc34c 1693->1697 1705 8cc318-8cc321 1694->1705 1706 8cc323 1694->1706 1695->1697 1707 8cc2b6-8cc2bf 1696->1707 1708 8cc2c1 1696->1708 1698 8cc34e-8cc354 1697->1698 1699 8cc356 1697->1699 1700 8cc358-8cc366 SetFilePointerEx 1698->1700 1699->1700 1703 8cc39d-8cc3a3 1700->1703 1704 8cc368-8cc372 1700->1704 1711 8cc3a5-8cc3a9 call 8e14e3 1703->1711 1712 8cc3c1-8cc3c7 1703->1712 1719 8cc37f 1704->1719 1720 8cc374-8cc37d 1704->1720 1705->1706 1709 8cc32a-8cc342 call 8c38ba 1706->1709 1710 8cc325 1706->1710 1707->1708 1713 8cc2c8-8cc2db call 8c38ba 1708->1713 1714 8cc2c3 1708->1714 1724 8cc2e0-8cc2e9 call 8ffb09 1709->1724 1710->1709 1722 8cc3ae-8cc3b2 1711->1722 1713->1724 1714->1713 1725 8cc386-8cc39b call 8c38ba 1719->1725 1726 8cc381 1719->1726 1720->1719 1722->1712 1727 8cc3b4 1722->1727 1724->1712 1728 8cc3b9-8cc3c0 call 8ffb09 1725->1728 1726->1725 1727->1728 1728->1712
                                                            C-Code - Quality: 58%
                                                            			E008CC252(HANDLE* _a4, intOrPtr _a8, void* _a12, WCHAR* _a16) {
				void* _t29;
				long _t31;
				intOrPtr _t32;
				union _LARGE_INTEGER* _t33;
				long _t34;
				long _t38;
				void* _t45;
				HANDLE* _t48;
				intOrPtr _t49;
				long _t52;
				union _LARGE_INTEGER _t56;
				long _t63;

				_t49 = _a8;
				_t48 = _a4;
				_t48[6] =  *(_t49 + 4);
				_t52 = 0;
				_t56 = 0;
				_t48[4] =  *(_t49 + 0x18);
				_t48[5] =  *(_t49 + 0x1c);
				_t48[2] =  *(_t49 + 0x40);
				_t48[3] =  *(_t49 + 0x44);
				if(_a12 != 0xffffffff) {
					_t29 = GetCurrentProcess();
					_t31 = DuplicateHandle(GetCurrentProcess(), _a12, _t29, _t48, 0, 0, 2); // executed
					__eflags = _t31;
					if(_t31 != 0) {
						_t56 = 0;
						goto L15;
					} else {
						_t52 = GetLastError();
						__eflags = _t52;
						if(__eflags > 0) {
							_t52 = _t52 & 0x0000ffff | 0x80070000;
							__eflags = _t52;
						}
						if(__eflags >= 0) {
							_t52 = 0x80004005;
						}
						E008C38BA(_t42, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\container.cpp", 0xec, _t52);
						_push(_a16);
						_push("Failed to duplicate handle to container: %ls");
						goto L7;
					}
				} else {
					_t45 = CreateFileW(_a16, 0x80000000, 1, 0, 3, 0x8000080, 0);
					 *_t48 = _t45;
					if(_t45 != 0xffffffff) {
						L15:
						_t32 = _a8;
						__eflags =  *((intOrPtr*)(_t32 + 0xc)) - _t52;
						if( *((intOrPtr*)(_t32 + 0xc)) == _t52) {
							_t33 = _t52;
						} else {
							_t56 = _t48[2];
							_t33 = _t48[3];
						}
						_push(_t52);
						_t34 = SetFilePointerEx( *_t48, _t56, _t33, _t52); // executed
						__eflags = _t34;
						if(_t34 != 0) {
							__eflags = _t48[6] == 1;
							if(_t48[6] == 1) {
								_t38 = E008E14E3(_t48, _a16); // executed
								_t52 = _t38;
								__eflags = _t52;
								if(_t52 < 0) {
									_push("Failed to open container.");
									goto L27;
								}
							}
						} else {
							_t52 = GetLastError();
							__eflags = _t52;
							if(__eflags > 0) {
								_t52 = _t52 & 0x0000ffff | 0x80070000;
								__eflags = _t52;
							}
							if(__eflags >= 0) {
								_t52 = 0x80004005;
							}
							E008C38BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\container.cpp", 0xf8, _t52);
							_push("Failed to move file pointer to container offset.");
							L27:
							_push(_t52);
							E008FFB09();
						}
					} else {
						_t52 = GetLastError();
						if(_t52 > 0) {
							_t52 = _t52 & 0x0000ffff | 0x80070000;
							_t63 = _t52;
						}
						if(_t63 >= 0) {
							_t52 = 0x80004005;
						}
						E008C38BA(_t46, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\container.cpp", 0xe6, _t52);
						_push(_a16);
						_push("Failed to open file: %ls");
						L7:
						_push(_t52);
						E008FFB09();
					}
				}
				return _t52;
			}















                                                            0x008cc255
                                                            0x008cc259
                                                            0x008cc261
                                                            0x008cc264
                                                            0x008cc26a
                                                            0x008cc26f
                                                            0x008cc275
                                                            0x008cc27b
                                                            0x008cc281
                                                            0x008cc284
                                                            0x008cc2f9
                                                            0x008cc302
                                                            0x008cc308
                                                            0x008cc30a
                                                            0x008cc344
                                                            0x00000000
                                                            0x008cc30c
                                                            0x008cc312
                                                            0x008cc314
                                                            0x008cc316
                                                            0x008cc31b
                                                            0x008cc321
                                                            0x008cc321
                                                            0x008cc323
                                                            0x008cc325
                                                            0x008cc325
                                                            0x008cc335
                                                            0x008cc33a
                                                            0x008cc33d
                                                            0x00000000
                                                            0x008cc33d
                                                            0x008cc286
                                                            0x008cc299
                                                            0x008cc29f
                                                            0x008cc2a4
                                                            0x008cc346
                                                            0x008cc346
                                                            0x008cc349
                                                            0x008cc34c
                                                            0x008cc356
                                                            0x008cc34e
                                                            0x008cc34e
                                                            0x008cc351
                                                            0x008cc351
                                                            0x008cc358
                                                            0x008cc35e
                                                            0x008cc364
                                                            0x008cc366
                                                            0x008cc3a0
                                                            0x008cc3a3
                                                            0x008cc3a9
                                                            0x008cc3ae
                                                            0x008cc3b0
                                                            0x008cc3b2
                                                            0x008cc3b4
                                                            0x00000000
                                                            0x008cc3b4
                                                            0x008cc3b2
                                                            0x008cc368
                                                            0x008cc36e
                                                            0x008cc370
                                                            0x008cc372
                                                            0x008cc377
                                                            0x008cc37d
                                                            0x008cc37d
                                                            0x008cc37f
                                                            0x008cc381
                                                            0x008cc381
                                                            0x008cc391
                                                            0x008cc396
                                                            0x008cc3b9
                                                            0x008cc3b9
                                                            0x008cc3ba
                                                            0x008cc3c0
                                                            0x008cc2aa
                                                            0x008cc2b0
                                                            0x008cc2b4
                                                            0x008cc2b9
                                                            0x008cc2bf
                                                            0x008cc2bf
                                                            0x008cc2c1
                                                            0x008cc2c3
                                                            0x008cc2c3
                                                            0x008cc2d3
                                                            0x008cc2d8
                                                            0x008cc2db
                                                            0x008cc2e0
                                                            0x008cc2e0
                                                            0x008cc2e1
                                                            0x008cc2e6
                                                            0x008cc2a4
                                                            0x008cc3c7

                                                            APIs
                                                            • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,008CC442,008C5442,?,?,008C5482), ref: 008CC299
                                                            • GetLastError.KERNEL32(?,008CC442,008C5442,?,?,008C5482,008C5482,00000000,?,00000000), ref: 008CC2AA
                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,008CC442,008C5442,?,?,008C5482,008C5482,00000000,?), ref: 008CC2F9
                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000,?,008CC442,008C5442,?,?,008C5482,008C5482,00000000,?,00000000), ref: 008CC2FF
                                                            • DuplicateHandle.KERNELBASE(00000000,?,008CC442,008C5442,?,?,008C5482,008C5482,00000000,?,00000000), ref: 008CC302
                                                            • GetLastError.KERNEL32(?,008CC442,008C5442,?,?,008C5482,008C5482,00000000,?,00000000), ref: 008CC30C
                                                            • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,008CC442,008C5442,?,?,008C5482,008C5482,00000000,?,00000000), ref: 008CC35E
                                                            • GetLastError.KERNEL32(?,008CC442,008C5442,?,?,008C5482,008C5482,00000000,?,00000000), ref: 008CC368
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                            • String ID: @Mqt$Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$c:\agent\_work\66\s\src\burn\engine\container.cpp$crypt32.dll$feclient.dll
                                                            • API String ID: 2619879409-2239166599
                                                            • Opcode ID: 377288d4232c64e2de09f730d1136947166be0bb8040f5694077664595ed7171
                                                            • Instruction ID: 22fb0ded825470d1c6ef5e93c13bdfcff42cb468490a319dfdb3906a19c903e0
                                                            • Opcode Fuzzy Hash: 377288d4232c64e2de09f730d1136947166be0bb8040f5694077664595ed7171
                                                            • Instruction Fuzzy Hash: 1F41C436240245ABDB209F29AC45F1B7AB5FBC5720F21802DFD18EB381E635C801DBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 009028BD Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 152libraryloadercomCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1735 9028bd-9028e1 GetModuleHandleA 1736 9028e3-9028ed 1735->1736 1737 902916-902927 GetProcAddress 1735->1737 1745 9028fa 1736->1745 1746 9028ef-9028f8 1736->1746 1738 902929-90294d GetProcAddress * 3 1737->1738 1739 90296a 1737->1739 1742 902966-902968 1738->1742 1743 90294f-902951 1738->1743 1741 90296c-902989 CoCreateInstance 1739->1741 1747 902a1f-902a21 1741->1747 1748 90298f-902991 1741->1748 1742->1741 1743->1742 1744 902953-902955 1743->1744 1744->1742 1749 902957-902964 1744->1749 1750 902901-902911 call 8c38ba 1745->1750 1751 9028fc 1745->1751 1746->1745 1753 902a23-902a2a 1747->1753 1754 902a34 1747->1754 1752 902996-9029a6 1748->1752 1749->1741 1755 902a35-902a3a 1750->1755 1751->1750 1757 9029b0 1752->1757 1758 9029a8-9029ac 1752->1758 1753->1754 1769 902a2c-902a2e ExitProcess 1753->1769 1754->1755 1759 902a42-902a47 1755->1759 1760 902a3c-902a3e 1755->1760 1765 9029b2-9029c2 1757->1765 1758->1752 1763 9029ae 1758->1763 1766 902a49-902a4b 1759->1766 1767 902a4f-902a54 1759->1767 1760->1759 1768 9029ca 1763->1768 1770 9029d4-9029d8 1765->1770 1771 9029c4-9029c8 1765->1771 1766->1767 1768->1770 1772 902a03-902a14 1770->1772 1773 9029da-9029ed call 902a57 1770->1773 1771->1765 1771->1768 1772->1747 1776 902a16-902a1d 1772->1776 1773->1747 1778 9029ef-902a01 1773->1778 1776->1747 1778->1747 1778->1772
                                                            C-Code - Quality: 63%
                                                            			E009028BD(signed short _a4, intOrPtr* _a8, signed short _a12) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed short _v20;
				signed short _t38;
				signed short _t46;
				signed int _t53;
				signed short _t58;
				signed int _t63;
				signed short _t64;
				intOrPtr* _t65;
				intOrPtr* _t66;
				signed int _t67;
				signed int _t68;
				signed short _t70;
				signed short _t73;
				signed short _t78;
				struct HINSTANCE__* _t80;
				signed short _t81;
				signed short _t85;

				_t63 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t80 = GetModuleHandleA("kernel32.dll");
				if(_t80 != 0) {
					_t38 = GetProcAddress(_t80, "IsWow64Process");
					__eflags = _t38;
					if(_t38 == 0) {
						_t78 = 0;
						L13:
						__imp__CoCreateInstance(0x92b688, 0, 1, 0x90a878,  &_v8); // executed
						_t81 = 0x92b688;
						__eflags = 0x92b688;
						if(0x92b688 < 0) {
							L27:
							__eflags = _t63;
							if(_t63 == 0) {
								L30:
								L31:
								_t65 = _v12;
								if(_t65 != 0) {
									 *((intOrPtr*)( *_t65 + 8))(_t65);
								}
								_t66 = _v8;
								if(_t66 != 0) {
									 *((intOrPtr*)( *_t66 + 8))(_t66);
								}
								return _t81;
							}
							_t46 =  *_t78(_v16);
							__eflags = _t46;
							if(_t46 != 0) {
								goto L30;
							}
							ExitProcess(1);
						}
						_t67 = 0;
						__eflags = 0;
						_t73 = 0x92b688;
						while(1) {
							__eflags =  *((intOrPtr*)(_t73 + _t67 * 4)) -  *((intOrPtr*)(0x90a868 + _t67 * 4));
							_t73 = 0x92b688;
							if(__eflags != 0) {
								break;
							}
							_t67 = _t67 + 1;
							__eflags = _t67 - 4;
							if(_t67 != 4) {
								continue;
							}
							L21:
							 *0x92b698 = 1;
							L22:
							__eflags = _a4;
							if(_a4 == 0) {
								L25:
								_v8 = _v8 & 0x00000000;
								 *_a8 = _v8;
								_t70 = _a12;
								__eflags = _t70;
								if(_t70 != 0) {
									_t29 =  &_v12;
									 *_t29 = _v12 & 0x00000000;
									__eflags =  *_t29;
									 *_t70 = _v12;
								}
								goto L27;
							}
							_t81 = E00902A57( &_v12, _v8, _a4,  &_v12);
							__eflags = _t81;
							if(_t81 < 0) {
								goto L27;
							}
							_t53 = _v8;
							_t81 =  *((intOrPtr*)( *_t53 + 0x54))(_t53, _v12, 0);
							__eflags = _t81;
							if(_t81 < 0) {
								goto L27;
							}
							goto L25;
						}
						_t68 = 0;
						__eflags = 0;
						while(1) {
							__eflags =  *((intOrPtr*)(_t73 + _t68 * 4)) -  *((intOrPtr*)(0x90a858 + _t68 * 4));
							_t73 = 0x92b688;
							if(__eflags != 0) {
								goto L22;
							}
							_t68 = _t68 + 1;
							__eflags = _t68 - 4;
							if(_t68 != 4) {
								continue;
							}
							goto L21;
						}
						goto L22;
					}
					_v20 = GetProcAddress(_t80, "Wow64DisableWow64FsRedirection");
					_t64 = GetProcAddress(_t80, "Wow64EnableWow64FsRedirection");
					_t78 = GetProcAddress(_t80, "Wow64RevertWow64FsRedirection");
					_t58 = _v20;
					__eflags = _t58;
					if(_t58 == 0) {
						L11:
						_t63 = 0;
						goto L13;
					}
					__eflags = _t64;
					if(_t64 == 0) {
						goto L11;
					}
					__eflags = _t78;
					if(_t78 == 0) {
						goto L11;
					}
					 *_t58( &_v16);
					_t63 =  *_t64(1) & 0x000000ff;
					goto L13;
				}
				_t81 = GetLastError();
				if(_t81 > 0) {
					_t81 = _t81 & 0x0000ffff | 0x80070000;
					_t85 = _t81;
				}
				if(_t85 >= 0) {
					_t81 = 0x80004005;
				}
				E008C38BA(_t61, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x85, _t81);
				goto L31;
			}























                                                            0x009028cc
                                                            0x009028ce
                                                            0x009028d1
                                                            0x009028d4
                                                            0x009028dd
                                                            0x009028e1
                                                            0x00902923
                                                            0x00902925
                                                            0x00902927
                                                            0x0090296a
                                                            0x0090296c
                                                            0x0090297f
                                                            0x00902985
                                                            0x00902987
                                                            0x00902989
                                                            0x00902a1f
                                                            0x00902a1f
                                                            0x00902a21
                                                            0x00902a34
                                                            0x00902a35
                                                            0x00902a35
                                                            0x00902a3a
                                                            0x00902a3f
                                                            0x00902a3f
                                                            0x00902a42
                                                            0x00902a47
                                                            0x00902a4c
                                                            0x00902a4c
                                                            0x00902a54
                                                            0x00902a54
                                                            0x00902a26
                                                            0x00902a28
                                                            0x00902a2a
                                                            0x00000000
                                                            0x00000000
                                                            0x00902a2e
                                                            0x00902a2e
                                                            0x0090298f
                                                            0x0090298f
                                                            0x00902991
                                                            0x00902996
                                                            0x0090299e
                                                            0x009029a1
                                                            0x009029a6
                                                            0x00000000
                                                            0x00000000
                                                            0x009029a8
                                                            0x009029a9
                                                            0x009029ac
                                                            0x00000000
                                                            0x00000000
                                                            0x009029ca
                                                            0x009029ca
                                                            0x009029d4
                                                            0x009029d4
                                                            0x009029d8
                                                            0x00902a03
                                                            0x00902a09
                                                            0x00902a0d
                                                            0x00902a0f
                                                            0x00902a12
                                                            0x00902a14
                                                            0x00902a19
                                                            0x00902a19
                                                            0x00902a19
                                                            0x00902a1d
                                                            0x00902a1d
                                                            0x00000000
                                                            0x00902a14
                                                            0x009029e9
                                                            0x009029eb
                                                            0x009029ed
                                                            0x00000000
                                                            0x00000000
                                                            0x009029ef
                                                            0x009029fd
                                                            0x009029ff
                                                            0x00902a01
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00902a01
                                                            0x009029b0
                                                            0x009029b0
                                                            0x009029b2
                                                            0x009029ba
                                                            0x009029bd
                                                            0x009029c2
                                                            0x00000000
                                                            0x00000000
                                                            0x009029c4
                                                            0x009029c5
                                                            0x009029c8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x009029c8
                                                            0x00000000
                                                            0x009029b2
                                                            0x00902937
                                                            0x00902942
                                                            0x00902946
                                                            0x00902948
                                                            0x0090294b
                                                            0x0090294d
                                                            0x00902966
                                                            0x00902966
                                                            0x00000000
                                                            0x00902966
                                                            0x0090294f
                                                            0x00902951
                                                            0x00000000
                                                            0x00000000
                                                            0x00902953
                                                            0x00902955
                                                            0x00000000
                                                            0x00000000
                                                            0x0090295b
                                                            0x00902961
                                                            0x00000000
                                                            0x00902961
                                                            0x009028e9
                                                            0x009028ed
                                                            0x009028f2
                                                            0x009028f8
                                                            0x009028f8
                                                            0x009028fa
                                                            0x009028fc
                                                            0x009028fc
                                                            0x0090290c
                                                            0x00000000

                                                            APIs
                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00902E6B,00000000,?,00000000), ref: 009028D7
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,008EBD14,?,008C5442,?,00000000,?), ref: 009028E3
                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00902923
                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0090292F
                                                            • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 0090293A
                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00902944
                                                            • CoCreateInstance.OLE32(0092B688,00000000,00000001,0090A878,?,?,?,?,?,?,?,?,?,?,?,008EBD14), ref: 0090297F
                                                            • ExitProcess.KERNEL32 ref: 00902A2E
                                                            Strings
                                                            • Wow64EnableWow64FsRedirection, xrefs: 00902931
                                                            • IsWow64Process, xrefs: 0090291D
                                                            • c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp, xrefs: 00902907
                                                            • kernel32.dll, xrefs: 009028C7
                                                            • @Mqt, xrefs: 009028E3
                                                            • Wow64DisableWow64FsRedirection, xrefs: 00902929
                                                            • Wow64RevertWow64FsRedirection, xrefs: 0090293C
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                            • String ID: @Mqt$IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp$kernel32.dll
                                                            • API String ID: 2124981135-846803452
                                                            • Opcode ID: 2d036b5a9a2da507c31ff1643dc7b45c882f3453f7cedfc82fbf7400e6c8cbd5
                                                            • Instruction ID: e202537205f7f315407999e7d4f813752efdbf6170e4a6107dd6eac9f79cb89b
                                                            • Opcode Fuzzy Hash: 2d036b5a9a2da507c31ff1643dc7b45c882f3453f7cedfc82fbf7400e6c8cbd5
                                                            • Instruction Fuzzy Hash: 2441BF31B01325AFDB20DBA8C948BAEB7E8EF44B50F114068E905EB2C4DB75DD419B90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00902368 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1780 902368-902388 call 8c38d1 1783 902492-902496 1780->1783 1784 90238e-90239c call 904289 1780->1784 1786 9024a0-9024a4 1783->1786 1787 902498-90249b call 8c2762 1783->1787 1788 9023a1-9023c0 GetProcAddress 1784->1788 1787->1786 1790 9023c2 1788->1790 1791 9023c7-9023e0 GetProcAddress 1788->1791 1790->1791 1792 9023e2 1791->1792 1793 9023e7-902400 GetProcAddress 1791->1793 1792->1793 1794 902402 1793->1794 1795 902407-902420 GetProcAddress 1793->1795 1794->1795 1796 902422 1795->1796 1797 902427-902440 GetProcAddress 1795->1797 1796->1797 1798 902442 1797->1798 1799 902447-902460 GetProcAddress 1797->1799 1798->1799 1800 902462 1799->1800 1801 902467-902481 GetProcAddress 1799->1801 1800->1801 1802 902483 1801->1802 1803 902488 1801->1803 1802->1803 1803->1783
                                                            C-Code - Quality: 100%
                                                            			E00902368(void* __ecx, void* __edx, void* __esi, void* __eflags) {
				signed int _v8;
				void* _t8;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t17;
				_Unknown_base(*)()* _t18;
				void* _t22;

				_v8 = _v8 & 0x00000000;
				_t8 = E008C38D1(__edx, L"Msi.dll", 0x92b65c,  &_v8); // executed
				_t22 = _t8;
				if(_t22 >= 0) {
					E00904289(_v8, 0x92b680, 0x92b684); // executed
					_t12 = GetProcAddress( *0x92b65c, "MsiDeterminePatchSequenceW");
					 *0x92b660 = _t12;
					if( *0x92b640 == 0) {
						 *0x92b640 = _t12;
					}
					_t13 = GetProcAddress( *0x92b65c, "MsiDetermineApplicablePatchesW");
					 *0x92b664 = _t13;
					if( *0x92b644 == 0) {
						 *0x92b644 = _t13;
					}
					_t14 = GetProcAddress( *0x92b65c, "MsiEnumProductsExW");
					 *0x92b668 = _t14;
					if( *0x92b648 == 0) {
						 *0x92b648 = _t14;
					}
					_t15 = GetProcAddress( *0x92b65c, "MsiGetPatchInfoExW");
					 *0x92b66c = _t15;
					if( *0x92b64c == 0) {
						 *0x92b64c = _t15;
					}
					_t16 = GetProcAddress( *0x92b65c, "MsiGetProductInfoExW");
					 *0x92b670 = _t16;
					if( *0x92b650 == 0) {
						 *0x92b650 = _t16;
					}
					_t17 = GetProcAddress( *0x92b65c, "MsiSetExternalUIRecord");
					 *0x92b674 = _t17;
					if( *0x92b654 == 0) {
						 *0x92b654 = _t17;
					}
					_t18 = GetProcAddress( *0x92b65c, "MsiSourceListAddSourceExW");
					 *0x92b678 = _t18;
					if( *0x92b658 == 0) {
						 *0x92b658 = _t18;
					}
					 *0x92b67c = 1;
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				return _t22;
			}













                                                            0x0090236c
                                                            0x0090237f
                                                            0x00902384
                                                            0x00902388
                                                            0x0090239c
                                                            0x009023b2
                                                            0x009023bb
                                                            0x009023c0
                                                            0x009023c2
                                                            0x009023c2
                                                            0x009023d2
                                                            0x009023db
                                                            0x009023e0
                                                            0x009023e2
                                                            0x009023e2
                                                            0x009023f2
                                                            0x009023fb
                                                            0x00902400
                                                            0x00902402
                                                            0x00902402
                                                            0x00902412
                                                            0x0090241b
                                                            0x00902420
                                                            0x00902422
                                                            0x00902422
                                                            0x00902432
                                                            0x0090243b
                                                            0x00902440
                                                            0x00902442
                                                            0x00902442
                                                            0x00902452
                                                            0x0090245b
                                                            0x00902460
                                                            0x00902462
                                                            0x00902462
                                                            0x00902472
                                                            0x0090247b
                                                            0x00902481
                                                            0x00902483
                                                            0x00902483
                                                            0x00902488
                                                            0x00902488
                                                            0x00902496
                                                            0x0090249b
                                                            0x0090249b
                                                            0x009024a4

                                                            APIs
                                                              • Part of subcall function 008C38D1: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 008C3910
                                                              • Part of subcall function 008C38D1: GetLastError.KERNEL32 ref: 008C391A
                                                              • Part of subcall function 00904289: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 009042BA
                                                            • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 009023B2
                                                            • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 009023D2
                                                            • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 009023F2
                                                            • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00902412
                                                            • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00902432
                                                            • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00902452
                                                            • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00902472
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$ErrorLast$DirectorySystem
                                                            • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                            • API String ID: 2510051996-1735120554
                                                            • Opcode ID: 2aa0eada4039e4c1558338c62585e2e1309988aa2e0956e7a8632bcf1bd8d21b
                                                            • Instruction ID: 2fbdd8e2acd3b118368553f49a3517462a26237961208479d55be2a0f8b7f94b
                                                            • Opcode Fuzzy Hash: 2aa0eada4039e4c1558338c62585e2e1309988aa2e0956e7a8632bcf1bd8d21b
                                                            • Instruction Fuzzy Hash: 593126B0929A58EEDB319F60FC09B697BF6E740728F11412AE000965B0D775195AFF80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E14E3 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 70%
                                                            			E008E14E3(void* _a4, intOrPtr _a8) {
				signed short _t11;
				signed short _t12;
				signed short _t13;
				void* _t26;
				signed short _t27;

				_t26 = _a4;
				 *(_t26 + 0x3c) =  *(_t26 + 0x3c) | 0xffffffff;
				_t27 = E008C229E(_t26 + 0x1c, _a8, 0);
				if(_t27 >= 0) {
					_t11 = CreateEventW(0, 1, 0, 0);
					 *(_t26 + 0x24) = _t11;
					__eflags = _t11;
					if(_t11 != 0) {
						_t12 = CreateEventW(0, 1, 0, 0);
						 *(_t26 + 0x28) = _t12;
						__eflags = _t12;
						if(_t12 != 0) {
							_t13 = CreateThread(0, 0, E008E0EA0, _t26, 0, 0); // executed
							 *(_t26 + 0x20) = _t13;
							__eflags = _t13;
							if(_t13 != 0) {
								_t27 = E008E1286(_t26);
								__eflags = _t27;
								if(_t27 < 0) {
									_push("Failed to wait for operation complete.");
									goto L22;
								}
							} else {
								_t27 = GetLastError();
								__eflags = _t27;
								if(__eflags > 0) {
									_t27 = _t27 & 0x0000ffff | 0x80070000;
									__eflags = _t27;
								}
								if(__eflags >= 0) {
									_t27 = 0x80004005;
								}
								E008C38BA(_t17, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x93, _t27);
								_push("Failed to create extraction thread.");
								goto L22;
							}
						} else {
							_t27 = GetLastError();
							__eflags = _t27;
							if(__eflags > 0) {
								_t27 = _t27 & 0x0000ffff | 0x80070000;
								__eflags = _t27;
							}
							if(__eflags >= 0) {
								_t27 = 0x80004005;
							}
							E008C38BA(_t19, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x8f, _t27);
							_push("Failed to create operation complete event.");
							goto L22;
						}
					} else {
						_t27 = GetLastError();
						__eflags = _t27;
						if(__eflags > 0) {
							_t27 = _t27 & 0x0000ffff | 0x80070000;
							__eflags = _t27;
						}
						if(__eflags >= 0) {
							_t27 = 0x80004005;
						}
						E008C38BA(_t21, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x8c, _t27);
						_push("Failed to create begin operation event.");
						goto L22;
					}
				} else {
					_push("Failed to copy file name.");
					L22:
					_push(_t27);
					E008FFB09();
				}
				return _t27;
			}








                                                            0x008e14e9
                                                            0x008e14f2
                                                            0x008e14ff
                                                            0x008e1503
                                                            0x008e151a
                                                            0x008e151c
                                                            0x008e151f
                                                            0x008e1521
                                                            0x008e1560
                                                            0x008e1562
                                                            0x008e1565
                                                            0x008e1567
                                                            0x008e15a8
                                                            0x008e15ae
                                                            0x008e15b1
                                                            0x008e15b3
                                                            0x008e15f0
                                                            0x008e15f2
                                                            0x008e15f4
                                                            0x008e15f6
                                                            0x00000000
                                                            0x008e15f6
                                                            0x008e15b5
                                                            0x008e15bb
                                                            0x008e15bd
                                                            0x008e15bf
                                                            0x008e15c4
                                                            0x008e15ca
                                                            0x008e15ca
                                                            0x008e15cc
                                                            0x008e15ce
                                                            0x008e15ce
                                                            0x008e15de
                                                            0x008e15e3
                                                            0x00000000
                                                            0x008e15e3
                                                            0x008e1569
                                                            0x008e156f
                                                            0x008e1571
                                                            0x008e1573
                                                            0x008e1578
                                                            0x008e157e
                                                            0x008e157e
                                                            0x008e1580
                                                            0x008e1582
                                                            0x008e1582
                                                            0x008e1592
                                                            0x008e1597
                                                            0x00000000
                                                            0x008e1597
                                                            0x008e1523
                                                            0x008e1529
                                                            0x008e152b
                                                            0x008e152d
                                                            0x008e1532
                                                            0x008e1538
                                                            0x008e1538
                                                            0x008e153a
                                                            0x008e153c
                                                            0x008e153c
                                                            0x008e154c
                                                            0x008e1551
                                                            0x00000000
                                                            0x008e1551
                                                            0x008e1505
                                                            0x008e1505
                                                            0x008e15fb
                                                            0x008e15fb
                                                            0x008e15fc
                                                            0x008e1602
                                                            0x008e1609

                                                            APIs
                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,008CC3AE,?,00000000,?,008CC442), ref: 008E151A
                                                            • GetLastError.KERNEL32(?,008CC3AE,?,00000000,?,008CC442,008C5442,?,?,008C5482,008C5482,00000000,?,00000000), ref: 008E1523
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CreateErrorEventLast
                                                            • String ID: @Mqt$Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp$wininet.dll
                                                            • API String ID: 545576003-3879835183
                                                            • Opcode ID: 6509bade9eb423d06258ff9fb51ea5174e967678d75e911a95fd6f8b3f4b4246
                                                            • Instruction ID: b4e0677275b9432e7a2630c1ca82afb7a3ab1863f1eca45384c8e1771e005f67
                                                            • Opcode Fuzzy Hash: 6509bade9eb423d06258ff9fb51ea5174e967678d75e911a95fd6f8b3f4b4246
                                                            • Instruction Fuzzy Hash: 24213E77E4577F7BEA21126A5C5AF67656CFF82B64B010225BD02FB1C0E678DC0046E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E0671 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 105fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 75%
                                                            			E008E0671(void* __ecx, CHAR* _a4) {
				void* _v8;
				long _t18;
				void* _t19;
				void* _t25;
				int _t27;
				signed int _t33;
				int _t34;
				signed int _t37;
				void** _t41;
				signed short _t44;
				signed short _t54;

				_push(__ecx);
				_t37 =  *0x92aa94; // 0x0
				_push(_t33);
				_t34 = _t33 | 0xffffffff;
				_t44 = 0;
				_v8 = _t34;
				_t41 =  *( *((intOrPtr*)( *[fs:0x2c] + _t37 * 4)) + 4);
				_t18 = CompareStringA(0, 0, "<the>.cab", _t34, _a4, _t34); // executed
				if(_t18 != 2) {
					_t19 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x8000080, 0);
					_v8 = _t19;
					__eflags = _t19 - _t34;
					if(_t19 == _t34) {
						_t44 = GetLastError();
						__eflags = _t44;
						if(__eflags > 0) {
							_t44 = _t44 & 0x0000ffff | 0x80070000;
							__eflags = _t44;
						}
						if(__eflags >= 0) {
							_t44 = 0x80004005;
						}
						E008C38BA(_t21, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x2d5, _t44);
						E008FFB09(_t44, "Failed to open cabinet file: %hs", _a4);
					}
					L16:
					_t41[0xc] = _t44;
					if(_t44 >= 0) {
						_t34 = _v8;
					}
					return _t34;
				}
				_t25 = GetCurrentProcess();
				_t27 = DuplicateHandle(GetCurrentProcess(),  *_t41, _t25,  &_v8, 0, 0, _t18); // executed
				if(_t27 != 0) {
					_t44 = E008E0508(_t37, __eflags,  &(_t41[7]), _v8, _t41[2], _t41[3]);
					__eflags = _t44;
					if(_t44 >= 0) {
						goto L16;
					}
					_push("Failed to add virtual file pointer for cab container.");
					L7:
					_push(_t44);
					E008FFB09();
					goto L16;
				}
				_t44 = GetLastError();
				if(_t44 > 0) {
					_t44 = _t44 & 0x0000ffff | 0x80070000;
					_t54 = _t44;
				}
				if(_t54 >= 0) {
					_t44 = 0x80004005;
				}
				E008C38BA(_t31, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x2ca, _t44);
				_push("Failed to duplicate handle to cab container.");
				goto L7;
			}














                                                            0x008e0674
                                                            0x008e0675
                                                            0x008e0681
                                                            0x008e0687
                                                            0x008e068e
                                                            0x008e0690
                                                            0x008e0693
                                                            0x008e06a1
                                                            0x008e06aa
                                                            0x008e073a
                                                            0x008e0740
                                                            0x008e0743
                                                            0x008e0745
                                                            0x008e074d
                                                            0x008e074f
                                                            0x008e0751
                                                            0x008e0756
                                                            0x008e075c
                                                            0x008e075c
                                                            0x008e075e
                                                            0x008e0760
                                                            0x008e0760
                                                            0x008e0770
                                                            0x008e077e
                                                            0x008e0783
                                                            0x008e0786
                                                            0x008e0786
                                                            0x008e078b
                                                            0x008e078d
                                                            0x008e078d
                                                            0x008e0796
                                                            0x008e0796
                                                            0x008e06b9
                                                            0x008e06c1
                                                            0x008e06c9
                                                            0x008e071a
                                                            0x008e071c
                                                            0x008e071e
                                                            0x00000000
                                                            0x00000000
                                                            0x008e0720
                                                            0x008e06fe
                                                            0x008e06fe
                                                            0x008e06ff
                                                            0x00000000
                                                            0x008e0705
                                                            0x008e06d1
                                                            0x008e06d5
                                                            0x008e06da
                                                            0x008e06e0
                                                            0x008e06e0
                                                            0x008e06e2
                                                            0x008e06e4
                                                            0x008e06e4
                                                            0x008e06f4
                                                            0x008e06f9
                                                            0x00000000

                                                            APIs
                                                            • CompareStringA.KERNEL32(00000000,00000000,<the>.cab,?,?), ref: 008E06A1
                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 008E06B9
                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 008E06BE
                                                            • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 008E06C1
                                                            • GetLastError.KERNEL32(?,?), ref: 008E06CB
                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 008E073A
                                                            • GetLastError.KERNEL32(?,?), ref: 008E0747
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                            • String ID: <the>.cab$@Mqt$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 3030546534-2371446320
                                                            • Opcode ID: d8ff369d8b0ba421640076835a52fc6980648f8b2c05be0aecdf56c335146001
                                                            • Instruction ID: 0f4799c48ff99e7ef389f6c1f503e3045b1c584056a2692e64e3267fa10614af
                                                            • Opcode Fuzzy Hash: d8ff369d8b0ba421640076835a52fc6980648f8b2c05be0aecdf56c335146001
                                                            • Instruction Fuzzy Hash: 2A314336A0523ABFD7215B9A9C09E9B7E68FF06760F110520FE00F7290D6A5AD40DEE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D3F22 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 225sleepCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 75%
                                                            			E008D3F22(void* __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __edi;
				void* __esi;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t51;
				intOrPtr* _t55;
				intOrPtr _t68;
				intOrPtr _t75;
				intOrPtr* _t84;
				intOrPtr* _t85;
				signed char* _t89;
				intOrPtr _t103;
				intOrPtr* _t105;
				char _t108;

				_t92 = __ecx;
				_push(__ecx);
				_t105 = _a4;
				_t108 = 0;
				_v8 = 0;
				_t89 = _t105 + 8;
				E008D3A2C(__ecx, _t105, 0, _t89); // executed
				if(( *_t89 & 0x00000006) == 0) {
					L11:
					_t103 = 0;
					L12:
					_t90 = _t105 + 0xc;
					_t46 =  *(_t105 + 0xc);
					if(_t46 == 0 ||  *_t46 == _t103) {
						_t47 =  *((intOrPtr*)(_t105 + 0x10));
						if(_t47 == 0 ||  *_t47 == _t103) {
							E008FFA47();
							 *_t105 = 2;
							goto L40;
						} else {
							_t108 = E008D3AD7(_t103, _t105,  &_v8);
							if(_t108 >= 0) {
								_t68 = E008FFDEF(_t92, _t103, _t105, _v8,  *((intOrPtr*)(_t105 + 0x10)), 0,  *((intOrPtr*)(_t105 + 0x14)), 0, 0, _t90); // executed
								_t108 = _t68;
								if(_t108 < 0) {
									E008FFA47();
									_push(2);
									_t108 = 0;
									_pop(1);
								}
								 *_t105 = 1;
								goto L40;
							}
							_push("Failed to get non-session specific TEMP folder.");
							goto L16;
						}
					} else {
						_a4 = _t103;
						_t108 = E008C4263(_t92,  &_v8);
						if(_t108 >= 0) {
							_t75 = _a4;
							do {
								if(_t75 != 0) {
									Sleep(0x7d0);
								}
								_t108 = E008FFDEF(0, _t103, _t105, _v8,  *_t90, 0, 0,  *(_t105 + 8) & 0x00000001, 0, _t90);
								_t75 = _a4;
								if(( *(_t105 + 8) & 0x00000001) != 0 && _t108 == 0x80070020) {
									_t75 = _t75 + 1;
									_a4 = _t75;
								}
							} while (_t75 != 0 && _t75 <= 3);
							if(_t108 >= 0) {
								 *_t105 = 1;
								L40:
								if( *_t105 != 1) {
									L52:
									if(_v8 != 0) {
										E008C2762(_v8);
									}
									return _t108;
								}
								_t51 = E008C33DA( *_t90);
								_a4 = _t51;
								if(_t51 == 0 ||  *_t51 == 0) {
									_t108 = E008C229E(_t105 + 0x10,  *_t90, 0);
									if(_t108 >= 0) {
										goto L49;
									}
									_push("Failed to copy full log path to prefix.");
								} else {
									_t108 = E008C229E(_t105 + 0x10,  *_t90, _t51 -  *_t90 >> 1);
									if(_t108 >= 0) {
										_t108 = E008C229E(_t105 + 0x14, _a4 + 2, 0);
										if(_t108 >= 0) {
											L49:
											_t55 =  *((intOrPtr*)(_t105 + 4));
											if(_t55 != 0 &&  *_t55 != 0) {
												E008C82B5(_a8, _t55,  *_t90, 0); // executed
											}
											goto L52;
										}
										_push("Failed to copy log extension to extension.");
										L16:
										_push(_t108);
										E008FFB09();
										goto L52;
									}
									_push("Failed to copy log path to prefix.");
								}
								goto L16;
							}
							E008FFA47();
							 *_t105 = 2;
							if(( *(_t105 + 8) & 0x00000001) == 0) {
								_a4 = _t108;
								_t108 = 0x80070656;
								E008DE59F(0, _a12, _a16, 0x80070656);
								_t81 = _a4;
								if(_a4 >= 0) {
									goto L40;
								}
								E008FFB09(_t81, "Failed to open log: %ls",  *_t90);
								goto L52;
							}
							_t108 = 0;
							goto L40;
						}
						_push("Failed to get current directory.");
						goto L16;
					}
				}
				if(( *_t89 & 0x00000004) == 0) {
					if(( *_t89 & 0x00000002) == 0) {
						L6:
						_t92 = _t105 + 0xc;
						_t103 = 0;
						_t84 =  *((intOrPtr*)(_t105 + 0xc));
						if(_t84 == 0 ||  *_t84 == 0) {
							_t85 =  *((intOrPtr*)(_t105 + 0x10));
							if(_t85 == 0 ||  *_t85 == _t103) {
								E008C2EBC(_t103, _t103, L"Setup", _t103, "log", _t92, _t103);
								goto L11;
							} else {
								goto L12;
							}
						} else {
							goto L12;
						}
					}
					_push(0);
					_push(3);
					L5:
					E008FFF78();
					goto L6;
				}
				_push(0);
				_push(4);
				goto L5;
			}


















                                                            0x008d3f22
                                                            0x008d3f25
                                                            0x008d3f29
                                                            0x008d3f2e
                                                            0x008d3f30
                                                            0x008d3f33
                                                            0x008d3f37
                                                            0x008d3f3f
                                                            0x008d3f8b
                                                            0x008d3f8b
                                                            0x008d3f8d
                                                            0x008d3f8d
                                                            0x008d3f90
                                                            0x008d3f94
                                                            0x008d4066
                                                            0x008d406b
                                                            0x008d40ba
                                                            0x008d40bf
                                                            0x00000000
                                                            0x008d4072
                                                            0x008d407b
                                                            0x008d407f
                                                            0x008d409a
                                                            0x008d409f
                                                            0x008d40a3
                                                            0x008d40a5
                                                            0x008d40ac
                                                            0x008d40ae
                                                            0x008d40b0
                                                            0x008d40b0
                                                            0x008d40b6
                                                            0x00000000
                                                            0x008d40b6
                                                            0x008d4081
                                                            0x00000000
                                                            0x008d4081
                                                            0x008d3fa3
                                                            0x008d3fa6
                                                            0x008d3faf
                                                            0x008d3fb3
                                                            0x008d3fc7
                                                            0x008d3fca
                                                            0x008d3fcc
                                                            0x008d3fd3
                                                            0x008d3fd3
                                                            0x008d3ff4
                                                            0x008d3ff6
                                                            0x008d3ff9
                                                            0x008d4003
                                                            0x008d4004
                                                            0x008d4004
                                                            0x008d4007
                                                            0x008d4012
                                                            0x008d405e
                                                            0x008d40c5
                                                            0x008d40c8
                                                            0x008d4160
                                                            0x008d4164
                                                            0x008d4169
                                                            0x008d4169
                                                            0x008d4174
                                                            0x008d4174
                                                            0x008d40d0
                                                            0x008d40d5
                                                            0x008d40da
                                                            0x008d4136
                                                            0x008d413a
                                                            0x00000000
                                                            0x00000000
                                                            0x008d413c
                                                            0x008d40e3
                                                            0x008d40f5
                                                            0x008d40f9
                                                            0x008d4118
                                                            0x008d411c
                                                            0x008d4146
                                                            0x008d4146
                                                            0x008d414b
                                                            0x008d415b
                                                            0x008d415b
                                                            0x00000000
                                                            0x008d414b
                                                            0x008d411e
                                                            0x008d3fba
                                                            0x008d3fba
                                                            0x008d3fbb
                                                            0x00000000
                                                            0x008d3fc1
                                                            0x008d40fb
                                                            0x008d40fb
                                                            0x00000000
                                                            0x008d40da
                                                            0x008d4014
                                                            0x008d401d
                                                            0x008d4023
                                                            0x008d402e
                                                            0x008d4031
                                                            0x008d403d
                                                            0x008d4042
                                                            0x008d4047
                                                            0x00000000
                                                            0x00000000
                                                            0x008d4051
                                                            0x00000000
                                                            0x008d4056
                                                            0x008d4027
                                                            0x00000000
                                                            0x008d4027
                                                            0x008d3fb5
                                                            0x00000000
                                                            0x008d3fb5
                                                            0x008d3f94
                                                            0x008d3f44
                                                            0x008d3f50
                                                            0x008d3f5c
                                                            0x008d3f5c
                                                            0x008d3f5f
                                                            0x008d3f61
                                                            0x008d3f65
                                                            0x008d3f6c
                                                            0x008d3f71
                                                            0x008d3f86
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008d3f65
                                                            0x008d3f54
                                                            0x008d3f55
                                                            0x008d3f57
                                                            0x008d3f57
                                                            0x00000000
                                                            0x008d3f57
                                                            0x008d3f48
                                                            0x008d3f49
                                                            0x00000000

                                                            APIs
                                                              • Part of subcall function 008D3A2C: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000000,?,?,?,?,008D3F3C,feclient.dll,?,00000000,?,?,?,008C4B57), ref: 008D3ACD
                                                            • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,008C4B57,?,?,0090A488,?,00000001,00000000,00000000), ref: 008D3FD3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseSleep
                                                            • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                            • API String ID: 2834455192-2673269691
                                                            • Opcode ID: 6a87807ecf8f0191aa430341bedfb84f534121104be490fdfe542c0e2f3f701f
                                                            • Instruction ID: 4e588d8ea3bd67d0839896bb6a9c9d5930927b87f468701cda8fc44b84c2b6ab
                                                            • Opcode Fuzzy Hash: 6a87807ecf8f0191aa430341bedfb84f534121104be490fdfe542c0e2f3f701f
                                                            • Instruction Fuzzy Hash: 6B619171A0061AABDF56AB78CC42B7A77B8FF10344B144766F901DB381EB70ED5087A2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C6DCB Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 164COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 44%
                                                            			E008C6DCB(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, signed int* _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _t43;
				signed int _t52;
				void* _t54;
				void* _t56;
				char* _t57;
				void* _t66;
				struct _CRITICAL_SECTION* _t68;
				signed int _t71;
				signed int _t75;
				signed int _t76;
				intOrPtr _t78;
				intOrPtr _t80;
				unsigned int _t81;
				intOrPtr _t84;
				void* _t87;
				intOrPtr _t88;
				signed int* _t89;
				void* _t91;

				_t70 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t68 = _a4;
				EnterCriticalSection(_t68);
				_t84 = _a8;
				_t87 = E008C56E2(_t70, _t68, _t84,  &_v8);
				if(_t87 >= 0) {
					_t43 = _v8;
					if(_t87 != 1) {
						_t78 =  *((intOrPtr*)(_t68 + 0x20));
						_t71 = _t43 * 0x38;
						_t88 =  *((intOrPtr*)(_t71 + _t78 + 0x2c));
						if(_t88 <= 0 || _a20 == 1 || _a20 == 2 &&  *((intOrPtr*)(_t71 + _t78 + 0x28)) != 0 || _a20 == 3 && _t88 != 2) {
							L14:
							_t89 = _a12;
							if(_a24 == 0) {
								L30:
								_a20 = _v8 * 0x38;
								_t87 = E008E03A6( *((intOrPtr*)(_t68 + 0x20)) + 8 + _v8 * 0x38, _t89);
								if(_t87 >= 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t68 + 0x20)) + _a20 + 0x24)) = _a16;
									goto L33;
								}
								_push(_t84);
								_push("Failed to set value of variable: %ls");
								goto L2;
							}
							_t80 =  *((intOrPtr*)(_t68 + 0x20));
							_t75 = _t43 * 0x38;
							if( *((intOrPtr*)(_t75 + _t80 + 0x2c)) != 0) {
								goto L30;
							}
							if( *((intOrPtr*)(_t75 + _t80 + 0x20)) == 0) {
								_t52 = _t89[4];
								if(_t52 == 0) {
									if( *((intOrPtr*)(_t75 + _t80 + 0x18)) == 0) {
										goto L30;
									}
									_push( *_t89);
									_push(_t84);
									_push("Unsetting variable \'%ls\'");
									L29:
									_push(2); // executed
									E008FFFF0(); // executed
									_t91 = _t91 + 0x10;
									goto L30;
								}
								_t54 = _t52 - 1;
								if(_t54 == 0) {
									_push(_t89[1]);
									_push( *_t89);
									E008FFFF0(2, "Setting numeric variable \'%ls\' to value %lld", _t84); // executed
									_t91 = _t91 + 0x14;
									goto L30;
								}
								_t56 = _t54 - 1;
								if(_t56 == 0) {
									_t57 = "Unsetting variable \'%ls\'";
									if( *_t89 != 0) {
										_t57 = "Setting string variable \'%ls\' to value \'%ls\'";
									}
									_push( *_t89);
									_push(_t84);
									_push(_t57);
									goto L29;
								}
								if(_t56 == 1) {
									_t76 =  *_t89;
									_t81 = _t89[1];
									_push(_t76 & 0x0000ffff);
									_push((_t81 << 0x00000020 | _t76) >> 0x10 & 0x0000ffff);
									_push(_t81 & 0x0000ffff);
									_push(_t81 >> 0x10);
									E008FFFF0(2, "Setting version variable \'%ls\' to value \'%hu.%hu.%hu.%hu\'", _t84);
									_t91 = _t91 + 0x1c;
								}
								goto L30;
							}
							E008FFFF0(2, "Setting hidden variable \'%ls\'", _t84);
							_t91 = _t91 + 0xc;
							goto L30;
						} else {
							_t87 = 0x80070057;
							E008C38BA(_t43, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x60b, 0x80070057);
							_push(_t84);
							_push("Attempt to set built-in variable value: %ls");
							L2:
							_push(_t87);
							E008FFB09();
							_t91 = _t91 + 0xc;
							L33:
							LeaveCriticalSection(_t68);
							if(_t87 < 0 && _a24 != 0) {
								_push(_t87);
								E008FFFF0(2, "Setting variable failed: ID \'%ls\', HRESULT 0x%x", _t84);
							}
							return _t87;
						}
					}
					_t66 = E008C6C3C(_t70, _t68, _t84, _t43); // executed
					_t87 = _t66;
					if(_t87 >= 0) {
						_t43 = _v8;
						goto L14;
					}
					_push(_t84);
					_push("Failed to insert variable \'%ls\'.");
					goto L2;
				}
				_push(_t84);
				_push("Failed to find variable value \'%ls\'.");
				goto L2;
			}






















                                                            0x008c6dcb
                                                            0x008c6dce
                                                            0x008c6dcf
                                                            0x008c6dd4
                                                            0x008c6dda
                                                            0x008c6de0
                                                            0x008c6dee
                                                            0x008c6df2
                                                            0x008c6e08
                                                            0x008c6e0e
                                                            0x008c6e26
                                                            0x008c6e29
                                                            0x008c6e2c
                                                            0x008c6e32
                                                            0x008c6e72
                                                            0x008c6e76
                                                            0x008c6e79
                                                            0x008c6f35
                                                            0x008c6f3d
                                                            0x008c6f4b
                                                            0x008c6f4f
                                                            0x008c6f65
                                                            0x00000000
                                                            0x008c6f65
                                                            0x008c6f51
                                                            0x008c6f52
                                                            0x00000000
                                                            0x008c6f52
                                                            0x008c6e7f
                                                            0x008c6e82
                                                            0x008c6e8a
                                                            0x00000000
                                                            0x00000000
                                                            0x008c6e95
                                                            0x008c6eaf
                                                            0x008c6eb2
                                                            0x008c6f21
                                                            0x00000000
                                                            0x00000000
                                                            0x008c6f23
                                                            0x008c6f25
                                                            0x008c6f26
                                                            0x008c6f2b
                                                            0x008c6f2b
                                                            0x008c6f2d
                                                            0x008c6f32
                                                            0x00000000
                                                            0x008c6f32
                                                            0x008c6eb4
                                                            0x008c6eb7
                                                            0x008c6f05
                                                            0x008c6f08
                                                            0x008c6f12
                                                            0x008c6f17
                                                            0x00000000
                                                            0x008c6f17
                                                            0x008c6eb9
                                                            0x008c6ebc
                                                            0x008c6ef3
                                                            0x008c6ef8
                                                            0x008c6efa
                                                            0x008c6efa
                                                            0x008c6eff
                                                            0x008c6f01
                                                            0x008c6f02
                                                            0x00000000
                                                            0x008c6f02
                                                            0x008c6ec1
                                                            0x008c6ec3
                                                            0x008c6ec5
                                                            0x008c6ecb
                                                            0x008c6ed5
                                                            0x008c6ed9
                                                            0x008c6edd
                                                            0x008c6ee6
                                                            0x008c6eeb
                                                            0x008c6eeb
                                                            0x00000000
                                                            0x008c6ec1
                                                            0x008c6e9f
                                                            0x008c6ea4
                                                            0x00000000
                                                            0x008c6e52
                                                            0x008c6e52
                                                            0x008c6e62
                                                            0x008c6e67
                                                            0x008c6e68
                                                            0x008c6dfa
                                                            0x008c6dfa
                                                            0x008c6dfb
                                                            0x008c6e00
                                                            0x008c6f69
                                                            0x008c6f6a
                                                            0x008c6f72
                                                            0x008c6f7a
                                                            0x008c6f83
                                                            0x008c6f88
                                                            0x008c6f91
                                                            0x008c6f91
                                                            0x008c6e32
                                                            0x008c6e13
                                                            0x008c6e18
                                                            0x008c6e1c
                                                            0x008c6e6f
                                                            0x00000000
                                                            0x008c6e6f
                                                            0x008c6e1e
                                                            0x008c6e1f
                                                            0x00000000
                                                            0x008c6e1f
                                                            0x008c6df4
                                                            0x008c6df5
                                                            0x00000000

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(00000000,008C53FA,00000000,008C5482,00000000,?,008C82B1,?,?,?,00000000,00000000), ref: 008C6DDA
                                                              • Part of subcall function 008C56E2: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,008C65B1,008C65B1,?,008C5678,?,?,00000000), ref: 008C571E
                                                              • Part of subcall function 008C56E2: GetLastError.KERNEL32(?,008C5678,?,?,00000000,?,?,008C65B1,?,008C7F03,?,?,?,?,?), ref: 008C574D
                                                            • LeaveCriticalSection.KERNEL32(00000000,?,?,00000000,00000000,00000000), ref: 008C6F6A
                                                            Strings
                                                            • Failed to insert variable '%ls'., xrefs: 008C6E1F
                                                            • c:\agent\_work\66\s\src\burn\engine\variable.cpp, xrefs: 008C6E5D
                                                            • Setting string variable '%ls' to value '%ls', xrefs: 008C6EFA, 008C6F02
                                                            • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 008C6EDF
                                                            • Unsetting variable '%ls', xrefs: 008C6EF3, 008C6F26
                                                            • Setting numeric variable '%ls' to value %lld, xrefs: 008C6F0B
                                                            • Setting hidden variable '%ls', xrefs: 008C6E98
                                                            • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 008C6F7C
                                                            • Failed to find variable value '%ls'., xrefs: 008C6DF5
                                                            • Failed to set value of variable: %ls, xrefs: 008C6F52
                                                            • Attempt to set built-in variable value: %ls, xrefs: 008C6E68
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                            • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$c:\agent\_work\66\s\src\burn\engine\variable.cpp
                                                            • API String ID: 2716280545-3393465121
                                                            • Opcode ID: de927f674fa8394792e8e870d83ca8f34773b5764a265d461a2047e569e3251a
                                                            • Instruction ID: 1315e6024c7b72ea3db04109c26bccb6d16829b3fe0df1d7c4e5fe5405a8c059
                                                            • Opcode Fuzzy Hash: de927f674fa8394792e8e870d83ca8f34773b5764a265d461a2047e569e3251a
                                                            • Instruction Fuzzy Hash: B751F3B1640216ABCB319E18CC4AF7B3B78FB95718F24013DF940D62C2EB35D961CAA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008DE8CE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100threadCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 66%
                                                            			E008DE8CE(intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void _v24;
				void* _t21;
				signed short _t24;
				void* _t28;
				intOrPtr _t41;
				signed short _t43;
				signed short _t48;

				_v12 = 0;
				asm("stosd");
				_t43 = 0;
				asm("stosd");
				_v8 = 0;
				asm("stosd");
				_t21 = CreateEventW(0, 1, 0, 0);
				_v12 = _t21;
				if(_t21 != 0) {
					_t41 = _a8;
					_v24 = _t21;
					_v20 = _a4;
					_v16 = _t41;
					_t24 = CreateThread(0, 0, E008DE60C,  &_v24, 0, 0); // executed
					_v8 = _t24;
					__eflags = _t24;
					if(_t24 != 0) {
						WaitForMultipleObjects(2,  &_v12, 0, 0xffffffff);
						 *((intOrPtr*)(_t41 + 0x3e4)) = _v8;
						_t28 = 0;
						_v8 = 0;
					} else {
						_t43 = GetLastError();
						__eflags = _t43;
						if(__eflags > 0) {
							_t43 = _t43 & 0x0000ffff | 0x80070000;
							__eflags = _t43;
						}
						if(__eflags >= 0) {
							_t43 = 0x80004005;
						}
						E008C38BA(_t32, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\uithread.cpp", 0x3c, _t43);
						_push("Failed to create the UI thread.");
						goto L6;
					}
				} else {
					_t43 = GetLastError();
					if(_t43 > 0) {
						_t43 = _t43 & 0x0000ffff | 0x80070000;
						_t48 = _t43;
					}
					if(_t48 >= 0) {
						_t43 = 0x80004005;
					}
					E008C38BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\uithread.cpp", 0x33, _t43);
					_push("Failed to create initialization event.");
					L6:
					_push(_t43);
					E008FFB09();
					_t28 = _v8;
				}
				if(_t28 != 0) {
					CloseHandle(_t28);
					_v8 = 0;
				}
				if(_v12 != 0) {
					FindCloseChangeNotification(_v12); // executed
				}
				return _t43;
			}














                                                            0x008de8de
                                                            0x008de8e1
                                                            0x008de8e2
                                                            0x008de8e8
                                                            0x008de8ea
                                                            0x008de8ed
                                                            0x008de8ee
                                                            0x008de8f4
                                                            0x008de8f9
                                                            0x008de938
                                                            0x008de93c
                                                            0x008de943
                                                            0x008de951
                                                            0x008de954
                                                            0x008de95a
                                                            0x008de95d
                                                            0x008de95f
                                                            0x008de99c
                                                            0x008de9a5
                                                            0x008de9ab
                                                            0x008de9ad
                                                            0x008de961
                                                            0x008de967
                                                            0x008de969
                                                            0x008de96b
                                                            0x008de970
                                                            0x008de976
                                                            0x008de976
                                                            0x008de978
                                                            0x008de97a
                                                            0x008de97a
                                                            0x008de987
                                                            0x008de98c
                                                            0x00000000
                                                            0x008de98c
                                                            0x008de8fb
                                                            0x008de901
                                                            0x008de905
                                                            0x008de90a
                                                            0x008de910
                                                            0x008de910
                                                            0x008de912
                                                            0x008de914
                                                            0x008de914
                                                            0x008de921
                                                            0x008de926
                                                            0x008de92b
                                                            0x008de92b
                                                            0x008de92c
                                                            0x008de931
                                                            0x008de935
                                                            0x008de9b8
                                                            0x008de9bb
                                                            0x008de9bd
                                                            0x008de9bd
                                                            0x008de9c3
                                                            0x008de9c8
                                                            0x008de9c8
                                                            0x008de9d0

                                                            APIs
                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,008C54CB,?,?), ref: 008DE8EE
                                                            • GetLastError.KERNEL32(?,008C54CB,?,?), ref: 008DE8FB
                                                            • CreateThread.KERNEL32 ref: 008DE954
                                                            • GetLastError.KERNEL32(?,008C54CB,?,?), ref: 008DE961
                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,008C54CB,?,?), ref: 008DE99C
                                                            • CloseHandle.KERNEL32(00000000,?,008C54CB,?,?), ref: 008DE9BB
                                                            • FindCloseChangeNotification.KERNEL32(?,?,008C54CB,?,?), ref: 008DE9C8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateErrorLast$ChangeEventFindHandleMultipleNotificationObjectsThreadWait
                                                            • String ID: @Mqt$Failed to create initialization event.$Failed to create the UI thread.$c:\agent\_work\66\s\src\burn\engine\uithread.cpp
                                                            • API String ID: 1372344712-1285120612
                                                            • Opcode ID: 96d279bb7d40e92e312499d5ff10c362423458e51ec1382359f0329b76f647e8
                                                            • Instruction ID: c58ffcb862d8f9832b9c9b8a88f92459759715c616d4b4890fc2a51ad123f53e
                                                            • Opcode Fuzzy Hash: 96d279bb7d40e92e312499d5ff10c362423458e51ec1382359f0329b76f647e8
                                                            • Instruction Fuzzy Hash: FD31B776E0122ABFD710AF9D8C54A9FBFB8FF04754F110166B905F7380D6349E0096A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E1286 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 87threadCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E008E1286(intOrPtr _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t25;
				signed short _t28;
				int _t33;
				signed short _t34;
				signed short _t37;
				intOrPtr _t42;

				_v8 = _v8 & 0x00000000;
				_t42 = _a4;
				_v16 =  *(_t42 + 0x28);
				_v12 =  *(_t42 + 0x20);
				_t25 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
				if(_t25 == 0) {
					if(ResetEvent( *(_t42 + 0x28)) != 0) {
						 *(_t42 + 0x2c) =  *(_t42 + 0x2c) & 0x00000000;
					} else {
						_t28 = GetLastError();
						if(_t28 > 0) {
							_t28 = _t28 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t28;
						if(_t28 >= 0) {
							_t28 = 0x80004005;
							_v8 = 0x80004005;
						}
						E008C38BA(_t28, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x13e, _t28);
						_push("Failed to reset operation complete event.");
						goto L19;
					}
				} else {
					if(_t25 == 1) {
						_t33 = GetExitCodeThread( *(_t42 + 0x20),  &_v8); // executed
						if(_t33 == 0) {
							_t34 = GetLastError();
							if(_t34 > 0) {
								_t34 = _t34 & 0x0000ffff | 0x80070000;
							}
							_v8 = _t34;
							if(_t34 >= 0) {
								_t34 = 0x80004005;
								_v8 = 0x80004005;
							}
							E008C38BA(_t34, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x145, _t34);
							_push("Failed to get extraction thread exit code.");
							goto L19;
						}
					} else {
						_t37 = GetLastError();
						if(_t37 > 0) {
							_t37 = _t37 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t37;
						if(_t37 >= 0) {
							_t37 = 0x80004005;
							_v8 = 0x80004005;
						}
						E008C38BA(_t37, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x14b, _t37);
						_push("Failed to wait for operation complete event.");
						L19:
						_push(_v8);
						E008FFB09();
					}
				}
				return _v8;
			}












                                                            0x008e128c
                                                            0x008e1291
                                                            0x008e129b
                                                            0x008e12a1
                                                            0x008e12aa
                                                            0x008e12b2
                                                            0x008e1350
                                                            0x008e1394
                                                            0x008e1352
                                                            0x008e1352
                                                            0x008e135a
                                                            0x008e135f
                                                            0x008e135f
                                                            0x008e1364
                                                            0x008e1369
                                                            0x008e136b
                                                            0x008e1370
                                                            0x008e1370
                                                            0x008e137e
                                                            0x008e1383
                                                            0x00000000
                                                            0x008e1383
                                                            0x008e12b8
                                                            0x008e12bb
                                                            0x008e12ff
                                                            0x008e1307
                                                            0x008e130d
                                                            0x008e1315
                                                            0x008e131a
                                                            0x008e131a
                                                            0x008e131f
                                                            0x008e1324
                                                            0x008e1326
                                                            0x008e132b
                                                            0x008e132b
                                                            0x008e1339
                                                            0x008e133e
                                                            0x00000000
                                                            0x008e133e
                                                            0x008e12bd
                                                            0x008e12bd
                                                            0x008e12c5
                                                            0x008e12ca
                                                            0x008e12ca
                                                            0x008e12cf
                                                            0x008e12d4
                                                            0x008e12d6
                                                            0x008e12db
                                                            0x008e12db
                                                            0x008e12e9
                                                            0x008e12ee
                                                            0x008e1388
                                                            0x008e1388
                                                            0x008e138b
                                                            0x008e1391
                                                            0x008e12bb
                                                            0x008e139d

                                                            APIs
                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,7476F5E0,?,?), ref: 008E12AA
                                                            • GetLastError.KERNEL32 ref: 008E12BD
                                                            • GetExitCodeThread.KERNEL32(0090A488,00000000), ref: 008E12FF
                                                            • GetLastError.KERNEL32 ref: 008E130D
                                                            • ResetEvent.KERNEL32(0090A460), ref: 008E1348
                                                            • GetLastError.KERNEL32 ref: 008E1352
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                            • String ID: @Mqt$Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 2979751695-135959623
                                                            • Opcode ID: 8c0b62b50d1144d04ed0f4d833cf07797e7777cbce3ae2daacfcda38abe1b7ef
                                                            • Instruction ID: 26492aed402fa7bf253c22b4a020abf375281a77555b0cb696cae1f701f6552e
                                                            • Opcode Fuzzy Hash: 8c0b62b50d1144d04ed0f4d833cf07797e7777cbce3ae2daacfcda38abe1b7ef
                                                            • Instruction Fuzzy Hash: 37318F70B4030AEFEB10DB6A8D09BAE76F8FF05715F104169F905EA6A0E739DA409B51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C2EBC Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 202sleepfiletimeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E008C2EBC(void* __edx, intOrPtr* _a4, char* _a8, signed int _a12, intOrPtr* _a16, intOrPtr _a20, void** _a24) {
				signed int _v8;
				short _v528;
				struct _SYSTEMTIME _v544;
				char _v548;
				WCHAR* _v552;
				char _v556;
				signed int _v560;
				WCHAR* _v564;
				intOrPtr* _v568;
				intOrPtr _v572;
				void** _v576;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				long _t64;
				long _t67;
				void* _t76;
				char* _t77;
				long _t85;
				void* _t87;
				void** _t89;
				long _t90;
				signed int _t92;
				long _t94;
				char* _t98;
				intOrPtr* _t102;
				void* _t103;
				void* _t104;
				void* _t106;
				intOrPtr* _t107;
				signed int _t111;
				void* _t112;
				void* _t113;
				long _t127;

				_t103 = __edx;
				_t53 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t53 ^ _t111;
				_v560 = _a12;
				_t98 = _a8;
				_v568 = _a16;
				_t107 = _a4;
				_v572 = _a20;
				_v576 = _a24;
				E008EF600(_t104,  &_v528, 0, 0x208);
				asm("stosd");
				_t113 = _t112 + 0xc;
				_v548 = 0;
				_v556 = 0;
				_v552 = 0;
				asm("stosd");
				_v564 = 0;
				asm("stosd");
				asm("stosd");
				_t106 =  &_v544 | 0xffffffff;
				if(_t107 == 0 ||  *_t107 == 0) {
					_t64 = GetTempPathW(0x104,  &_v528);
					__eflags = _t64;
					if(_t64 != 0) {
						_push( &_v548);
						_push(_t98);
						_push( &_v528);
						goto L10;
					}
					_t108 = GetLastError();
					__eflags = _t108;
					if(__eflags > 0) {
						__eflags = _t108;
					}
					if(__eflags >= 0) {
						_t108 = 0x80004005;
					}
					E008C38BA(_t95, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\pathutil.cpp", 0x284, _t108);
					goto L34;
				} else {
					_push( &_v548);
					_push(_t98);
					_push(_t107);
					L10:
					_t67 = E008C2E55(0);
					_t108 = _t67;
					if(_t67 < 0) {
						L34:
						if(_v552 != 0) {
							E008C2762(_v552);
						}
						if(_v556 != 0) {
							E008C2762(_v556);
						}
						if(_v548 != 0) {
							E008C2762(_v548);
						}
						return E008EDD1F(_t98, _v8 ^ _t111, _t103, _t106, _t108);
					}
					if(E008C3533(0, _v548,  &_v556) != 0) {
						L13:
						_t98 = _v560;
						if(_t98 == 0) {
							_t98 = 0x90a534;
						}
						while(1) {
							_v560 = _v560 & 0x00000000;
							_v564 = _v564 + 1;
							GetLocalTime( &_v544);
							_t102 = _v568;
							_t76 = 0x2e;
							_t77 = 0x90a534;
							if(_t76 !=  *_t102) {
								_t77 = ".";
							}
							_push(_t102);
							_push(_t77);
							_push(_t98);
							_push(_v544.wSecond & 0x0000ffff);
							_push(_v544.wMinute & 0x0000ffff);
							_push(_v544.wHour & 0x0000ffff);
							_push(_v544.wDay & 0x0000ffff);
							_push(_v544.wMonth & 0x0000ffff);
							_push(_v544.wYear & 0x0000ffff);
							_t85 = E008C2022( &_v552, L"%ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls", _v548);
							_t108 = _t85;
							_t113 = _t113 + 0x30;
							if(_t85 < 0) {
								break;
							}
							_t87 = CreateFileW(_v552, 0x40000000, 1, 0, 1, 0x80, 0); // executed
							_t106 = _t87;
							if(_t106 != 0xffffffff) {
								L28:
								_t88 = _v572;
								if(_v572 == 0) {
									L30:
									_t89 = _v576;
									if(_t89 != 0) {
										 *_t89 = _t106;
										_t106 = _t106 | 0xffffffff;
									}
									break;
								}
								_t90 = E008C229E(_t88, _v552, 0);
								_t108 = _t90;
								if(_t90 < 0) {
									break;
								}
								goto L30;
							}
							_t108 = GetLastError();
							if(_t108 == 0x50 || _t108 == 5) {
								Sleep(0x64);
								if(_v564 >= 0xa) {
									goto L23;
								}
								_t108 = 0;
								_t92 = 1;
								goto L24;
							} else {
								L23:
								_t92 = _v560;
								L24:
								if(_t108 > 0) {
									_t127 = _t108;
								}
								if(_t127 < 0) {
									goto L34;
								} else {
									if(_t92 != 0) {
										continue;
									}
									goto L28;
								}
							}
						}
						if(_t106 != 0xffffffff) {
							CloseHandle(_t106);
						}
						goto L34;
					}
					_t94 = E008C415F(_v556, _t74); // executed
					_t108 = _t94;
					if(_t94 < 0) {
						goto L34;
					}
					goto L13;
				}
			}






































                                                            0x008c2ebc
                                                            0x008c2ec5
                                                            0x008c2ecc
                                                            0x008c2ed2
                                                            0x008c2edc
                                                            0x008c2edf
                                                            0x008c2ee9
                                                            0x008c2eec
                                                            0x008c2ef6
                                                            0x008c2f0b
                                                            0x008c2f18
                                                            0x008c2f1b
                                                            0x008c2f1e
                                                            0x008c2f24
                                                            0x008c2f2a
                                                            0x008c2f30
                                                            0x008c2f31
                                                            0x008c2f37
                                                            0x008c2f38
                                                            0x008c2f39
                                                            0x008c2f3e
                                                            0x008c2f5c
                                                            0x008c2f62
                                                            0x008c2f64
                                                            0x008c2f9f
                                                            0x008c2fa0
                                                            0x008c2fa7
                                                            0x00000000
                                                            0x008c2fa7
                                                            0x008c2f6c
                                                            0x008c2f6e
                                                            0x008c2f70
                                                            0x008c2f7b
                                                            0x008c2f7b
                                                            0x008c2f7d
                                                            0x008c2f7f
                                                            0x008c2f7f
                                                            0x008c2f8f
                                                            0x00000000
                                                            0x008c2f45
                                                            0x008c2f4b
                                                            0x008c2f4c
                                                            0x008c2f4d
                                                            0x008c2fa8
                                                            0x008c2fa8
                                                            0x008c2fad
                                                            0x008c2fb1
                                                            0x008c3122
                                                            0x008c3129
                                                            0x008c3131
                                                            0x008c3131
                                                            0x008c313d
                                                            0x008c3145
                                                            0x008c3145
                                                            0x008c3151
                                                            0x008c3159
                                                            0x008c3159
                                                            0x008c316e
                                                            0x008c316e
                                                            0x008c2fcb
                                                            0x008c2fe3
                                                            0x008c2fe3
                                                            0x008c2feb
                                                            0x008c2fed
                                                            0x008c2fed
                                                            0x008c2ff2
                                                            0x008c2ff2
                                                            0x008c2fff
                                                            0x008c3006
                                                            0x008c300c
                                                            0x008c3014
                                                            0x008c3018
                                                            0x008c301d
                                                            0x008c301f
                                                            0x008c301f
                                                            0x008c3024
                                                            0x008c3025
                                                            0x008c302d
                                                            0x008c302e
                                                            0x008c3036
                                                            0x008c303e
                                                            0x008c3046
                                                            0x008c304e
                                                            0x008c3056
                                                            0x008c3069
                                                            0x008c306e
                                                            0x008c3070
                                                            0x008c3075
                                                            0x00000000
                                                            0x00000000
                                                            0x008c3093
                                                            0x008c3099
                                                            0x008c309e
                                                            0x008c30e9
                                                            0x008c30e9
                                                            0x008c30f1
                                                            0x008c3107
                                                            0x008c3107
                                                            0x008c310f
                                                            0x008c3111
                                                            0x008c3113
                                                            0x008c3113
                                                            0x00000000
                                                            0x008c310f
                                                            0x008c30fc
                                                            0x008c3101
                                                            0x008c3105
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c3105
                                                            0x008c30a6
                                                            0x008c30ab
                                                            0x008c30b4
                                                            0x008c30c1
                                                            0x00000000
                                                            0x00000000
                                                            0x008c30c5
                                                            0x008c30c7
                                                            0x00000000
                                                            0x008c30ca
                                                            0x008c30ca
                                                            0x008c30ca
                                                            0x008c30d0
                                                            0x008c30d2
                                                            0x008c30dd
                                                            0x008c30dd
                                                            0x008c30df
                                                            0x00000000
                                                            0x008c30e1
                                                            0x008c30e3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c30e3
                                                            0x008c30df
                                                            0x008c30ab
                                                            0x008c3119
                                                            0x008c311c
                                                            0x008c311c
                                                            0x00000000
                                                            0x008c3119
                                                            0x008c2fd4
                                                            0x008c2fd9
                                                            0x008c2fdd
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c2fdd

                                                            APIs
                                                            • GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 008C2F5C
                                                            • GetLastError.KERNEL32 ref: 008C2F66
                                                            • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 008C3006
                                                            • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 008C3093
                                                            • GetLastError.KERNEL32 ref: 008C30A0
                                                            • Sleep.KERNEL32(00000064), ref: 008C30B4
                                                            • CloseHandle.KERNEL32(?), ref: 008C311C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                            • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$@Mqt$c:\agent\_work\66\s\src\libs\dutil\pathutil.cpp
                                                            • API String ID: 3480017824-3000253900
                                                            • Opcode ID: ca0e8892a8da63bd14134b0bd743ecc55179eaf9af1ee861eb79be10cce6762c
                                                            • Instruction ID: 0325677a9d1db8aa35291dfa5fbce41252f8f400def6a52634aa9e5ba502fd1f
                                                            • Opcode Fuzzy Hash: ca0e8892a8da63bd14134b0bd743ecc55179eaf9af1ee861eb79be10cce6762c
                                                            • Instruction Fuzzy Hash: 10716172D01229AFDB309B689C49FAAB3B8FB08710F1441A9F905F7190D774DE81CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CD679 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 65libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 33%
                                                            			E008CD679(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HINSTANCE__* _t9;
				signed short _t12;
				signed short _t19;
				intOrPtr _t22;
				signed short _t23;
				signed short _t28;

				_t22 = _a4;
				_t2 = _t22 + 4; // 0x69006e
				_t9 = LoadLibraryExW( *( *_t2 + 0x50), 0, 8); // executed
				 *(_t22 + 0xc) = _t9;
				if(_t9 != 0) {
					_t19 = GetProcAddress(_t9, "BootstrapperApplicationCreate");
					__eflags = _t19;
					if(_t19 != 0) {
						_t5 = _t22 + 0x10; // 0x90a4b0
						_t12 =  *_t19(_a8, _a12, _t5); // executed
						_t23 = _t12;
						__eflags = _t23;
						if(_t23 < 0) {
							_push("Failed to create UX.");
							goto L14;
						}
					} else {
						_t23 = GetLastError();
						__eflags = _t23;
						if(__eflags > 0) {
							_t23 = _t23 & 0x0000ffff | 0x80070000;
							__eflags = _t23;
						}
						if(__eflags >= 0) {
							_t23 = 0x80004005;
						}
						E008C38BA(_t15, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\userexperience.cpp", 0x5d, _t23);
						_push("Failed to get BootstrapperApplicationCreate entry-point");
						goto L14;
					}
				} else {
					_t23 = GetLastError();
					if(_t23 > 0) {
						_t23 = _t23 & 0x0000ffff | 0x80070000;
						_t28 = _t23;
					}
					if(_t28 >= 0) {
						_t23 = 0x80004005;
					}
					E008C38BA(_t17, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\userexperience.cpp", 0x59, _t23);
					_push("Failed to load UX DLL.");
					L14:
					_push(_t23);
					E008FFB09();
				}
				return _t23;
			}









                                                            0x008cd67d
                                                            0x008cd684
                                                            0x008cd68a
                                                            0x008cd690
                                                            0x008cd695
                                                            0x008cd6d5
                                                            0x008cd6d7
                                                            0x008cd6d9
                                                            0x008cd70d
                                                            0x008cd717
                                                            0x008cd719
                                                            0x008cd71b
                                                            0x008cd71d
                                                            0x008cd71f
                                                            0x00000000
                                                            0x008cd71f
                                                            0x008cd6db
                                                            0x008cd6e1
                                                            0x008cd6e3
                                                            0x008cd6e5
                                                            0x008cd6ea
                                                            0x008cd6f0
                                                            0x008cd6f0
                                                            0x008cd6f2
                                                            0x008cd6f4
                                                            0x008cd6f4
                                                            0x008cd701
                                                            0x008cd706
                                                            0x00000000
                                                            0x008cd706
                                                            0x008cd697
                                                            0x008cd69d
                                                            0x008cd6a1
                                                            0x008cd6a6
                                                            0x008cd6ac
                                                            0x008cd6ac
                                                            0x008cd6ae
                                                            0x008cd6b0
                                                            0x008cd6b0
                                                            0x008cd6bd
                                                            0x008cd6c2
                                                            0x008cd724
                                                            0x008cd724
                                                            0x008cd725
                                                            0x008cd72b
                                                            0x008cd730

                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000008,00000000,?,008C4847,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,008C54CB,?), ref: 008CD68A
                                                            • GetLastError.KERNEL32(?,008C4847,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,008C54CB,?,?), ref: 008CD697
                                                            • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 008CD6CF
                                                            • GetLastError.KERNEL32(?,008C4847,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,008C54CB,?,?), ref: 008CD6DB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$AddressLibraryLoadProc
                                                            • String ID: @Mqt$BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$c:\agent\_work\66\s\src\burn\engine\userexperience.cpp
                                                            • API String ID: 1866314245-3496617349
                                                            • Opcode ID: d1ab345c9d95af4368d7da6288ec758bee7544538cb0b4c14018869d9958b157
                                                            • Instruction ID: 0c44059a0a30b2af8e0ee032305c505db048d9e98e79a2a33775abeac3709325
                                                            • Opcode Fuzzy Hash: d1ab345c9d95af4368d7da6288ec758bee7544538cb0b4c14018869d9958b157
                                                            • Instruction Fuzzy Hash: 59119037A84B36EBD7316A689C15F5B3AA4FB15B65B014039BE05FB680DA34DC009AD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CCB82 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E008CCB82(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				short* _v8;
				char _v12;
				int _v16;
				int _v20;
				short* _v24;
				int _t42;
				short* _t47;
				int _t51;
				int _t54;
				intOrPtr* _t56;
				void* _t59;
				intOrPtr* _t60;
				int _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				int _t66;
				int _t67;
				int _t68;
				intOrPtr* _t69;

				_t67 = 0;
				_v8 = 0;
				_v12 = 0;
				while(1) {
					L18:
					_t42 = E008CC231(_a12,  &_v8); // executed
					_t68 = _t42;
					if(_t68 == 0x80070103) {
						break;
					}
					if(_t68 < 0) {
						_push("Failed to get next stream.");
						goto L31;
					} else {
						_t69 = _a4;
						_t63 = _t67;
						_t47 = _v8;
						_v24 = _t47;
						_v16 = _t63;
						if( *((intOrPtr*)(_t69 + 4)) <= _t67) {
							L12:
							_push(_t47);
							_t68 = 0x80070490;
							_push("Failed to find embedded payload: %ls");
							L33:
							_push(_t68);
							E008FFB09();
						} else {
							_t66 = _t67;
							_v20 = _t67;
							do {
								_t59 =  *_t69 + _t66;
								if( *((intOrPtr*)(_t59 + 4)) != 2) {
									goto L10;
								} else {
									_t64 = _a8;
									if(_t64 == 0 ||  *((intOrPtr*)(_t59 + 0x3c)) == _t64) {
										_t12 = _t59 + 0x38; // 0xfffeb88d
										if(CompareStringW(0x7f, _t67,  *_t12, 0xffffffff, _t47, 0xffffffff) == 2) {
											_t20 = _t59 + 0x50; // 0x8c5516
											_t21 = _t59 + 0x18; // 0x50fffff9
											_t51 = E008C2E55(_t64, _a16,  *_t21, _t20); // executed
											_t68 = _t51;
											if(_t68 < 0) {
												_push("Failed to concat file paths.");
												goto L31;
											} else {
												_t24 = _t59 + 0x50; // 0xb7400ff
												_t68 = E008C3533(_t64,  *_t24,  &_v12);
												if(_t68 < 0) {
													_push("Failed to get directory portion of local file path");
													goto L31;
												} else {
													_t54 = E008C415F(_v12, _t67); // executed
													_t68 = _t54;
													if(_t68 < 0) {
														_push("Failed to ensure directory exists");
														goto L31;
													} else {
														_t26 = _t59 + 0x50; // 0xb7400ff
														_t68 = E008CC4AD(_a12,  *_t26);
														if(_t68 < 0) {
															_push("Failed to extract file.");
															L31:
															_push(_t68);
															E008FFB09();
														} else {
															 *((intOrPtr*)(_t59 + 0x4c)) = 1;
															goto L18;
														}
													}
												}
											}
										} else {
											_t47 = _v24;
											_t66 = _v20;
											goto L9;
										}
									} else {
										L9:
										_t63 = _v16;
										goto L10;
									}
								}
								goto L34;
								L10:
								_t63 = _t63 + 1;
								_t66 = _t66 + 0x58;
								_v16 = _t63;
								_v20 = _t66;
							} while (_t63 <  *((intOrPtr*)(_t69 + 4)));
							_t47 = _v8;
							goto L12;
						}
					}
					L34:
					if(_v8 != 0) {
						E008C2762(_v8);
					}
					if(_v12 != 0) {
						E008C2762(_v12);
					}
					return _t68;
				}
				_t56 = _a4;
				_t68 = _t67;
				if( *((intOrPtr*)(_t56 + 4)) > _t68) {
					_t60 =  *_t56;
					_t65 = _a8;
					do {
						if(_t65 == 0 ||  *((intOrPtr*)(_t60 + 0x3c)) == _t65) {
							if( *((intOrPtr*)(_t60 + 0x4c)) < 1) {
								_t68 = 0x8007000d;
								E008C38BA(_t56, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\payload.cpp", 0x10e, 0x8007000d);
								_push( *_t60);
								_push("Payload was not found in container: %ls");
								goto L33;
							} else {
								goto L24;
							}
						} else {
							goto L24;
						}
						goto L34;
						L24:
						_t67 = _t67 + 1;
						_t60 = _t60 + 0x58;
					} while (_t67 <  *((intOrPtr*)(_t56 + 4)));
				}
				goto L34;
			}






















                                                            0x008ccb8b
                                                            0x008ccb8d
                                                            0x008ccb90
                                                            0x008ccc61
                                                            0x008ccc61
                                                            0x008ccc68
                                                            0x008ccc6d
                                                            0x008ccc75
                                                            0x00000000
                                                            0x00000000
                                                            0x008ccb9a
                                                            0x008cccc0
                                                            0x00000000
                                                            0x008ccba0
                                                            0x008ccba0
                                                            0x008ccba3
                                                            0x008ccba5
                                                            0x008ccba8
                                                            0x008ccbab
                                                            0x008ccbb1
                                                            0x008ccbff
                                                            0x008ccbff
                                                            0x008ccc00
                                                            0x008ccc05
                                                            0x008ccceb
                                                            0x008ccceb
                                                            0x008cccec
                                                            0x008ccbb3
                                                            0x008ccbb3
                                                            0x008ccbb5
                                                            0x008ccbb8
                                                            0x008ccbba
                                                            0x008ccbc0
                                                            0x00000000
                                                            0x008ccbc2
                                                            0x008ccbc2
                                                            0x008ccbc7
                                                            0x008ccbd3
                                                            0x008ccbe2
                                                            0x008ccc0f
                                                            0x008ccc13
                                                            0x008ccc19
                                                            0x008ccc1e
                                                            0x008ccc22
                                                            0x008cccb9
                                                            0x00000000
                                                            0x008ccc28
                                                            0x008ccc2c
                                                            0x008ccc34
                                                            0x008ccc38
                                                            0x008cccb2
                                                            0x00000000
                                                            0x008ccc3a
                                                            0x008ccc3e
                                                            0x008ccc43
                                                            0x008ccc47
                                                            0x008cccab
                                                            0x00000000
                                                            0x008ccc49
                                                            0x008ccc49
                                                            0x008ccc54
                                                            0x008ccc58
                                                            0x008ccca4
                                                            0x008cccc5
                                                            0x008cccc5
                                                            0x008cccc6
                                                            0x008ccc5a
                                                            0x008ccc5a
                                                            0x00000000
                                                            0x008ccc5a
                                                            0x008ccc58
                                                            0x008ccc47
                                                            0x008ccc38
                                                            0x008ccbe4
                                                            0x008ccbe4
                                                            0x008ccbe7
                                                            0x00000000
                                                            0x008ccbe7
                                                            0x008ccbea
                                                            0x008ccbea
                                                            0x008ccbea
                                                            0x00000000
                                                            0x008ccbea
                                                            0x008ccbc7
                                                            0x00000000
                                                            0x008ccbed
                                                            0x008ccbed
                                                            0x008ccbee
                                                            0x008ccbf1
                                                            0x008ccbf4
                                                            0x008ccbf7
                                                            0x008ccbfc
                                                            0x00000000
                                                            0x008ccbfc
                                                            0x008ccbb1
                                                            0x008cccf4
                                                            0x008cccf8
                                                            0x008cccfd
                                                            0x008cccfd
                                                            0x008ccd06
                                                            0x008ccd0b
                                                            0x008ccd0b
                                                            0x008ccd16
                                                            0x008ccd16
                                                            0x008ccc7b
                                                            0x008ccc7e
                                                            0x008ccc83
                                                            0x008ccc85
                                                            0x008ccc87
                                                            0x008ccc8a
                                                            0x008ccc8c
                                                            0x008ccc97
                                                            0x008ccccf
                                                            0x008cccdf
                                                            0x008ccce4
                                                            0x008ccce6
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008ccc99
                                                            0x008ccc99
                                                            0x008ccc9a
                                                            0x008ccc9d
                                                            0x008ccca2
                                                            0x00000000

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,00000001,000000FF,?,00000001,008C53FA,00000000,008C54C6,008C5482,WixBundleUILevel,840F01E8,?,00000001), ref: 008CCBD9
                                                            Strings
                                                            • Failed to concat file paths., xrefs: 008CCCB9
                                                            • Failed to ensure directory exists, xrefs: 008CCCAB
                                                            • Failed to extract file., xrefs: 008CCCA4
                                                            • c:\agent\_work\66\s\src\burn\engine\payload.cpp, xrefs: 008CCCDA
                                                            • Failed to find embedded payload: %ls, xrefs: 008CCC05
                                                            • Failed to get next stream., xrefs: 008CCCC0
                                                            • Payload was not found in container: %ls, xrefs: 008CCCE6
                                                            • Failed to get directory portion of local file path, xrefs: 008CCCB2
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$c:\agent\_work\66\s\src\burn\engine\payload.cpp
                                                            • API String ID: 1825529933-3317369491
                                                            • Opcode ID: 2509dd1811c966915a7539692e17b4c230da1ae845f255bc689b9068d441151f
                                                            • Instruction ID: f6124051bce5b5d2aee078837ec8626391379415cf4cfed75c1f46826f18e082
                                                            • Opcode Fuzzy Hash: 2509dd1811c966915a7539692e17b4c230da1ae845f255bc689b9068d441151f
                                                            • Instruction Fuzzy Hash: 9941AC31900229EFCF259F98C991FAEBBB5FF40724B14816DE919EB291C270DE40DB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C9C2D Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 72%
                                                            			E008C9C2D(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed short _t16;
				signed int _t17;
				signed short _t18;
				signed short _t19;
				signed short _t28;
				signed int _t31;
				signed short _t36;

				_v8 = _v8 & 0x00000000;
				_t33 = _a4;
				_t16 = E008C7303(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0); // executed
				_t36 = _t16;
				if(_t36 >= 0) {
					_t17 = GetFileAttributesW(_v8); // executed
					_t31 = _t17;
					__eflags = _t31 - 0xffffffff;
					if(_t31 != 0xffffffff) {
						_t18 = 0;
						_t28 = 0;
						__eflags = _t31 & 0x00000010;
						if((_t31 & 0x00000010) == 0) {
							_t18 = 1;
							__eflags = 1;
							goto L15;
						}
						goto L16;
					} else {
						_t36 = GetLastError();
						__eflags = _t36 - 2;
						if(_t36 == 2) {
							L11:
							_push(_v8);
							E008FFFF0(2, "File search: %ls, did not find path: %ls",  *_t33);
							goto L12;
						} else {
							__eflags = _t36 - 3;
							if(_t36 == 3) {
								goto L11;
							} else {
								__eflags = _t36;
								if(__eflags == 0) {
									L12:
									_t18 = 0;
									L15:
									_t28 = 0;
									__eflags = 0;
									L16:
									_t19 = E008C8274(_a8,  *((intOrPtr*)(_t33 + 4)), _t18, _t28, 0); // executed
									_t36 = _t19;
									__eflags = _t36;
									if(_t36 < 0) {
										_push("Failed to set variable.");
										goto L18;
									}
								} else {
									if(__eflags > 0) {
										_t36 = _t36 & 0x0000ffff | 0x80070000;
										__eflags = _t36;
									}
									if(__eflags >= 0) {
										_t36 = 0x80004005;
									}
									E008C38BA(_t23, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x28b, _t36);
									E008FFB09(_t36, "Failed get to file attributes. \'%ls\'",  *((intOrPtr*)(_t33 + 0x14)));
								}
							}
						}
					}
				} else {
					_push("Failed to format variable string.");
					L18:
					_push(_t36);
					E008FFB09();
				}
				E008C287D(_v8);
				return _t36;
			}











                                                            0x008c9c31
                                                            0x008c9c3a
                                                            0x008c9c46
                                                            0x008c9c4b
                                                            0x008c9c4f
                                                            0x008c9c5e
                                                            0x008c9c64
                                                            0x008c9c66
                                                            0x008c9c69
                                                            0x008c9cd0
                                                            0x008c9cd2
                                                            0x008c9cd4
                                                            0x008c9cda
                                                            0x008c9cdc
                                                            0x008c9cdc
                                                            0x00000000
                                                            0x008c9cdc
                                                            0x00000000
                                                            0x008c9c6b
                                                            0x008c9c71
                                                            0x008c9c73
                                                            0x008c9c76
                                                            0x008c9cb8
                                                            0x008c9cb8
                                                            0x008c9cc4
                                                            0x00000000
                                                            0x008c9c78
                                                            0x008c9c78
                                                            0x008c9c7b
                                                            0x00000000
                                                            0x008c9c7d
                                                            0x008c9c7d
                                                            0x008c9c7f
                                                            0x008c9ccc
                                                            0x008c9ccc
                                                            0x008c9cdd
                                                            0x008c9cdd
                                                            0x008c9cdd
                                                            0x008c9cdf
                                                            0x008c9ce9
                                                            0x008c9cee
                                                            0x008c9cf0
                                                            0x008c9cf2
                                                            0x008c9cf4
                                                            0x00000000
                                                            0x008c9cf4
                                                            0x008c9c81
                                                            0x008c9c81
                                                            0x008c9c86
                                                            0x008c9c8c
                                                            0x008c9c8c
                                                            0x008c9c8e
                                                            0x008c9c90
                                                            0x008c9c90
                                                            0x008c9ca0
                                                            0x008c9cae
                                                            0x008c9cb3
                                                            0x008c9c7f
                                                            0x008c9c7b
                                                            0x008c9c76
                                                            0x008c9c51
                                                            0x008c9c51
                                                            0x008c9cf9
                                                            0x008c9cf9
                                                            0x008c9cfa
                                                            0x008c9d00
                                                            0x008c9d04
                                                            0x008c9d0e

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 008C9C46
                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,?,008CA86A,00000100,000002C0,000002C0,?,000002C0,00000100), ref: 008C9C5E
                                                            • GetLastError.KERNEL32(?,008CA86A,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 008C9C6B
                                                            Strings
                                                            • File search: %ls, did not find path: %ls, xrefs: 008C9CBD
                                                            • Failed to set variable., xrefs: 008C9CF4
                                                            • Failed get to file attributes. '%ls', xrefs: 008C9CA8
                                                            • Failed to format variable string., xrefs: 008C9C51
                                                            • @Mqt, xrefs: 008C9C6B
                                                            • c:\agent\_work\66\s\src\burn\engine\search.cpp, xrefs: 008C9C9B
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesErrorFileLastOpen@16
                                                            • String ID: @Mqt$Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$c:\agent\_work\66\s\src\burn\engine\search.cpp
                                                            • API String ID: 1811509786-2951974597
                                                            • Opcode ID: 77b312708aa0dac4000a3e9c682526ef164ee4507e7fb20b57dac364eb84c810
                                                            • Instruction ID: 63ba22684b17977435c6afdf815ffefda06173e9a4b3e3bec5c2c326fe7af6bd
                                                            • Opcode Fuzzy Hash: 77b312708aa0dac4000a3e9c682526ef164ee4507e7fb20b57dac364eb84c810
                                                            • Instruction Fuzzy Hash: C521F933940125BBDB1166A89D0BFAEBAB5FF00720F1142A8FE41F61D1D771DE10A6D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FFDEF Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 116fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 98%
                                                            			E008FFDEF(void* __ecx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, signed short _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				void* __ebx;
				void* __esi;
				intOrPtr* _t21;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t35;
				signed short _t41;
				void* _t46;
				void* _t47;
				signed short _t49;

				_t47 = __edi;
				_t46 = __edx;
				_t45 = __ecx;
				_push(__ecx);
				_v8 = 0;
				EnterCriticalSection(0x92b5d4);
				_t21 = _a16;
				if(_t21 == 0 ||  *_t21 == 0) {
					_t49 = E008C2E55(_t45, _a4, _a8, "`\xef\xbf					__eflags = _t49;
					if(_t49 < 0) {
						goto L23;
					}
					_t49 = E008C3533(_t45,  *0x92b5cc,  &_v8);
					__eflags = _t49;
					if(_t49 < 0) {
						goto L23;
					}
					_t49 = E008C415F(_v8, 0);
					__eflags = _t49;
					if(_t49 < 0) {
						goto L23;
					}
					__eflags = _a20;
					_t31 = CreateFileW( *0x92b5cc, 0x40000000, 1, 0, 2 + (0 | _a20 != 0x00000000) * 2, 0x80, 0);
					 *0x92a774 = _t31;
					__eflags = _t31 - 0xffffffff;
					if(_t31 != 0xffffffff) {
						L13:
						__eflags = _a20;
						if(_a20 != 0) {
							SetFilePointer(_t31, 0, 0, 2);
						}
						goto L15;
					}
					_t49 = GetLastError();
					__eflags = _t49;
					if(__eflags > 0) {
						_t49 = _t49 & 0x0000ffff | 0x80070000;
						__eflags = _t49;
					}
					if(__eflags >= 0) {
						_t31 =  *0x92a774; // 0x22c
						goto L13;
					} else {
						E008C38BA(_t39, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\logutil.cpp", 0x81, _t49);
						goto L23;
					}
				} else {
					_t41 = E008C2EBC(_t46, _a4, _a8, _a12, _t21, "`\xef\xbf\xbd{", 0x92a774); // 					_t49 = _t41;
					if(_t49 < 0) {
						L23:
						LeaveCriticalSection(0x92b5d4);
						if(_v8 != 0) {
							E008C2762(_v8);
						}
						return _t49;
					} else {
						L15:
						if(_a24 != 0) {
							E008FFBC6(0, _t46, _t47, _t49);
						}
						_t32 =  *0x92b5d0; // 0x0
						if(_t32 != 0) {
							E0090002E(_t45, _t32);
							_t35 =  *0x92b5d0; // 0x0
							if(_t35 != 0) {
								E008C2762(_t35);
								 *0x92b5d0 = 0;
							}
						}
						if(_a28 == 0) {
							L22:
							 *0x92b5c8 = 0;
							goto L23;
						} else {
							_t49 = E008C229E(_a28,  *0x92b5cc, 0);
							if(_t49 < 0) {
								goto L23;
							}
							goto L22;
						}
					}
				}
			}














                                                            0x008ffdef
                                                            0x008ffdef
                                                            0x008ffdef
                                                            0x008ffdf2
                                                            0x008ffdfc
                                                            0x008ffdff
                                                            0x008ffe05
                                                            0x008ffe0a
                                                            0x008ffe49
                                                            0x008ffe4b
                                                            0x008ffe4d
                                                            0x00000000
                                                            0x00000000
                                                            0x008ffe62
                                                            0x008ffe64
                                                            0x008ffe66
                                                            0x00000000
                                                            0x00000000
                                                            0x008ffe75
                                                            0x008ffe77
                                                            0x008ffe79
                                                            0x00000000
                                                            0x00000000
                                                            0x008ffe81
                                                            0x008ffea3
                                                            0x008ffea9
                                                            0x008ffeae
                                                            0x008ffeb1
                                                            0x008ffee3
                                                            0x008ffee3
                                                            0x008ffee6
                                                            0x008ffeed
                                                            0x008ffeed
                                                            0x00000000
                                                            0x008ffee6
                                                            0x008ffeb9
                                                            0x008ffebb
                                                            0x008ffebd
                                                            0x008ffec2
                                                            0x008ffec8
                                                            0x008ffec8
                                                            0x008ffeca
                                                            0x008ffede
                                                            0x00000000
                                                            0x008ffecc
                                                            0x008ffed7
                                                            0x00000000
                                                            0x008ffed7
                                                            0x008ffe11
                                                            0x008ffe25
                                                            0x008ffe2a
                                                            0x008ffe2e
                                                            0x008fff41
                                                            0x008fff46
                                                            0x008fff4f
                                                            0x008fff54
                                                            0x008fff54
                                                            0x008fff5e
                                                            0x008ffe34
                                                            0x008ffef3
                                                            0x008ffef6
                                                            0x008ffef8
                                                            0x008ffef8
                                                            0x008ffefd
                                                            0x008fff04
                                                            0x008fff07
                                                            0x008fff0c
                                                            0x008fff13
                                                            0x008fff16
                                                            0x008fff1b
                                                            0x008fff1b
                                                            0x008fff13
                                                            0x008fff24
                                                            0x008fff3b
                                                            0x008fff3b
                                                            0x00000000
                                                            0x008fff26
                                                            0x008fff35
                                                            0x008fff39
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008fff39
                                                            0x008fff24
                                                            0x008ffe2e

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(0092B5D4,00000000,?,?,?,008D4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008C5537,?), ref: 008FFDFF
                                                            • CreateFileW.KERNEL32(40000000,00000001,00000000,00000000,00000080,00000000,?,00000000,?,?,?,`{,?,008D4192,00000000,Setup), ref: 008FFEA3
                                                            • GetLastError.KERNEL32(?,008D4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008C5537,?,?,?), ref: 008FFEB3
                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,008D4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008C5537,?), ref: 008FFEED
                                                              • Part of subcall function 008C2EBC: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 008C3006
                                                            • LeaveCriticalSection.KERNEL32(0092B5D4,?,?,`{,?,008D4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008C5537,?), ref: 008FFF46
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                            • String ID: @Mqt$`{$c:\agent\_work\66\s\src\libs\dutil\logutil.cpp
                                                            • API String ID: 4111229724-466672916
                                                            • Opcode ID: 5959d9c7528d239dbdaa7aa4b93ef74f1a6ee0ce4673b211320dae4d9b758187
                                                            • Instruction ID: 13340ef1bb7bc74de17fb461686d35affac2bcffd9fc88f200b8b560de2c966b
                                                            • Opcode Fuzzy Hash: 5959d9c7528d239dbdaa7aa4b93ef74f1a6ee0ce4673b211320dae4d9b758187
                                                            • Instruction Fuzzy Hash: 4131627191422EAFDB216F74EC45E6A3BA9FF00754B044135FB00EA1A2DB75CD11ABA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CF7B4 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 73%
                                                            			E008CF7B4(intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				void* _t35;
				void* _t37;
				void* _t46;
				void* _t48;
				void* _t50;
				intOrPtr* _t53;
				void* _t58;
				void* _t65;
				void* _t66;

				_t61 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				if(E008C2022( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_a4 + 0x50))) >= 0) {
					_t35 = E00900823( *((intOrPtr*)(_t61 + 0x4c)), _v16, 1,  &_v12); // executed
					if(_t35 < 0) {
						_t37 = E00900823( *((intOrPtr*)(_t61 + 0x4c)),  *((intOrPtr*)(_t61 + 0x50)), 1,  &_v8); // executed
						_t65 = _t37;
						if(_t65 == 0x80070002 || _t65 == 0x80070003) {
							 *_a8 = 0;
							goto L23;
						} else {
							if(_t65 >= 0) {
								_t66 = E009008D7(_t58, _v8, L"Resume",  &_v20);
								if(_t66 != 0x80070002) {
									if(_t66 >= 0) {
										_t46 = _v20 - 1;
										if(_t46 == 0) {
											 *_a8 = 2;
										} else {
											_t48 = _t46 - 1;
											if(_t48 == 0) {
												 *_a8 = 5;
											} else {
												_t50 = _t48 - 1;
												if(_t50 == 0) {
													 *_a8 = 6;
												} else {
													_t53 = _a8;
													if(_t50 == 1) {
														 *_t53 = 4;
													} else {
														 *_t53 = 1;
													}
												}
											}
										}
										goto L24;
									}
									_push("Failed to read Resume value.");
									goto L2;
								}
								 *_a8 = 1;
								goto L23;
							} else {
								_push("Failed to open registration key.");
								goto L2;
							}
						}
					} else {
						 *_a8 = 3;
						L23:
						_t66 = 0;
						goto L24;
					}
				} else {
					_push("Failed to format pending restart registry key to read.");
					L2:
					_push(_t66);
					E008FFB09();
					L24:
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v16 != 0) {
						E008C2762(_v16);
					}
					return _t66;
				}
			}
















                                                            0x008cf7bd
                                                            0x008cf7c5
                                                            0x008cf7c8
                                                            0x008cf7ce
                                                            0x008cf7d7
                                                            0x008cf7e6
                                                            0x008cf806
                                                            0x008cf80d
                                                            0x008cf829
                                                            0x008cf82e
                                                            0x008cf837
                                                            0x008cf8d2
                                                            0x00000000
                                                            0x008cf849
                                                            0x008cf84b
                                                            0x008cf865
                                                            0x008cf869
                                                            0x008cf878
                                                            0x008cf887
                                                            0x008cf88a
                                                            0x008cf8c7
                                                            0x008cf88c
                                                            0x008cf88c
                                                            0x008cf88f
                                                            0x008cf8bc
                                                            0x008cf891
                                                            0x008cf891
                                                            0x008cf894
                                                            0x008cf8b1
                                                            0x008cf896
                                                            0x008cf899
                                                            0x008cf89c
                                                            0x008cf8a6
                                                            0x008cf89e
                                                            0x008cf89e
                                                            0x008cf89e
                                                            0x008cf89c
                                                            0x008cf894
                                                            0x008cf88f
                                                            0x00000000
                                                            0x008cf88a
                                                            0x008cf87a
                                                            0x00000000
                                                            0x008cf87a
                                                            0x008cf86e
                                                            0x00000000
                                                            0x008cf84d
                                                            0x008cf84d
                                                            0x00000000
                                                            0x008cf84d
                                                            0x008cf84b
                                                            0x008cf80f
                                                            0x008cf812
                                                            0x008cf8d4
                                                            0x008cf8d4
                                                            0x00000000
                                                            0x008cf8d4
                                                            0x008cf7e8
                                                            0x008cf7e8
                                                            0x008cf7ed
                                                            0x008cf7ed
                                                            0x008cf7ee
                                                            0x008cf8d6
                                                            0x008cf8df
                                                            0x008cf8e4
                                                            0x008cf8e6
                                                            0x008cf8e6
                                                            0x008cf8ec
                                                            0x008cf8f1
                                                            0x008cf8f3
                                                            0x008cf8f3
                                                            0x008cf8f9
                                                            0x008cf8fe
                                                            0x008cf8fe
                                                            0x008cf909
                                                            0x008cf909

                                                            APIs
                                                            • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 008CF8E4
                                                            • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 008CF8F1
                                                            Strings
                                                            • Resume, xrefs: 008CF858
                                                            • Failed to open registration key., xrefs: 008CF84D
                                                            • %ls.RebootRequired, xrefs: 008CF7D1
                                                            • Failed to read Resume value., xrefs: 008CF87A
                                                            • Failed to format pending restart registry key to read., xrefs: 008CF7E8
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                            • API String ID: 3535843008-3890505273
                                                            • Opcode ID: 4851d11314f500edfbb8b573ffe39da2c2d6247705c342b5275c4dcb312f0c83
                                                            • Instruction ID: 972b44b4105fdfb363bfa1d6e64123d1310e3f71c3ca9eb2f462a21fa83dba33
                                                            • Opcode Fuzzy Hash: 4851d11314f500edfbb8b573ffe39da2c2d6247705c342b5275c4dcb312f0c83
                                                            • Instruction Fuzzy Hash: F1413C3190011EAFEB119F98C981FA9BBB6FF44314F11817AEA14EB252D3B1DE409B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E0937 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 74fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 60%
                                                            			E008E0937(void* __ecx, void* _a8, long _a12) {
				long _v8;
				intOrPtr _t25;
				signed int _t27;
				intOrPtr _t38;
				signed int _t41;
				signed short _t45;
				long _t49;

				_t41 =  *0x92aa94; // 0x0
				_t45 = 0;
				_v8 = 0;
				_t38 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t41 * 4)) + 4));
				_t25 =  *((intOrPtr*)(_t38 + 0x2c));
				if(_t25 == 0) {
					_t27 = WriteFile( *(_t38 + 0x3c), _a8, _a12,  &_v8, 0); // executed
					__eflags = _t27;
					if(_t27 != 0) {
						L11:
						 *(_t38 + 0x30) = _t45;
						if(_t45 >= 0) {
							return _v8;
						} else {
							return _t27 | 0xffffffff;
						}
					}
					_t45 = GetLastError();
					__eflags = _t45;
					if(__eflags > 0) {
						_t45 = _t45 & 0x0000ffff | 0x80070000;
						__eflags = _t45;
					}
					if(__eflags >= 0) {
						_t45 = 0x80004005;
					}
					E008C38BA(_t30, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x304, _t45);
					_push("Failed to write during cabinet extraction.");
					L10:
					_push(_t45);
					_t27 = E008FFB09();
					goto L11;
				}
				if(_t25 == 1) {
					_t49 = _a12;
					_t27 = E008C3C78( *((intOrPtr*)(_t38 + 0x40)) +  *((intOrPtr*)(_t38 + 0x48)),  *((intOrPtr*)(_t38 + 0x44)) -  *((intOrPtr*)(_t38 + 0x48)), _a8, _t49);
					 *((intOrPtr*)(_t38 + 0x48)) =  *((intOrPtr*)(_t38 + 0x48)) + _t49;
					_v8 = _t49;
					goto L11;
				}
				_t45 = 0x8007139f;
				_push("Unexpected call to CabWrite().");
				goto L10;
			}










                                                            0x008e093b
                                                            0x008e0949
                                                            0x008e094e
                                                            0x008e0951
                                                            0x008e095b
                                                            0x008e095e
                                                            0x008e09a6
                                                            0x008e09ac
                                                            0x008e09ae
                                                            0x008e09eb
                                                            0x008e09eb
                                                            0x008e09f2
                                                            0x008e09fd
                                                            0x008e09f4
                                                            0x008e09f8
                                                            0x008e09f8
                                                            0x008e09f2
                                                            0x008e09b6
                                                            0x008e09b8
                                                            0x008e09ba
                                                            0x008e09bf
                                                            0x008e09c5
                                                            0x008e09c5
                                                            0x008e09c7
                                                            0x008e09c9
                                                            0x008e09c9
                                                            0x008e09d9
                                                            0x008e09de
                                                            0x008e09e3
                                                            0x008e09e3
                                                            0x008e09e4
                                                            0x00000000
                                                            0x008e09ea
                                                            0x008e0963
                                                            0x008e0978
                                                            0x008e0987
                                                            0x008e098f
                                                            0x008e0992
                                                            0x00000000
                                                            0x008e0995
                                                            0x008e0965
                                                            0x008e096a
                                                            0x00000000

                                                            APIs
                                                            Strings
                                                            • Unexpected call to CabWrite()., xrefs: 008E096A
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 008E09D4
                                                            • Failed to write during cabinet extraction., xrefs: 008E09DE
                                                            • @Mqt, xrefs: 008E09B0
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastWrite_memcpy_s
                                                            • String ID: @Mqt$Failed to write during cabinet extraction.$Unexpected call to CabWrite().$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 1970631241-699930843
                                                            • Opcode ID: 02ce8ee78a97b919f69357c66d17469568a8399dd376f0a12d80951bd41f7af4
                                                            • Instruction ID: 4d981c25b5e58ec2c4d0be3adeddc67670b2cd86726b29a5cf244d7b76d6732c
                                                            • Opcode Fuzzy Hash: 02ce8ee78a97b919f69357c66d17469568a8399dd376f0a12d80951bd41f7af4
                                                            • Instruction Fuzzy Hash: 15210E76604209ABDB00EF6ED881E9A3BB9FF86328B110459FE04D7247E2B5DD40DB60
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00900141 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 80%
                                                            			E00900141(void* _a4, signed int* _a8) {
				void* _v8;
				void _v12;
				long _v16;
				int _t20;
				signed short _t30;
				signed short _t35;

				_t30 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				if(OpenProcessToken(_a4, 8,  &_v8) != 0) {
					_t20 = GetTokenInformation(_v8, 0x14,  &_v12, 4,  &_v16); // executed
					if(_t20 == 0) {
						_t30 = GetLastError();
						if(_t30 > 0) {
							_t30 = _t30 & 0x0000ffff | 0x80070000;
						}
						if(_t30 != 0x80070057) {
							if(_t30 < 0) {
								_push(_t30);
								_push(0x35);
								goto L14;
							}
						} else {
							_t30 = 0;
							 *_a8 = 0;
						}
					} else {
						 *_a8 = 0 | _v12 != 0x00000000;
					}
				} else {
					_t30 = GetLastError();
					if(_t30 > 0) {
						_t30 = _t30 & 0x0000ffff | 0x80070000;
						_t35 = _t30;
					}
					if(_t35 >= 0) {
						_t30 = 0x80004005;
					}
					_push(_t30);
					_push(0x21);
					L14:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\procutil.cpp");
					E008C38BA(_t21);
				}
				if(_v8 != 0) {
					FindCloseChangeNotification(_v8); // executed
				}
				return _t30;
			}









                                                            0x00900154
                                                            0x00900156
                                                            0x00900159
                                                            0x0090015c
                                                            0x00900167
                                                            0x0090019b
                                                            0x009001a3
                                                            0x009001ba
                                                            0x009001be
                                                            0x009001c3
                                                            0x009001c3
                                                            0x009001cf
                                                            0x009001dc
                                                            0x009001de
                                                            0x009001df
                                                            0x00000000
                                                            0x009001df
                                                            0x009001d1
                                                            0x009001d4
                                                            0x009001d6
                                                            0x009001d6
                                                            0x009001a5
                                                            0x009001b0
                                                            0x009001b0
                                                            0x00900169
                                                            0x0090016f
                                                            0x00900173
                                                            0x00900178
                                                            0x0090017e
                                                            0x0090017e
                                                            0x00900180
                                                            0x00900182
                                                            0x00900182
                                                            0x00900187
                                                            0x00900188
                                                            0x009001e1
                                                            0x009001e1
                                                            0x009001e6
                                                            0x009001e6
                                                            0x009001ee
                                                            0x009001f3
                                                            0x009001f3
                                                            0x009001fe

                                                            APIs
                                                            • OpenProcessToken.ADVAPI32(?,00000008,?,008C53FA,00000000,?,?,?,?,?,?,?,008D7590,00000000), ref: 0090015F
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,008D7590,00000000), ref: 00900169
                                                            • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,008D7590,00000000), ref: 0090019B
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,008D7590,00000000), ref: 009001B4
                                                            • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,008D7590,00000000), ref: 009001F3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastToken$ChangeCloseFindInformationNotificationOpenProcess
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\procutil.cpp
                                                            • API String ID: 3650908616-3090323974
                                                            • Opcode ID: a209f65b1c1cfaf5f03241ffe0ccb3a2d0ec1f973a43b8e4156877b8c9124a84
                                                            • Instruction ID: f9b84c0d7fcf4cc06252c6ff8c0df5dc9afdb9d572d13a3a934ea83166ec7ad7
                                                            • Opcode Fuzzy Hash: a209f65b1c1cfaf5f03241ffe0ccb3a2d0ec1f973a43b8e4156877b8c9124a84
                                                            • Instruction Fuzzy Hash: 9421AE76D48229FFDB219B958C45B9EBAB8EF80710F118066ED05FB290D3748E00EBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E082C Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 60%
                                                            			E008E082C(union _LARGE_INTEGER* __edx, void* _a4, union _LARGE_INTEGER _a8, intOrPtr _a12) {
				union _LARGE_INTEGER* _v8;
				signed short _v12;
				void* _v16;
				intOrPtr _t32;
				signed short _t36;
				signed int _t37;
				signed short _t41;
				void* _t44;
				union _LARGE_INTEGER _t50;
				signed int _t54;
				union _LARGE_INTEGER* _t55;
				intOrPtr _t60;
				signed short _t63;

				_t54 =  *0x92aa94; // 0x0
				_t63 = 0;
				_v16 = 0;
				_v12 = 0;
				_t60 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t54 * 4)) + 4));
				_t32 = _a12;
				if(_t32 == 0) {
					asm("cdq");
					_t55 = __edx;
					_t50 = _a8.LowPart +  *(_t60 + 8);
					asm("adc ecx, [edi+0xc]");
					L7:
					_v8 = _t55;
					_t36 = E008E1231(__eflags, _t60 + 0x1c, _a4, _t50, _t55,  &_v16, _a12);
					__eflags = _t36;
					if(_t36 == 0) {
						L14:
						_t37 =  *(_t60 + 8);
						_t25 =  &_v16;
						 *_t25 = _v16 - _t37;
						__eflags =  *_t25;
						L15:
						 *(_t60 + 0x30) = _t63;
						if(_t63 >= 0) {
							return _v16;
						} else {
							return _t37 | 0xffffffff;
						}
					}
					_push(_a12);
					_t41 = SetFilePointerEx(_a4, _t50, _v8,  &_v16); // executed
					__eflags = _t41;
					if(_t41 != 0) {
						goto L14;
					}
					_t63 = GetLastError();
					__eflags = _t63;
					if(__eflags > 0) {
						_t63 = _t63 & 0x0000ffff | 0x80070000;
						__eflags = _t63;
					}
					if(__eflags >= 0) {
						_t63 = 0x80004005;
					}
					E008C38BA(_t42, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x345, _t63);
					_t37 = E008FFB09(_t63, "Failed to move file pointer 0x%x bytes.", _a8.LowPart);
					goto L15;
				}
				_t44 = _t32 - 1;
				if(_t44 == 0) {
					asm("cdq");
					_t50 = _a8.LowPart;
					_t55 = __edx;
					goto L7;
				}
				if(_t44 == 1) {
					_t55 =  *((intOrPtr*)(_t60 + 0x14));
					asm("adc ecx, [edi+0xc]");
					asm("cdq");
					_t50 =  *((intOrPtr*)(_t60 + 0x10)) +  *(_t60 + 8) + _a8;
					asm("adc ecx, edx");
					goto L7;
				}
				_t63 = 0x80070057;
				_push("Invalid seek type.");
				_push(0x80070057);
				_t37 = E008FFB09();
				goto L15;
			}
















                                                            0x008e0832
                                                            0x008e0844
                                                            0x008e0846
                                                            0x008e0849
                                                            0x008e084c
                                                            0x008e0855
                                                            0x008e0857
                                                            0x008e089d
                                                            0x008e08a0
                                                            0x008e08a2
                                                            0x008e08a5
                                                            0x008e08a8
                                                            0x008e08ae
                                                            0x008e08bb
                                                            0x008e08c0
                                                            0x008e08c2
                                                            0x008e091d
                                                            0x008e091d
                                                            0x008e0920
                                                            0x008e0920
                                                            0x008e0920
                                                            0x008e0923
                                                            0x008e0923
                                                            0x008e092b
                                                            0x008e0936
                                                            0x008e092d
                                                            0x008e0931
                                                            0x008e0931
                                                            0x008e092b
                                                            0x008e08c4
                                                            0x008e08d2
                                                            0x008e08d8
                                                            0x008e08da
                                                            0x00000000
                                                            0x00000000
                                                            0x008e08e2
                                                            0x008e08e4
                                                            0x008e08e6
                                                            0x008e08eb
                                                            0x008e08f1
                                                            0x008e08f1
                                                            0x008e08f3
                                                            0x008e08f5
                                                            0x008e08f5
                                                            0x008e0905
                                                            0x008e0913
                                                            0x00000000
                                                            0x008e0918
                                                            0x008e0859
                                                            0x008e085c
                                                            0x008e0893
                                                            0x008e0894
                                                            0x008e0896
                                                            0x00000000
                                                            0x008e0896
                                                            0x008e0861
                                                            0x008e0883
                                                            0x008e0886
                                                            0x008e0889
                                                            0x008e088a
                                                            0x008e088c
                                                            0x00000000
                                                            0x008e088c
                                                            0x008e0863
                                                            0x008e0868
                                                            0x008e086d
                                                            0x008e086e
                                                            0x00000000

                                                            APIs
                                                            • SetFilePointerEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 008E08D2
                                                            • GetLastError.KERNEL32(?,?,?), ref: 008E08DC
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 008E0900
                                                            • Failed to move file pointer 0x%x bytes., xrefs: 008E090D
                                                            • @Mqt, xrefs: 008E08DC
                                                            • Invalid seek type., xrefs: 008E0868
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID: @Mqt$Failed to move file pointer 0x%x bytes.$Invalid seek type.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 2976181284-2334122363
                                                            • Opcode ID: 8554e8fa8e60c1697ed270fa14491c43527b01c244bd1f5d775565b2291f5f52
                                                            • Instruction ID: 9544eca9cd90be41ac0dd17c632da0ed8c816ad101fc6631e89d2a2285f9f7f0
                                                            • Opcode Fuzzy Hash: 8554e8fa8e60c1697ed270fa14491c43527b01c244bd1f5d775565b2291f5f52
                                                            • Instruction Fuzzy Hash: 6431AD71A0026AAFDB00DFA9DC45EA9BBB8FF05328B048525F914E7252D3B4E9508FD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00904289 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 98memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 66%
                                                            			E00904289(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				char _v8;
				char _v12;
				long _v16;
				char _v20;
				long _t18;
				signed short _t21;
				intOrPtr _t31;
				long _t33;
				void* _t34;
				signed short _t35;
				signed short _t41;

				_t35 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_t18 =  &_v8;
				_push(_t18);
				_push(_a4);
				L00908DD2();
				_t33 = _t18;
				_v16 = _t33;
				if(_t33 != 0) {
					L6:
					_t19 = GlobalAlloc(0, _t33);
					_t34 = _t19;
					__eflags = _t34;
					if(_t34 != 0) {
						_push(_t34);
						_push(_v16);
						_push(_v8);
						_push(_a4);
						L00908DF3(); // executed
						__eflags = _t19;
						if(_t19 != 0) {
							L14:
							_push( &_v20);
							_t21 =  &_v12;
							_push(_t21);
							_push("\\");
							_push(_t34);
							L00908E03();
							__eflags = _t21;
							if(_t21 != 0) {
								L19:
								_t31 = _v12;
								 *_a8 =  *((intOrPtr*)(_t31 + 8));
								 *_a12 =  *((intOrPtr*)(_t31 + 0xc));
							} else {
								_t35 = GetLastError();
								__eflags = _t35;
								if(__eflags > 0) {
									_t35 = _t35 & 0x0000ffff | 0x80070000;
									__eflags = _t35;
								}
								if(__eflags >= 0) {
									goto L19;
								} else {
									_push(_t35);
									_push(0x122);
									goto L13;
								}
							}
						} else {
							_t35 = GetLastError();
							__eflags = _t35;
							if(__eflags > 0) {
								_t35 = _t35 & 0x0000ffff | 0x80070000;
								__eflags = _t35;
							}
							if(__eflags >= 0) {
								goto L14;
							} else {
								_push(_t35);
								_push(0x11d);
								L13:
								_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp");
								E008C38BA(_t25);
							}
						}
						GlobalFree(_t34);
					} else {
						_t35 = 0x8007000e;
						_push(0x8007000e);
						_push(0x119);
						goto L5;
					}
				} else {
					_t35 = GetLastError();
					if(_t35 > 0) {
						_t35 = _t35 & 0x0000ffff | 0x80070000;
						_t41 = _t35;
					}
					if(_t41 >= 0) {
						goto L6;
					} else {
						_push(_t35);
						_push(0x115);
						L5:
						_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp");
						E008C38BA(_t19);
					}
				}
				return _t35;
			}














                                                            0x00904294
                                                            0x00904296
                                                            0x00904299
                                                            0x0090429c
                                                            0x0090429f
                                                            0x009042a2
                                                            0x009042a3
                                                            0x009042a6
                                                            0x009042b1
                                                            0x009042b3
                                                            0x009042b8
                                                            0x009042e4
                                                            0x009042e7
                                                            0x009042ed
                                                            0x009042ef
                                                            0x009042f1
                                                            0x00904300
                                                            0x00904301
                                                            0x00904304
                                                            0x00904307
                                                            0x0090430a
                                                            0x0090430f
                                                            0x00904311
                                                            0x0090433a
                                                            0x0090433d
                                                            0x0090433e
                                                            0x00904341
                                                            0x00904342
                                                            0x00904347
                                                            0x00904348
                                                            0x0090434d
                                                            0x0090434f
                                                            0x0090436e
                                                            0x0090436e
                                                            0x00904377
                                                            0x0090437f
                                                            0x00904351
                                                            0x00904353
                                                            0x00904355
                                                            0x00904357
                                                            0x0090435c
                                                            0x00904362
                                                            0x00904362
                                                            0x00904364
                                                            0x00000000
                                                            0x00904366
                                                            0x00904366
                                                            0x00904367
                                                            0x00000000
                                                            0x00904367
                                                            0x00904364
                                                            0x00904313
                                                            0x00904315
                                                            0x00904317
                                                            0x00904319
                                                            0x0090431e
                                                            0x00904324
                                                            0x00904324
                                                            0x00904326
                                                            0x00000000
                                                            0x00904328
                                                            0x00904328
                                                            0x00904329
                                                            0x0090432e
                                                            0x0090432e
                                                            0x00904333
                                                            0x00904333
                                                            0x00904326
                                                            0x00904382
                                                            0x009042f3
                                                            0x009042f3
                                                            0x009042f8
                                                            0x009042f9
                                                            0x00000000
                                                            0x009042f9
                                                            0x009042ba
                                                            0x009042bc
                                                            0x009042c0
                                                            0x009042c5
                                                            0x009042cb
                                                            0x009042cb
                                                            0x009042cd
                                                            0x00000000
                                                            0x009042cf
                                                            0x009042cf
                                                            0x009042d0
                                                            0x009042d5
                                                            0x009042d5
                                                            0x009042da
                                                            0x009042da
                                                            0x009042cd
                                                            0x0090438e

                                                            APIs
                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 009042BA
                                                            • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 009042E7
                                                            • GetLastError.KERNEL32(?,00000000,?,00000000), ref: 00904313
                                                            • GetLastError.KERNEL32(00000000,0090A800,?,00000000,?,00000000,?,00000000), ref: 00904351
                                                            • GlobalFree.KERNEL32 ref: 00904382
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$Global$AllocFree
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 1145190524-1324176156
                                                            • Opcode ID: 0caa637bf8fa2618ecd91e8cf4fb5faf3db7a8d564690b8c8c7710238c66e05c
                                                            • Instruction ID: 28462cd015702cdb0e9095b131fd7c6e6d51b5b868489470ddadb9997b3618b2
                                                            • Opcode Fuzzy Hash: 0caa637bf8fa2618ecd91e8cf4fb5faf3db7a8d564690b8c8c7710238c66e05c
                                                            • Instruction Fuzzy Hash: DF31B176A4023AAFC7219A998D01FAFBAB8EF84750F114225FE54EB2C1D634DC0096D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C415F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008C415F(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8) {
				int _t6;
				long _t8;
				signed int _t9;
				short _t13;
				WCHAR* _t18;
				WCHAR* _t20;
				signed int _t21;
				WCHAR* _t22;
				void* _t23;
				WCHAR* _t24;
				signed short _t25;

				_t22 = _a4;
				_t25 = 0;
				_t6 = CreateDirectoryW(_t22, _a8); // executed
				if(_t6 != 0) {
					L20:
					return _t25;
				}
				_t8 = GetLastError();
				if(_t8 != 0xb7) {
					if(_t8 == 3 || E008C4238(_t22, 0) == 0) {
						_t9 =  *_t22 & 0x0000ffff;
						_t20 = _t22;
						_t18 = 0;
						if(_t9 == 0) {
							L18:
							_t25 = 0x80070003;
							E008C38BA(_t9, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dirutil.cpp", 0x72, 0x80070003);
							goto L19;
						} else {
							_t21 = _t9;
							_t23 = 0x5c;
							do {
								if(_t21 == _t23) {
									_t18 = _t20;
								}
								_t20 =  &(_t20[1]);
								_t9 =  *_t20 & 0x0000ffff;
								_t21 = _t9;
							} while (_t9 != 0);
							_t24 = _a4;
							if(_t18 == 0) {
								goto L18;
							}
							 *_t18 = 0;
							_t25 = E008C415F(_t24, _a8);
							_t13 = 0x5c;
							 *_t18 = _t13;
							if(_t25 >= 0) {
								if(CreateDirectoryW(_t24, _a8) != 0) {
									_t25 = 0;
								} else {
									_t25 = GetLastError();
									if(_t25 != 0xb7) {
										if(_t25 > 0) {
											_t25 = _t25 & 0x0000ffff | 0x80070000;
										}
									} else {
										_t25 = 1;
									}
								}
							}
							L19:
							goto L20;
						}
					} else {
						goto L2;
					}
				}
				L2:
				_t25 = 0;
				goto L20;
			}














                                                            0x008c4167
                                                            0x008c416a
                                                            0x008c416d
                                                            0x008c4175
                                                            0x008c4231
                                                            0x008c4235
                                                            0x008c4235
                                                            0x008c417b
                                                            0x008c4186
                                                            0x008c4192
                                                            0x008c41a0
                                                            0x008c41a3
                                                            0x008c41a6
                                                            0x008c41ab
                                                            0x008c421d
                                                            0x008c421d
                                                            0x008c422a
                                                            0x00000000
                                                            0x008c41ad
                                                            0x008c41af
                                                            0x008c41b1
                                                            0x008c41b2
                                                            0x008c41b5
                                                            0x008c41b7
                                                            0x008c41b7
                                                            0x008c41b9
                                                            0x008c41bc
                                                            0x008c41bf
                                                            0x008c41c1
                                                            0x008c41c6
                                                            0x008c41cb
                                                            0x00000000
                                                            0x00000000
                                                            0x008c41d3
                                                            0x008c41db
                                                            0x008c41df
                                                            0x008c41e0
                                                            0x008c41e5
                                                            0x008c41f3
                                                            0x008c4219
                                                            0x008c41f5
                                                            0x008c41fb
                                                            0x008c4203
                                                            0x008c420c
                                                            0x008c4211
                                                            0x008c4211
                                                            0x008c4205
                                                            0x008c4207
                                                            0x008c4207
                                                            0x008c4203
                                                            0x008c41f3
                                                            0x008c422f
                                                            0x00000000
                                                            0x008c422f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c4192
                                                            0x008c4188
                                                            0x008c4188
                                                            0x00000000

                                                            APIs
                                                            • CreateDirectoryW.KERNEL32(?,840F01E8,00000000,00000000,?,008D9FBC,00000000,00000000,?,00000000,008C53FA,00000000,?,?,008CD567,?), ref: 008C416D
                                                            • GetLastError.KERNEL32(?,008D9FBC,00000000,00000000,?,00000000,008C53FA,00000000,?,?,008CD567,?,00000000,00000000), ref: 008C417B
                                                            • CreateDirectoryW.KERNEL32(?,840F01E8,008C54C6,?,008D9FBC,00000000,00000000,?,00000000,008C53FA,00000000,?,?,008CD567,?,00000000), ref: 008C41EB
                                                            • GetLastError.KERNEL32(?,008D9FBC,00000000,00000000,?,00000000,008C53FA,00000000,?,?,008CD567,?,00000000,00000000), ref: 008C41F5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectoryErrorLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                            • API String ID: 1375471231-1593865099
                                                            • Opcode ID: 63c050564d9af841fc95bc9d3911c1ab5e19933704b50573e7abf5062415bf80
                                                            • Instruction ID: c90df502148be1896ef92f444ad555eb02c53f9054a1e8805fd7ac2d79acf25c
                                                            • Opcode Fuzzy Hash: 63c050564d9af841fc95bc9d3911c1ab5e19933704b50573e7abf5062415bf80
                                                            • Instruction Fuzzy Hash: 12213836644231ABDB311AA55C21F3BB6B9FF65B60F16502EFD44EB240D234CCC1A2D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E09FE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 63%
                                                            			E008E09FE(intOrPtr _a4, intOrPtr _a8) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				intOrPtr _t23;
				void* _t35;
				intOrPtr _t43;
				signed int _t44;

				_t43 = _a4;
				_t44 = 0;
				_v20.dwLowDateTime = 0;
				_v20.dwHighDateTime = 0;
				_v12.dwLowDateTime = 0;
				_v12.dwHighDateTime = 0;
				_t23 =  *((intOrPtr*)(_t43 + 0x2c));
				if(_t23 == 0) {
					if(DosDateTimeToFileTime( *(_a8 + 0x18) & 0x0000ffff,  *(_a8 + 0x1a) & 0x0000ffff,  &_v20) != 0 && LocalFileTimeToFileTime( &_v20,  &_v12) != 0) {
						SetFileTime( *(_t43 + 0x3c),  &_v12,  &_v12,  &_v12); // executed
					}
					if( *(_t43 + 0x3c) != 0xffffffff) {
						FindCloseChangeNotification( *(_t43 + 0x3c)); // executed
						 *(_t43 + 0x3c) =  *(_t43 + 0x3c) | 0xffffffff;
					}
				} else {
					_t35 = _t23 - 1;
					if(_t35 != 0) {
						_t37 = _t35 == 0;
						if(_t35 == 0) {
							_t44 = 0x80004004;
						} else {
							_t44 = 0x8007139f;
							E008C38BA(_t37, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x296, 0x8007139f);
							_push("Invalid operation for this state.");
							_push(0x8007139f);
							E008FFB09();
						}
					}
				}
				 *(_t43 + 0x30) = _t44;
				_t20 = (_t44 >> 0x0000001f & 0xfffffffe) + 1; // 0x1
				return _t20;
			}









                                                            0x008e0a06
                                                            0x008e0a09
                                                            0x008e0a0b
                                                            0x008e0a0e
                                                            0x008e0a11
                                                            0x008e0a18
                                                            0x008e0a1b
                                                            0x008e0a1e
                                                            0x008e0a73
                                                            0x008e0a90
                                                            0x008e0a90
                                                            0x008e0a9a
                                                            0x008e0a9f
                                                            0x008e0aa5
                                                            0x008e0aa5
                                                            0x008e0a20
                                                            0x008e0a20
                                                            0x008e0a23
                                                            0x008e0a2a
                                                            0x008e0a2d
                                                            0x008e0a53
                                                            0x008e0a2f
                                                            0x008e0a2f
                                                            0x008e0a3f
                                                            0x008e0a44
                                                            0x008e0a49
                                                            0x008e0a4a
                                                            0x008e0a50
                                                            0x008e0a2d
                                                            0x008e0a23
                                                            0x008e0aa9
                                                            0x008e0ab3
                                                            0x008e0ab8

                                                            APIs
                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 008E0A6B
                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 008E0A7D
                                                            • SetFileTime.KERNEL32(?,?,?,?), ref: 008E0A90
                                                            • FindCloseChangeNotification.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,008E0660,?,?), ref: 008E0A9F
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 008E0A3A
                                                            • Invalid operation for this state., xrefs: 008E0A44
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Time$File$ChangeCloseDateFindLocalNotification
                                                            • String ID: Invalid operation for this state.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 1330928052-2444813713
                                                            • Opcode ID: 1046ed942b59169d78b3b740a4009495cd619aeaa3581b72cf507e81ad5790fa
                                                            • Instruction ID: 387caecc1f031c309539e835c9c33655de2adf435297df92d667cca4d137e591
                                                            • Opcode Fuzzy Hash: 1046ed942b59169d78b3b740a4009495cd619aeaa3581b72cf507e81ad5790fa
                                                            • Instruction Fuzzy Hash: BF21DE7291432EAE8B109FA9DC088EA7BBDFF453207108226F860E61D0D3B4D991CBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00902DC7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CoInitialize.OLE32(00000000), ref: 00902DD6
                                                            • InterlockedIncrement.KERNEL32(0092B69C), ref: 00902DF3
                                                            • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,0092B688,?,?,?,?,?,?), ref: 00902E0E
                                                            • CLSIDFromProgID.OLE32(MSXML.DOMDocument,0092B688,?,?,?,?,?,?), ref: 00902E1A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FromProg$IncrementInitializeInterlocked
                                                            • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                            • API String ID: 2109125048-2356320334
                                                            • Opcode ID: 8c92d39f3f3251c902153d4b109f29ddad52a8e1310c82c910570aa4c77ded55
                                                            • Instruction ID: 00803762e9764fdd80b59486f2ecac7405ebc16cc15af85b4235181769d0a59e
                                                            • Opcode Fuzzy Hash: 8c92d39f3f3251c902153d4b109f29ddad52a8e1310c82c910570aa4c77ded55
                                                            • Instruction Fuzzy Hash: FFF0E530788239AFD7311761FC0CF1B2EAAE7D0B65F420024E801C50D8C37498458AF1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00900AB4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 147registrystringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E00900AB4(void* _a4, short* _a8, signed int* _a12, signed int* _a16) {
				int* _v8;
				int _v12;
				int _v16;
				long _t46;
				int* _t50;
				int* _t60;
				signed int _t68;
				signed int _t69;
				unsigned int _t71;
				long _t72;
				signed int _t75;
				signed int _t76;
				unsigned int _t77;
				WCHAR* _t78;
				long _t81;
				long _t87;

				_v16 = 0;
				_t68 = 0;
				_v12 = 0;
				_t77 = 0;
				_v8 = 0;
				_t46 = RegQueryValueExW(_a4, _a8, 0,  &_v16, 0,  &_v12); // executed
				_t71 = _v12;
				if(_t71 == 0) {
					L3:
					_t75 = _t46 & 0x0000ffff | 0x80070000;
					_a8 = _t46;
					if(_t46 > 0) {
						_a8 = _t75;
					}
					_t81 = 0x80070002;
					if(_a8 != 0x80070002) {
						_t87 = _t46;
						if(_t87 == 0) {
							_t72 = _t71 >> 1;
							__eflags = _t72 - _t77;
							if(_t72 == _t77) {
								__eflags = _v16 - 7;
								if(_v16 == 7) {
									__eflags = _t77 - 2;
									if(_t77 >= 2) {
										_t50 = _v8;
										_t76 = 0;
										__eflags = 0 -  *((intOrPtr*)(_t50 + _t77 * 2 - 2));
										if(0 !=  *((intOrPtr*)(_t50 + _t77 * 2 - 2))) {
											L30:
											_t81 = 0x80070057;
										} else {
											__eflags = 0 -  *((intOrPtr*)(_t50 + _t77 * 2 - 4));
											if(0 !=  *((intOrPtr*)(_t50 + _t77 * 2 - 4))) {
												goto L30;
											} else {
												__eflags = _t72;
												if(__eflags != 0) {
													do {
														_t60 = _v8;
														__eflags = 0 -  *((intOrPtr*)(_t60 + _t76 * 2));
														if(0 ==  *((intOrPtr*)(_t60 + _t76 * 2))) {
															_t68 = _t68 + 1;
															__eflags = _t68;
														}
														_t76 = _t76 + 1;
														__eflags = _t76 - _t72;
													} while (__eflags < 0);
												}
												_t33 = _t68 - 1; // -1
												 *_a16 = _t33;
												_t81 = E008C3A01(_a16, __eflags, _a12, _t33, 4, 0);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t69 = 0;
													_t78 = _v8;
													__eflags =  *_a16;
													if( *_a16 > 0) {
														while(1) {
															_t81 = E008C229E( *_a12 + _t69 * 4, _t78, 0);
															__eflags = _t81;
															if(_t81 < 0) {
																goto L31;
															}
															_t78 =  &(( &(_t78[lstrlenW(_t78)]))[1]);
															_t69 = _t69 + 1;
															__eflags = _t69 -  *_a16;
															if(_t69 <  *_a16) {
																continue;
															} else {
															}
															goto L31;
														}
													}
												}
											}
										}
									} else {
										 *_a12 =  *_a12 & _t68;
										 *_a16 =  *_a16 & _t68;
										_t81 = 0;
									}
								} else {
									_t81 = 0x8007070c;
									_push(0x8007070c);
									_push(0x225);
									goto L12;
								}
							} else {
								_t81 = 0x8000ffff;
							}
						} else {
							_t81 = _t46;
							if(_t87 > 0) {
								_t81 = _t75;
							}
							if(_t81 >= 0) {
								_t81 = 0x80004005;
							}
							_push(_t81);
							_push(0x21a);
							L12:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
							E008C38BA(_t46);
						}
					}
				} else {
					_t77 = _t71 >> 1;
					_t81 = E008C1FE0( &_v8, _t77);
					if(_t81 >= 0) {
						_t46 = RegQueryValueExW(_a4, _a8, 0,  &_v16, _v8,  &_v12); // executed
						_t71 = _v12;
						goto L3;
					}
				}
				L31:
				_t47 = _v8;
				if(_v8 != 0) {
					E008C2762(_t47);
				}
				return _t81;
			}



















                                                            0x00900ac7
                                                            0x00900acf
                                                            0x00900ad1
                                                            0x00900ad7
                                                            0x00900ad9
                                                            0x00900adc
                                                            0x00900ae2
                                                            0x00900ae7
                                                            0x00900b1c
                                                            0x00900b1f
                                                            0x00900b25
                                                            0x00900b2a
                                                            0x00900b2c
                                                            0x00900b2c
                                                            0x00900b2f
                                                            0x00900b37
                                                            0x00900b3d
                                                            0x00900b3f
                                                            0x00900b65
                                                            0x00900b67
                                                            0x00900b69
                                                            0x00900b75
                                                            0x00900b79
                                                            0x00900b88
                                                            0x00900b8b
                                                            0x00900b9e
                                                            0x00900ba1
                                                            0x00900ba3
                                                            0x00900ba8
                                                            0x00900c1b
                                                            0x00900c1b
                                                            0x00900baa
                                                            0x00900baa
                                                            0x00900baf
                                                            0x00000000
                                                            0x00900bb1
                                                            0x00900bb1
                                                            0x00900bb3
                                                            0x00900bb5
                                                            0x00900bb5
                                                            0x00900bba
                                                            0x00900bbe
                                                            0x00900bc0
                                                            0x00900bc0
                                                            0x00900bc0
                                                            0x00900bc1
                                                            0x00900bc2
                                                            0x00900bc2
                                                            0x00900bb5
                                                            0x00900bc9
                                                            0x00900bd4
                                                            0x00900bdb
                                                            0x00900bdd
                                                            0x00900bdf
                                                            0x00900be4
                                                            0x00900be6
                                                            0x00900be9
                                                            0x00900beb
                                                            0x00900bed
                                                            0x00900bfe
                                                            0x00900c00
                                                            0x00900c02
                                                            0x00000000
                                                            0x00000000
                                                            0x00900c11
                                                            0x00900c14
                                                            0x00900c15
                                                            0x00900c17
                                                            0x00000000
                                                            0x00000000
                                                            0x00900c19
                                                            0x00000000
                                                            0x00900c17
                                                            0x00900bed
                                                            0x00900beb
                                                            0x00900bdf
                                                            0x00900baf
                                                            0x00900b8d
                                                            0x00900b90
                                                            0x00900b95
                                                            0x00900b97
                                                            0x00900b97
                                                            0x00900b7b
                                                            0x00900b7b
                                                            0x00900b80
                                                            0x00900b81
                                                            0x00000000
                                                            0x00900b81
                                                            0x00900b6b
                                                            0x00900b6b
                                                            0x00900b6b
                                                            0x00900b41
                                                            0x00900b41
                                                            0x00900b43
                                                            0x00900b45
                                                            0x00900b45
                                                            0x00900b49
                                                            0x00900b4b
                                                            0x00900b4b
                                                            0x00900b50
                                                            0x00900b51
                                                            0x00900b56
                                                            0x00900b56
                                                            0x00900b5b
                                                            0x00900b5b
                                                            0x00900b3f
                                                            0x00900ae9
                                                            0x00900aee
                                                            0x00900af7
                                                            0x00900afb
                                                            0x00900b13
                                                            0x00900b19
                                                            0x00000000
                                                            0x00900b19
                                                            0x00900afb
                                                            0x00900c20
                                                            0x00900c20
                                                            0x00900c25
                                                            0x00900c28
                                                            0x00900c28
                                                            0x00900c33

                                                            APIs
                                                            • RegQueryValueExW.KERNEL32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 00900ADC
                                                            • RegQueryValueExW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,008D6FDF,00000100,000000B0,00000088,00000410,000002C0), ref: 00900B13
                                                            • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 00900C05
                                                            Strings
                                                            • BundleUpgradeCode, xrefs: 00900ABB
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 00900B56
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$lstrlen
                                                            • String ID: BundleUpgradeCode$c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 3790715954-1890108899
                                                            • Opcode ID: c4994a1ab48e2a4d3b4f1f190054d9992d6aee4d635ffe7650638099c5f57cce
                                                            • Instruction ID: fb852c83630488632bb4963d243fca8ea0c924fbb478194adf16a0ffba5d41a8
                                                            • Opcode Fuzzy Hash: c4994a1ab48e2a4d3b4f1f190054d9992d6aee4d635ffe7650638099c5f57cce
                                                            • Instruction Fuzzy Hash: 19418231A0022AAFDF219F58C885FAEB7B9EF84714F15456AE805AB291D634DD01DBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E8AF2 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E008E8AF2(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t28;
				void* _t33;
				void* _t37;
				void* _t41;
				intOrPtr _t47;
				void* _t49;
				void* _t50;

				_t42 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t28 = E00900823((0 | _a4 != 0x00000000) + 0x80000001, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0x20019,  &_v12); // executed
				_t49 = _t28;
				if(_t49 == 0x80070003 || _t49 == 0x80070002) {
					L11:
					_t50 = 0;
				} else {
					if(_t49 >= 0) {
						_t41 = 0;
						_t33 = E00900708(_t42, _v12, 0,  &_v8); // executed
						_t50 = _t33;
						if(_t50 == 0x80070103) {
							goto L11;
						} else {
							_t47 = _a8;
							while(_t50 >= 0) {
								if(CompareStringW(0, 1, _v8, 0xffffffff,  *(_t47 + 0x10), 0xffffffff) != 2) {
									E008E8857(_t42, _a4, _v12, _v8, _t47, _a12); // executed
								}
								_t41 = _t41 + 1;
								_t37 = E00900708(_t42, _v12, _t41,  &_v8); // executed
								_t50 = _t37;
								if(_t50 != 0x80070103) {
									continue;
								} else {
									goto L11;
								}
								goto L12;
							}
							_push("Failed to enumerate uninstall key for related bundles.");
							goto L4;
						}
					} else {
						_push("Failed to open uninstall registry key.");
						L4:
						_push(_t50);
						E008FFB09();
					}
				}
				L12:
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _t50;
			}












                                                            0x008e8af2
                                                            0x008e8af5
                                                            0x008e8af6
                                                            0x008e8af7
                                                            0x008e8afe
                                                            0x008e8b1e
                                                            0x008e8b23
                                                            0x008e8b2b
                                                            0x008e8bab
                                                            0x008e8bab
                                                            0x008e8b35
                                                            0x008e8b37
                                                            0x008e8b4b
                                                            0x008e8b52
                                                            0x008e8b57
                                                            0x008e8b5f
                                                            0x00000000
                                                            0x008e8b61
                                                            0x008e8b61
                                                            0x008e8b64
                                                            0x008e8b7f
                                                            0x008e8b8e
                                                            0x008e8b8e
                                                            0x008e8b96
                                                            0x008e8b9c
                                                            0x008e8ba1
                                                            0x008e8ba9
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e8ba9
                                                            0x008e8bd3
                                                            0x00000000
                                                            0x008e8bd3
                                                            0x008e8b39
                                                            0x008e8b39
                                                            0x008e8b3e
                                                            0x008e8b3e
                                                            0x008e8b3f
                                                            0x008e8b45
                                                            0x008e8b37
                                                            0x008e8bad
                                                            0x008e8bb1
                                                            0x008e8bb6
                                                            0x008e8bb6
                                                            0x008e8bbf
                                                            0x008e8bc4
                                                            0x008e8bc4
                                                            0x008e8bd0

                                                            APIs
                                                              • Part of subcall function 00900823: RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000001,0092AA7C,00000000,?,00904FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00900837
                                                            • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4), ref: 008E8B76
                                                            • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4,?,?,?,008CF782,00000001,00000100,000001B4,00000000), ref: 008E8BC4
                                                            Strings
                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 008E8B13
                                                            • Failed to enumerate uninstall key for related bundles., xrefs: 008E8BD3
                                                            • Failed to open uninstall registry key., xrefs: 008E8B39
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseCompareOpenString
                                                            • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                            • API String ID: 2817536665-2531018330
                                                            • Opcode ID: c7c7f919f43b4dc523411b939f94ed69badc049eb530e9e3a650f37543738e57
                                                            • Instruction ID: 24fb913edb3c5a12bdc52843b2dd5129f1343e6e02befe3d007dc00086efba89
                                                            • Opcode Fuzzy Hash: c7c7f919f43b4dc523411b939f94ed69badc049eb530e9e3a650f37543738e57
                                                            • Instruction Fuzzy Hash: 1621A372910268FEDF115A95CC86FEEBA79FF81374F244264F814F60A0DA754E90E690
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00902B5D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 54%
                                                            			E00902B5D(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v20;
				char _v28;
				intOrPtr* _t23;
				void* _t24;
				signed int _t33;
				void* _t35;
				intOrPtr* _t38;
				intOrPtr* _t39;
				void* _t43;
				void* _t44;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t43 = 0;
				__imp__#8( &_v28);
				_t23 = _a4;
				_t24 =  *((intOrPtr*)( *_t23 + 0x44))(_t23,  &_v8);
				_t44 = _t24;
				if(_t44 < 0) {
					L9:
					_t38 = _v8;
					if(_t38 != 0) {
						 *((intOrPtr*)( *_t38 + 8))(_t38);
					}
					_t39 = _v12;
					if(_t39 != 0) {
						 *((intOrPtr*)( *_t39 + 8))(_t39);
					}
					__imp__#9( &_v28);
					if(_t43 != 0) {
						__imp__#6(_t43);
					}
					return _t44;
				}
				__imp__#2(_a8);
				_t43 = _t24;
				if(_t43 != 0) {
					_t44 = E00902CFC( &_v12, _v8, _t43,  &_v12);
					if(_t44 != 1) {
						if(_t44 < 0) {
							goto L9;
						}
						_t33 = _v12;
						_t44 =  *((intOrPtr*)( *_t33 + 0x20))(_t33,  &_v28);
						if(_t44 == 1) {
							goto L4;
						}
						if(_t44 >= 0) {
							_t35 = E008C229E(_a12, _v20, 0); // executed
							_t44 = _t35;
						}
						goto L9;
					}
					L4:
					_t44 = 0x80070490;
					goto L9;
				}
				_t44 = 0x8007000e;
				E008C38BA(_t24, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x2a6, 0x8007000e);
				goto L9;
			}















                                                            0x00902b63
                                                            0x00902b6a
                                                            0x00902b71
                                                            0x00902b73
                                                            0x00902b79
                                                            0x00902b83
                                                            0x00902b86
                                                            0x00902b8a
                                                            0x00902bf8
                                                            0x00902bf8
                                                            0x00902bfd
                                                            0x00902c02
                                                            0x00902c02
                                                            0x00902c05
                                                            0x00902c0a
                                                            0x00902c0f
                                                            0x00902c0f
                                                            0x00902c16
                                                            0x00902c1e
                                                            0x00902c21
                                                            0x00902c21
                                                            0x00902c2c
                                                            0x00902c2c
                                                            0x00902b8f
                                                            0x00902b95
                                                            0x00902b99
                                                            0x00902bbf
                                                            0x00902bc4
                                                            0x00902bcf
                                                            0x00000000
                                                            0x00000000
                                                            0x00902bd1
                                                            0x00902bde
                                                            0x00902be3
                                                            0x00000000
                                                            0x00000000
                                                            0x00902be7
                                                            0x00902bf1
                                                            0x00902bf6
                                                            0x00902bf6
                                                            0x00000000
                                                            0x00902be7
                                                            0x00902bc6
                                                            0x00902bc6
                                                            0x00000000
                                                            0x00902bc6
                                                            0x00902b9b
                                                            0x00902bab
                                                            0x00000000

                                                            APIs
                                                            • VariantInit.OLEAUT32(?), ref: 00902B73
                                                            • SysAllocString.OLEAUT32(?), ref: 00902B8F
                                                            • VariantClear.OLEAUT32(?), ref: 00902C16
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00902C21
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp, xrefs: 00902BA6
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: StringVariant$AllocClearFreeInit
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 760788290-3017383397
                                                            • Opcode ID: 875329a9e2027f6af271b93f18a1ebac5616eb74817d08144cebac2ad0dc40bb
                                                            • Instruction ID: 086534b81fa87d07e6027ce8727728217708b853d855e6c23c67777284fee2a7
                                                            • Opcode Fuzzy Hash: 875329a9e2027f6af271b93f18a1ebac5616eb74817d08144cebac2ad0dc40bb
                                                            • Instruction Fuzzy Hash: F521A336900229EFCB11DF54C84CEAEBBB9EF85715F1540A8F801AB250CB30DD01EB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0090002E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62filestringCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E0090002E(void* __ecx, signed short _a4) {
				long _v8;
				signed short _t9;
				signed short _t13;
				CHAR* _t18;
				void* _t21;
				void* _t24;
				signed short _t27;

				_push(__ecx);
				_t18 = _a4;
				_t27 = 0;
				_t24 = 0;
				_v8 = _v8 & 0;
				_t9 = lstrlenA(_t18);
				_t21 =  *0x92a774; // 0x22c
				_a4 = _t9;
				if(_t21 != 0xffffffff) {
					__eflags = _t9;
					if(_t9 == 0) {
						L11:
						return _t27;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = WriteFile(_t21, _t24 + _t18, _t9 - _t24,  &_v8, 0); // executed
						__eflags = _t13;
						if(_t13 != 0) {
							goto L8;
						}
						_t27 = GetLastError();
						__eflags = _t27;
						if(__eflags > 0) {
							_t27 = _t27 & 0x0000ffff | 0x80070000;
							__eflags = _t27;
						}
						if(__eflags < 0) {
							E008C38BA(_t14, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\logutil.cpp", 0x310, _t27);
							goto L11;
						}
						L8:
						_t24 = _t24 + _v8;
						_t9 = _a4;
						__eflags = _t24 - _t9;
						if(_t24 >= _t9) {
							goto L11;
						}
						_t21 =  *0x92a774; // 0x22c
					}
				}
				_t27 = E008C247E(_t21, 0x92b5d0, _t18, 0);
				if(_t27 >= 0) {
					_t27 = 0;
				}
				goto L11;
			}










                                                            0x00900031
                                                            0x00900033
                                                            0x00900038
                                                            0x0090003a
                                                            0x0090003c
                                                            0x00900040
                                                            0x00900046
                                                            0x0090004c
                                                            0x00900052
                                                            0x0090006a
                                                            0x0090006c
                                                            0x009000c1
                                                            0x009000c7
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0090006e
                                                            0x0090006e
                                                            0x0090007c
                                                            0x00900082
                                                            0x00900084
                                                            0x00000000
                                                            0x00000000
                                                            0x0090008c
                                                            0x0090008e
                                                            0x00900090
                                                            0x00900095
                                                            0x0090009b
                                                            0x0090009b
                                                            0x0090009d
                                                            0x009000bc
                                                            0x00000000
                                                            0x009000bc
                                                            0x0090009f
                                                            0x0090009f
                                                            0x009000a2
                                                            0x009000a5
                                                            0x009000a7
                                                            0x00000000
                                                            0x00000000
                                                            0x009000a9
                                                            0x009000a9
                                                            0x0090006e
                                                            0x00900060
                                                            0x00900064
                                                            0x00900066
                                                            0x00900066
                                                            0x00000000

                                                            APIs
                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,008FF8EB,?,?,?,00000000,0000FDE9), ref: 00900040
                                                            • WriteFile.KERNEL32(0000022C,00000000,00000000,0000FDE9,00000000,?,?,008FF8EB,?,?,?,00000000,0000FDE9), ref: 0090007C
                                                            • GetLastError.KERNEL32(?,?,008FF8EB,?,?,?,00000000,0000FDE9), ref: 00900086
                                                            Strings
                                                            • @Mqt, xrefs: 00900086
                                                            • c:\agent\_work\66\s\src\libs\dutil\logutil.cpp, xrefs: 009000B7
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastWritelstrlen
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\logutil.cpp
                                                            • API String ID: 606256338-243983799
                                                            • Opcode ID: c8469ab8c2467d7c6dd517d90e0c046ea4166693ddab720b45f4cbd45ff72685
                                                            • Instruction ID: cd4a016d9aa4fb30f2355c23b75193b72c888c3469e27fb252ecd89946e5700f
                                                            • Opcode Fuzzy Hash: c8469ab8c2467d7c6dd517d90e0c046ea4166693ddab720b45f4cbd45ff72685
                                                            • Instruction Fuzzy Hash: 9B11C673A01225AFC3209B799C44FAF7ABDEB85B60F010624FD01E7281D674DD40D6E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FF6FD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008FF6FD(void* __ecx, void* __edi, intOrPtr _a4, void* _a8, long _a12, char* _a16, intOrPtr _a20) {
				short _v8;
				short _t25;
				signed int _t32;
				void* _t33;
				void* _t34;
				void* _t36;
				signed short _t38;
				signed short _t43;

				_t36 = __edi;
				_t38 = 0;
				_v8 = 0;
				_t32 = FormatMessageW(0x900, _a8, _a12, 0,  &_v8, 0,  &_a16);
				if(_t32 != 0) {
					if(_t32 < 2) {
						goto L9;
					} else {
						_t25 = _v8;
						_t33 = 0xd;
						if(_t33 ==  *((intOrPtr*)(_t25 + _t32 * 2 - 4))) {
							_t34 = 0xa;
							if(_t34 ==  *((intOrPtr*)(_t25 + _t32 * 2 - 2))) {
								 *((short*)(_t25 + _t32 * 2 - 4)) = 0;
								goto L9;
							}
						}
					}
					goto L10;
				} else {
					_t38 = GetLastError();
					if(_t38 > 0) {
						_t38 = _t38 & 0x0000ffff | 0x80070000;
						_t43 = _t38;
					}
					if(_t43 >= 0) {
						L9:
						_t25 = _v8;
						L10:
						E008FF79E(_t36, _a4, _a12, _t25, _a20); // executed
					} else {
						E008C38BA(_t29, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\logutil.cpp", 0x333, _t38);
					}
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return _t38;
			}











                                                            0x008ff6fd
                                                            0x008ff705
                                                            0x008ff70c
                                                            0x008ff722
                                                            0x008ff726
                                                            0x008ff756
                                                            0x00000000
                                                            0x008ff758
                                                            0x008ff758
                                                            0x008ff75d
                                                            0x008ff763
                                                            0x008ff767
                                                            0x008ff76d
                                                            0x008ff771
                                                            0x00000000
                                                            0x008ff771
                                                            0x008ff76d
                                                            0x008ff763
                                                            0x00000000
                                                            0x008ff728
                                                            0x008ff72e
                                                            0x008ff732
                                                            0x008ff737
                                                            0x008ff73d
                                                            0x008ff73d
                                                            0x008ff73f
                                                            0x008ff776
                                                            0x008ff776
                                                            0x008ff779
                                                            0x008ff783
                                                            0x008ff741
                                                            0x008ff74c
                                                            0x008ff74c
                                                            0x008ff73f
                                                            0x008ff78c
                                                            0x008ff791
                                                            0x008ff791
                                                            0x008ff79b

                                                            APIs
                                                            • FormatMessageW.KERNEL32(00000900,?,?,00000000,00000000,00000000,?,00000000,?,?,008FFDC0,?,?,?,?,00000001), ref: 008FF71C
                                                            • GetLastError.KERNEL32(?,008FFDC0,?,?,?,?,00000001,?,008C5651,?,?,00000000,?,?,008C53D2,00000002), ref: 008FF728
                                                            • LocalFree.KERNEL32(00000000,?,?,00000000,?,?,008FFDC0,?,?,?,?,00000001,?,008C5651,?,?), ref: 008FF791
                                                            Strings
                                                            • @Mqt, xrefs: 008FF728
                                                            • c:\agent\_work\66\s\src\libs\dutil\logutil.cpp, xrefs: 008FF747
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\logutil.cpp
                                                            • API String ID: 1365068426-243983799
                                                            • Opcode ID: 949d18c492d870d31e9b3f37dae0db9af4e188abbbfe3ce908e1554be746a180
                                                            • Instruction ID: ab47837a5ebf0fa5e7891de2d9dcce1a87a8b80b6d253f15d990cd533e2e020c
                                                            • Opcode Fuzzy Hash: 949d18c492d870d31e9b3f37dae0db9af4e188abbbfe3ce908e1554be746a180
                                                            • Instruction Fuzzy Hash: 7A119D3250126EEBDF21AFA08D05EBEBA79FF54750F118029FF00E6161D6308E50E6A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E0797 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 59%
                                                            			E008E0797(void* __eflags, void* _a4, void* _a8, long _a12) {
				long _v8;
				signed int _t19;
				signed int _t25;
				intOrPtr _t29;
				signed short _t32;
				signed short _t38;

				_t25 =  *0x92aa94; // 0x0
				_t32 = 0;
				_v8 = 0;
				_t29 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t25 * 4)) + 4));
				E008E11B1(__eflags, _t29 + 0x1c, _a4, _a12); // executed
				_t19 = ReadFile(_a4, _a8, _a12,  &_v8, 0); // executed
				if(_t19 == 0) {
					_t32 = GetLastError();
					if(_t32 > 0) {
						_t32 = _t32 & 0x0000ffff | 0x80070000;
						_t38 = _t32;
					}
					if(_t38 >= 0) {
						_t32 = 0x80004005;
					}
					E008C38BA(_t22, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x2ec, _t32);
					_push("Failed to read during cabinet extraction.");
					_push(_t32);
					_t19 = E008FFB09();
				}
				 *(_t29 + 0x30) = _t32;
				if(_t32 >= 0) {
					return _v8;
				} else {
					return _t19 | 0xffffffff;
				}
			}









                                                            0x008e079b
                                                            0x008e07af
                                                            0x008e07b4
                                                            0x008e07b7
                                                            0x008e07c1
                                                            0x008e07d4
                                                            0x008e07dc
                                                            0x008e07e4
                                                            0x008e07e8
                                                            0x008e07ed
                                                            0x008e07f3
                                                            0x008e07f3
                                                            0x008e07f5
                                                            0x008e07f7
                                                            0x008e07f7
                                                            0x008e0807
                                                            0x008e080c
                                                            0x008e0811
                                                            0x008e0812
                                                            0x008e0818
                                                            0x008e0819
                                                            0x008e0820
                                                            0x008e082b
                                                            0x008e0822
                                                            0x008e0826
                                                            0x008e0826

                                                            APIs
                                                              • Part of subcall function 008E11B1: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?,00000000,?,008E07C6,?,?,?), ref: 008E11D9
                                                              • Part of subcall function 008E11B1: GetLastError.KERNEL32(?,008E07C6,?,?,?), ref: 008E11E3
                                                            • ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 008E07D4
                                                            • GetLastError.KERNEL32 ref: 008E07DE
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 008E0802
                                                            • @Mqt, xrefs: 008E07DE
                                                            • Failed to read during cabinet extraction., xrefs: 008E080C
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLast$PointerRead
                                                            • String ID: @Mqt$Failed to read during cabinet extraction.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 2170121939-422264233
                                                            • Opcode ID: c0bb34391ec3f958487cf13def2211c55685ee87da86969451090b9924559c44
                                                            • Instruction ID: 8972abc9edbee9a291a4b099596cb6d46297fa364e25513b5c0ed897d254073f
                                                            • Opcode Fuzzy Hash: c0bb34391ec3f958487cf13def2211c55685ee87da86969451090b9924559c44
                                                            • Instruction Fuzzy Hash: 1601E136A002AABBCB119FA9DD04D8A7BA8FF05764B010524FE04E7250D374E940DAD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E11B1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E008E11B1(void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				int _t11;
				void* _t18;
				signed short _t19;
				signed short _t25;

				_t19 = 0x80070490;
				_t18 = E008E1188(_a4, _a8);
				if(_t18 != 0) {
					_t19 = 0;
					_push(0);
					_t11 = SetFilePointerEx(_a8,  *(_t18 + 8),  *(_t18 + 0xc), 0); // executed
					if(_t11 != 0) {
						 *(_t18 + 8) =  *(_t18 + 8) + _a12;
						asm("adc [edi+0xc], esi");
					} else {
						_t19 = GetLastError();
						if(_t19 > 0) {
							_t19 = _t19 & 0x0000ffff | 0x80070000;
							_t25 = _t19;
						}
						if(_t25 >= 0) {
							_t19 = 0x80004005;
						}
						E008C38BA(_t12, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x37e, _t19);
						_push("Failed to move to virtual file pointer.");
						_push(_t19);
						E008FFB09();
					}
				}
				return _t19;
			}







                                                            0x008e11b9
                                                            0x008e11c6
                                                            0x008e11ca
                                                            0x008e11cc
                                                            0x008e11ce
                                                            0x008e11d9
                                                            0x008e11e1
                                                            0x008e1223
                                                            0x008e1226
                                                            0x008e11e3
                                                            0x008e11e9
                                                            0x008e11ed
                                                            0x008e11f2
                                                            0x008e11f8
                                                            0x008e11f8
                                                            0x008e11fa
                                                            0x008e11fc
                                                            0x008e11fc
                                                            0x008e120c
                                                            0x008e1211
                                                            0x008e1216
                                                            0x008e1217
                                                            0x008e121d
                                                            0x008e11e1
                                                            0x008e122e

                                                            APIs
                                                            • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?,00000000,?,008E07C6,?,?,?), ref: 008E11D9
                                                            • GetLastError.KERNEL32(?,008E07C6,?,?,?), ref: 008E11E3
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 008E1207
                                                            • Failed to move to virtual file pointer., xrefs: 008E1211
                                                            • @Mqt, xrefs: 008E11E3
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID: @Mqt$Failed to move to virtual file pointer.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 2976181284-307820024
                                                            • Opcode ID: 82fea78fdbfd113a4d059c90d48207d597bf474edcbad58af027fb6d9a86802f
                                                            • Instruction ID: 578d56b13c8b15272caa838cc144e5d3da0589630e138e2c2cfc35a0e76f2d79
                                                            • Opcode Fuzzy Hash: 82fea78fdbfd113a4d059c90d48207d597bf474edcbad58af027fb6d9a86802f
                                                            • Instruction Fuzzy Hash: 7601F73790023A7BCB215A9AAC08D8BBF24FF42770701C125FE28E6100D735DC10D6D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E0564 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 20%
                                                            			E008E0564(intOrPtr _a4) {
				signed short _t4;
				signed short _t12;
				signed short _t16;

				_t11 = _a4;
				if(SetEvent( *(_a4 + 0x24)) != 0) {
					_t4 = E008E1286(_t11); // executed
					_t12 = _t4;
				} else {
					_t12 = GetLastError();
					if(_t12 > 0) {
						_t12 = _t12 & 0x0000ffff | 0x80070000;
						_t16 = _t12;
					}
					if(_t16 >= 0) {
						_t12 = 0x80004005;
					}
					E008C38BA(_t6, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x125, _t12);
					_push("Failed to set begin operation event.");
					_push(_t12);
					E008FFB09();
				}
				return _t12;
			}






                                                            0x008e0568
                                                            0x008e0576
                                                            0x008e05b6
                                                            0x008e05bb
                                                            0x008e0578
                                                            0x008e057e
                                                            0x008e0582
                                                            0x008e0587
                                                            0x008e058d
                                                            0x008e058d
                                                            0x008e058f
                                                            0x008e0591
                                                            0x008e0591
                                                            0x008e05a1
                                                            0x008e05a6
                                                            0x008e05ab
                                                            0x008e05ac
                                                            0x008e05b2
                                                            0x008e05c1

                                                            APIs
                                                            • SetEvent.KERNEL32(0090A478,00000000,?,008E14B9,?,00000000,?,008CC24A,?,008C5442,?,008D7498,?,?,008C5442,?), ref: 008E056E
                                                            • GetLastError.KERNEL32(?,008E14B9,?,00000000,?,008CC24A,?,008C5442,?,008D7498,?,?,008C5442,?,008C5482,00000001), ref: 008E0578
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\cabextract.cpp, xrefs: 008E059C
                                                            • Failed to set begin operation event., xrefs: 008E05A6
                                                            • @Mqt, xrefs: 008E0578
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorEventLast
                                                            • String ID: @Mqt$Failed to set begin operation event.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 3848097054-2932536150
                                                            • Opcode ID: 1c815816ee71ecd2a94315b91b221b563e9800f04ceda6bd4255ab5e25189385
                                                            • Instruction ID: 52191624c0f057c293e089a80d1b328bdb18505e2820fc246637145e5ac85f3b
                                                            • Opcode Fuzzy Hash: 1c815816ee71ecd2a94315b91b221b563e9800f04ceda6bd4255ab5e25189385
                                                            • Instruction Fuzzy Hash: 6EF0EC33A5173A27831066AA6D06AD77698FF07B717010435FF00FB240F659DC405EE6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00900708 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 88%
                                                            			E00900708(void* __ecx, void* _a4, int _a8, short** _a12) {
				int _v8;
				short** _t39;
				signed short _t42;
				signed short _t52;
				signed short _t53;

				_t39 = _a12;
				_v8 = 0;
				if(_t39 == 0 ||  *_t39 == 0) {
					L4:
					_v8 = 2;
					_t42 = E008C1FE0(_t39, 2);
					if(_t42 >= 0) {
						goto L5;
					}
				} else {
					_t42 = E008C2847( *_t39,  &_v8);
					if(_t42 >= 0) {
						if(_v8 >= 2) {
							L5:
							_t22 = RegEnumKeyExW(_a4, _a8,  *_t39,  &_v8, 0, 0, 0, 0); // executed
							if(_t22 != 0xea) {
								__eflags = _t22 - 0x103;
								if(_t22 != 0x103) {
									goto L15;
								} else {
									_t42 = 0x80070103;
								}
							} else {
								_t42 = RegQueryInfoKeyW(_a4, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0, 0, 0);
								_t52 = _t42;
								if(_t52 == 0) {
									_v8 = _v8 + 1;
									_t42 = E008C1FE0(_t39, _v8 + 1);
									__eflags = _t42;
									if(_t42 >= 0) {
										_t22 = RegEnumKeyExW(_a4, _a8,  *_t39,  &_v8, 0, 0, 0, 0); // executed
										L15:
										__eflags = _t22;
										if(__eflags == 0) {
											__eflags = 0;
											( *_t39)[_v8] = 0;
										} else {
											if(__eflags > 0) {
												_t42 = _t22 & 0x0000ffff | 0x80070000;
												__eflags = _t42;
											} else {
												_t42 = _t22;
											}
											__eflags = _t42;
											if(_t42 >= 0) {
												_t42 = 0x80004005;
											}
											_push(_t42);
											_push(0x133);
											goto L12;
										}
									}
								} else {
									if(_t52 > 0) {
										_t42 = _t42 & 0x0000ffff | 0x80070000;
										_t53 = _t42;
									}
									if(_t53 >= 0) {
										_t42 = 0x80004005;
									}
									_push(_t42);
									_push(0x127);
									L12:
									_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
									E008C38BA(_t22);
								}
							}
						} else {
							goto L4;
						}
					}
				}
				return _t42;
			}








                                                            0x0090070f
                                                            0x00900714
                                                            0x00900719
                                                            0x0090073a
                                                            0x0090073d
                                                            0x00900749
                                                            0x0090074d
                                                            0x00000000
                                                            0x00000000
                                                            0x0090071f
                                                            0x0090072a
                                                            0x0090072e
                                                            0x00900738
                                                            0x00900753
                                                            0x00900763
                                                            0x0090076e
                                                            0x009007e7
                                                            0x009007ec
                                                            0x00000000
                                                            0x009007ee
                                                            0x009007ee
                                                            0x009007ee
                                                            0x00900770
                                                            0x00900787
                                                            0x00900789
                                                            0x0090078b
                                                            0x009007b9
                                                            0x009007c1
                                                            0x009007c3
                                                            0x009007c5
                                                            0x009007d7
                                                            0x009007dd
                                                            0x009007dd
                                                            0x009007df
                                                            0x00900811
                                                            0x00900816
                                                            0x009007e1
                                                            0x009007e1
                                                            0x009007f8
                                                            0x009007f8
                                                            0x009007e3
                                                            0x009007e3
                                                            0x009007e3
                                                            0x009007fe
                                                            0x00900800
                                                            0x00900802
                                                            0x00900802
                                                            0x00900807
                                                            0x00900808
                                                            0x00000000
                                                            0x00900808
                                                            0x009007df
                                                            0x0090078d
                                                            0x0090078d
                                                            0x00900792
                                                            0x00900798
                                                            0x00900798
                                                            0x0090079a
                                                            0x0090079c
                                                            0x0090079c
                                                            0x009007a1
                                                            0x009007a2
                                                            0x009007a7
                                                            0x009007a7
                                                            0x009007ac
                                                            0x009007ac
                                                            0x0090078b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00900738
                                                            0x0090072e
                                                            0x00900820

                                                            APIs
                                                            • RegEnumKeyExW.KERNEL32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,008E8B57), ref: 00900763
                                                            • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,008E8B57,00000000), ref: 00900781
                                                            • RegEnumKeyExW.KERNEL32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000003,?,?,008E8B57,00000000,00000000,00000000), ref: 009007D7
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 009007A7
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Enum$InfoQuery
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 73471667-3237223240
                                                            • Opcode ID: c279c7f708bc25bca93779e4d9b760caaed81ace4a1b0b4c3d03429e454cdcb4
                                                            • Instruction ID: de26f3fd4b35933d51f5b8fe9c12f27aa074da0cf621daed67ddaba0e4e64036
                                                            • Opcode Fuzzy Hash: c279c7f708bc25bca93779e4d9b760caaed81ace4a1b0b4c3d03429e454cdcb4
                                                            • Instruction Fuzzy Hash: 27319276901129FFEB218A94CC84FAFB76CFF847A4F118065BD00E7190D739AE109AA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C38D1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79libraryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008C38D1(void* __edx, intOrPtr _a4, struct HINSTANCE__** _a8, intOrPtr _a12) {
				signed int _v8;
				short _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				signed int _t20;
				long _t22;
				struct HINSTANCE__* _t26;
				long _t31;
				struct HINSTANCE__** _t32;
				void* _t33;
				void* _t36;
				intOrPtr _t37;
				signed int _t41;
				long _t46;

				_t36 = __edx;
				_t15 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t15 ^ _t41;
				_t32 = _a8;
				_t37 = _a12;
				E008EF600(_t37,  &_v528, 0, 0x208);
				_t38 = 0x104;
				_t20 = GetSystemDirectoryW( &_v528, 0x104);
				if(_t20 != 0) {
					_t33 = 0x5c;
					if(_t33 ==  *((intOrPtr*)(_t41 + _t20 * 2 - 0x20e))) {
						L8:
						_t22 = E008C379B(_t33,  &_v528, _t38, _a4);
						_t39 = _t22;
						if(_t22 < 0) {
							L12:
							return E008EDD1F(_t32, _v8 ^ _t41, _t36, _t37, _t39);
						}
						_t26 = LoadLibraryW( &_v528); // executed
						 *_t32 = _t26;
						if(_t26 == 0) {
							goto L1;
						}
						if(_t37 != 0) {
							_t39 = E008C229E(_t37,  &_v528, 0x104);
						}
						goto L12;
					}
					_t31 = E008C374E(_t33,  &_v528, 0x104, "\\", 1);
					_t39 = _t31;
					if(_t31 < 0) {
						goto L12;
					}
					_t38 = 0x104;
					goto L8;
				}
				L1:
				_t39 = GetLastError();
				if(_t39 > 0) {
					_t46 = _t39;
				}
				if(_t46 >= 0) {
					_t39 = 0x80004005;
				}
				goto L12;
			}



















                                                            0x008c38d1
                                                            0x008c38da
                                                            0x008c38e1
                                                            0x008c38e5
                                                            0x008c38f0
                                                            0x008c38fb
                                                            0x008c3909
                                                            0x008c3910
                                                            0x008c3918
                                                            0x008c393c
                                                            0x008c3945
                                                            0x008c3966
                                                            0x008c3971
                                                            0x008c3976
                                                            0x008c397a
                                                            0x008c39a7
                                                            0x008c39b7
                                                            0x008c39b7
                                                            0x008c3983
                                                            0x008c3989
                                                            0x008c398d
                                                            0x00000000
                                                            0x00000000
                                                            0x008c3991
                                                            0x008c39a5
                                                            0x008c39a5
                                                            0x00000000
                                                            0x008c3991
                                                            0x008c3956
                                                            0x008c395b
                                                            0x008c395f
                                                            0x00000000
                                                            0x00000000
                                                            0x008c3961
                                                            0x00000000
                                                            0x008c3961
                                                            0x008c391a
                                                            0x008c3920
                                                            0x008c3924
                                                            0x008c392f
                                                            0x008c392f
                                                            0x008c3931
                                                            0x008c3933
                                                            0x008c3933
                                                            0x00000000

                                                            APIs
                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 008C3910
                                                            • GetLastError.KERNEL32 ref: 008C391A
                                                            • LoadLibraryW.KERNEL32(?,?,00000104,?), ref: 008C3983
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: DirectoryErrorLastLibraryLoadSystem
                                                            • String ID: @Mqt
                                                            • API String ID: 1230559179-2740872224
                                                            • Opcode ID: baddfba4c068bf109cb958ef468bfb167e3def7428fd92bd2f4244a33c30ceed
                                                            • Instruction ID: 9912f9572e4208f4956004aacfee60a23aa6e42738dcd0e72e9bd953f0960f8c
                                                            • Opcode Fuzzy Hash: baddfba4c068bf109cb958ef468bfb167e3def7428fd92bd2f4244a33c30ceed
                                                            • Instruction Fuzzy Hash: 2E21DAB7D013396BDB209BA88C49F9A7BB8FF41710F118169BD04F7241D670DE4986D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E8857 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 40%
                                                            			E008E8857(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				signed int _v12;
				void* _t26;
				signed int _t28;
				intOrPtr* _t44;
				signed int _t47;

				_t39 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t26 = E00900823(_a8, _a12, 0x20019,  &_v8); // executed
				if(_t26 >= 0) {
					_t28 = E008E83E3(_v8, _a16,  &_v12); // executed
					__eflags = _t28;
					if(_t28 < 0) {
						L10:
						_t47 = 0x80070490;
					} else {
						__eflags = _v12;
						if(__eflags == 0) {
							goto L10;
						} else {
							_t44 = _a20;
							_t47 = E008C3A01(_t39, __eflags, _t44,  *(_t44 + 4) + 1, 0xf8, 5);
							__eflags = _t47;
							if(_t47 >= 0) {
								_t47 = E008E8922(_t39, _a12, _v8, _a4, _v12,  *(_t44 + 4) * 0xf8 +  *_t44);
								__eflags = _t47;
								if(_t47 >= 0) {
									 *(_t44 + 4) =  *(_t44 + 4) + 1;
								} else {
									_push(_a12);
									_push("Failed to initialize package from related bundle id: %ls");
									goto L2;
								}
							} else {
								_push("Failed to ensure there is space for related bundles.");
								_push(_t47);
								E008FFB09();
							}
						}
					}
				} else {
					_push(_a12);
					_push("Failed to open uninstall key for potential related bundle: %ls");
					L2:
					_push(_t47);
					E008FFB09();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8); // executed
				}
				return _t47;
			}









                                                            0x008e8857
                                                            0x008e885a
                                                            0x008e885b
                                                            0x008e885c
                                                            0x008e8863
                                                            0x008e8875
                                                            0x008e887e
                                                            0x008e889d
                                                            0x008e88a2
                                                            0x008e88a4
                                                            0x008e8906
                                                            0x008e8906
                                                            0x008e88a6
                                                            0x008e88a6
                                                            0x008e88aa
                                                            0x00000000
                                                            0x008e88ac
                                                            0x008e88ac
                                                            0x008e88c1
                                                            0x008e88c3
                                                            0x008e88c5
                                                            0x008e88f1
                                                            0x008e88f3
                                                            0x008e88f5
                                                            0x008e8901
                                                            0x008e88f7
                                                            0x008e88f7
                                                            0x008e88fa
                                                            0x00000000
                                                            0x008e88fa
                                                            0x008e88c7
                                                            0x008e88c7
                                                            0x008e88cc
                                                            0x008e88cd
                                                            0x008e88d3
                                                            0x008e88c5
                                                            0x008e88aa
                                                            0x008e8880
                                                            0x008e8880
                                                            0x008e8883
                                                            0x008e8888
                                                            0x008e8888
                                                            0x008e8889
                                                            0x008e888e
                                                            0x008e890f
                                                            0x008e8914
                                                            0x008e8914
                                                            0x008e891f

                                                            APIs
                                                              • Part of subcall function 00900823: RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000001,0092AA7C,00000000,?,00904FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00900837
                                                            • RegCloseKey.KERNEL32(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,008E8B93,00000000,00000000), ref: 008E8914
                                                            Strings
                                                            • Failed to open uninstall key for potential related bundle: %ls, xrefs: 008E8883
                                                            • Failed to ensure there is space for related bundles., xrefs: 008E88C7
                                                            • Failed to initialize package from related bundle id: %ls, xrefs: 008E88FA
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseOpen
                                                            • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                            • API String ID: 47109696-1717420724
                                                            • Opcode ID: bbb118414c0d1cf410d4b9a4d131bdb62eba98df58332fd4b63f31e0ea604a92
                                                            • Instruction ID: 4d533e8a70887aca55507c8e66a413751020e036143c85933085ee15a14fee0c
                                                            • Opcode Fuzzy Hash: bbb118414c0d1cf410d4b9a4d131bdb62eba98df58332fd4b63f31e0ea604a92
                                                            • Instruction Fuzzy Hash: C7217F7290026EFBDB129E95DC06FFEBA78FF02714F104065F908E6151DB719A60EB92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C3AA4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008C3AA4(void* _a4) {
				char _t3;
				signed short _t6;

				_t6 = 0;
				_t3 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
				if(_t3 == 0) {
					_t6 = GetLastError();
					if(_t6 > 0) {
						_t6 = _t6 & 0x0000ffff | 0x80070000;
					}
				}
				return _t6;
			}





                                                            0x008c3aab
                                                            0x008c3ab5
                                                            0x008c3abd
                                                            0x008c3ac5
                                                            0x008c3ac9
                                                            0x008c3ace
                                                            0x008c3ace
                                                            0x008c3ac9
                                                            0x008c3ad8

                                                            APIs
                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,008FFB87,00000000,?,?,00000000,00000000,8000FFFF,?,?,?,008FFB1B,?), ref: 008C3AAE
                                                            • RtlFreeHeap.NTDLL(00000000,?,008FFB87,00000000,?,?,00000000,00000000,8000FFFF,?,?,?,008FFB1B,?,?,?), ref: 008C3AB5
                                                            • GetLastError.KERNEL32(?,008FFB87,00000000,?,?,00000000,00000000,8000FFFF,?,?,?,008FFB1B,?,?,?), ref: 008C3ABF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$ErrorFreeLastProcess
                                                            • String ID: @Mqt
                                                            • API String ID: 406640338-2740872224
                                                            • Opcode ID: 6f920378de00cefde887625846e31bffe7d69d4f1d6ecef09a20643f7ebe7ed9
                                                            • Instruction ID: bcd41eb9c18ec81b355996fd57a024125370cdc1c2f2e627260b153dd1952343
                                                            • Opcode Fuzzy Hash: 6f920378de00cefde887625846e31bffe7d69d4f1d6ecef09a20643f7ebe7ed9
                                                            • Instruction Fuzzy Hash: 75D01273A186395FC72117E55C0CA57BE68EF057A1B014125FD44E6250DA25CD10A7E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D3A2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008D3A2C(void* __ecx, void* __edi, void* __esi, signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _t14;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				signed short* _t22;
				signed int* _t23;
				signed short* _t26;
				signed int _t28;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t14 = E00900823(0x80000002, L"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer", 0x20019,  &_v8); // executed
				if(_t14 < 0) {
					L12:
					_t22 = _v12;
				} else {
					_t14 = E0090095E(_v8, L"Logging",  &_v12);
					if(_t14 < 0) {
						goto L12;
					} else {
						_t22 = _v12;
						_t26 = _t22;
						_t14 =  *_t22 & 0x0000ffff;
						if(_t14 != 0) {
							_t23 = _a4;
							_t28 = _t14;
							do {
								_t17 = 0x76;
								if(_t17 == _t28) {
									L9:
									 *_t23 =  *_t23 | 0x00000002;
								} else {
									_t18 = 0x56;
									if(_t18 == _t28) {
										goto L9;
									} else {
										_t19 = 0x78;
										if(_t19 == _t28) {
											L8:
											 *_t23 =  *_t23 | 0x00000004;
										} else {
											_t20 = 0x58;
											if(_t20 == _t28) {
												goto L8;
											}
										}
									}
								}
								_t26 =  &(_t26[1]);
								_t14 =  *_t26 & 0x0000ffff;
								_t28 = _t14;
							} while (_t14 != 0);
						}
					}
				}
				if(_t22 != 0) {
					_t14 = E008C2762(_t22);
				}
				if(_v8 != 0) {
					return RegCloseKey(_v8);
				}
				return _t14;
			}














                                                            0x008d3a31
                                                            0x008d3a38
                                                            0x008d3a4d
                                                            0x008d3a54
                                                            0x008d3ab6
                                                            0x008d3ab6
                                                            0x008d3a56
                                                            0x008d3a62
                                                            0x008d3a69
                                                            0x00000000
                                                            0x008d3a6b
                                                            0x008d3a6b
                                                            0x008d3a6e
                                                            0x008d3a70
                                                            0x008d3a76
                                                            0x008d3a78
                                                            0x008d3a7c
                                                            0x008d3a7e
                                                            0x008d3a80
                                                            0x008d3a84
                                                            0x008d3aa3
                                                            0x008d3aa3
                                                            0x008d3a86
                                                            0x008d3a88
                                                            0x008d3a8c
                                                            0x00000000
                                                            0x008d3a8e
                                                            0x008d3a90
                                                            0x008d3a94
                                                            0x008d3a9e
                                                            0x008d3a9e
                                                            0x008d3a96
                                                            0x008d3a98
                                                            0x008d3a9c
                                                            0x00000000
                                                            0x00000000
                                                            0x008d3a9c
                                                            0x008d3a94
                                                            0x008d3a8c
                                                            0x008d3aa6
                                                            0x008d3aa9
                                                            0x008d3aac
                                                            0x008d3aae
                                                            0x008d3ab3
                                                            0x008d3a76
                                                            0x008d3a69
                                                            0x008d3abc
                                                            0x008d3abf
                                                            0x008d3abf
                                                            0x008d3ac8
                                                            0x00000000
                                                            0x008d3acd
                                                            0x008d3ad4

                                                            APIs
                                                              • Part of subcall function 00900823: RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000001,0092AA7C,00000000,?,00904FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00900837
                                                            • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000000,?,?,?,?,008D3F3C,feclient.dll,?,00000000,?,?,?,008C4B57), ref: 008D3ACD
                                                              • Part of subcall function 0090095E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 009009D4
                                                              • Part of subcall function 0090095E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00900A0C
                                                            Strings
                                                            • SOFTWARE\Policies\Microsoft\Windows\Installer, xrefs: 008D3A43
                                                            • Logging, xrefs: 008D3A5A
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$CloseOpen
                                                            • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer
                                                            • API String ID: 1586453840-387823766
                                                            • Opcode ID: 3ba8a6442a78828ac1ea794c8966009e5f23cb9ac710de1ef4ff5bc787686df7
                                                            • Instruction ID: 5eeb253cc3e348ccc09accb6487115aa4120cf1f958c2d30a07b5cb7104e0503
                                                            • Opcode Fuzzy Hash: 3ba8a6442a78828ac1ea794c8966009e5f23cb9ac710de1ef4ff5bc787686df7
                                                            • Instruction Fuzzy Hash: 4211343670062ABFEB24DA81D906FFAB778FB00B44F944256E881E72D0C7708F818752
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C5160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008C5160(signed short* _a4) {
				signed int _t8;
				int _t9;
				int _t12;
				signed int _t13;
				short* _t15;
				signed int _t16;
				signed short* _t17;
				int _t19;

				_t8 =  *0x92aa28; // 0x1
				_t15 = L"burn.clean.room";
				_t19 = 1;
				if((_t8 & 0x00000001) != 0) {
					_t9 =  *0x92aa24; // 0xf
				} else {
					 *0x92aa28 = _t8 | 1;
					_t9 = lstrlenW(_t15);
					 *0x92aa24 = _t9;
				}
				_t17 = _a4;
				if(_t17 == 0) {
					L8:
					_t19 = 0;
				} else {
					_t16 =  *_t17 & 0x0000ffff;
					if(_t16 == 0x2d || _t16 == 0x2f) {
						_t12 = CompareStringW(0x7f, _t19,  &(_t17[1]), _t9, _t15, _t9); // executed
						if(_t12 != 2) {
							goto L8;
						} else {
							_t13 =  *0x92aa24; // 0xf
							if( *((short*)(_t17 + 2 + _t13 * 2)) != 0x3d) {
								goto L8;
							}
						}
					} else {
						goto L8;
					}
				}
				return _t19;
			}











                                                            0x008c5163
                                                            0x008c516c
                                                            0x008c5171
                                                            0x008c5175
                                                            0x008c518c
                                                            0x008c5177
                                                            0x008c517a
                                                            0x008c517f
                                                            0x008c5185
                                                            0x008c5185
                                                            0x008c5191
                                                            0x008c5196
                                                            0x008c51c7
                                                            0x008c51c7
                                                            0x008c5198
                                                            0x008c5198
                                                            0x008c519e
                                                            0x008c51af
                                                            0x008c51b8
                                                            0x00000000
                                                            0x008c51ba
                                                            0x008c51ba
                                                            0x008c51c5
                                                            0x00000000
                                                            0x00000000
                                                            0x008c51c5
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c519e
                                                            0x008c51cf

                                                            APIs
                                                            • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,008C1104,?,?,00000000), ref: 008C517F
                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,008C1104,?,?,00000000), ref: 008C51AF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareStringlstrlen
                                                            • String ID: burn.clean.room
                                                            • API String ID: 1433953587-3055529264
                                                            • Opcode ID: d7fd01745d4b84678ad4751adce7285620094bd89e1d3d12ff00bb888e736a07
                                                            • Instruction ID: a09c0705f3771e5ab10732974a46e16541c42215a49a04a5b19af567092ec22d
                                                            • Opcode Fuzzy Hash: d7fd01745d4b84678ad4751adce7285620094bd89e1d3d12ff00bb888e736a07
                                                            • Instruction Fuzzy Hash: 0A016272528A246BDA304B48AE88F73BBBDFB19754714411AF905C3610C375FC91D7A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CF6F9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00900823: RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000001,0092AA7C,00000000,?,00904FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00900837
                                                            • RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,?,008D7C46,?,?,?), ref: 008CF75D
                                                              • Part of subcall function 009008D7: RegQueryValueExW.ADVAPI32(00000004,?,00000000,00000000,?,00000000,?,00000000,?,?,?,008CF732,00000000,Installed,00000000,?), ref: 009008FC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseOpenQueryValue
                                                            • String ID: Installed
                                                            • API String ID: 3677997916-3662710971
                                                            • Opcode ID: 3871275e2e164e1e23dfab99d702b19b07657a8b42cd840a59f812be62c7570e
                                                            • Instruction ID: 2315026e974bb6f4c8b4a084df681177a06448d964ed04c084b625ddbea451c1
                                                            • Opcode Fuzzy Hash: 3871275e2e164e1e23dfab99d702b19b07657a8b42cd840a59f812be62c7570e
                                                            • Instruction Fuzzy Hash: 49018B32820228FFDB119B94C846FDEBBB9FB00725F1180A8EA00AB191D2758E40DBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00900823 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000001,0092AA7C,00000000,?,00904FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00900837
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 00900874
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Open
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 71445658-3237223240
                                                            • Opcode ID: 94fa9bae3fc166e9a46e6b99041cb54abb03cfe502b1aa6b4210f042d65a341f
                                                            • Instruction ID: 1e6870fa221f6498431c538b41e8bb7ac08498d3cd09d97a542aef45a4243f5d
                                                            • Opcode Fuzzy Hash: 94fa9bae3fc166e9a46e6b99041cb54abb03cfe502b1aa6b4210f042d65a341f
                                                            • Instruction Fuzzy Hash: E9F0B432A41125ABC73149969C05B6B6E59FBC4BB0F16C025BD4DEB2A4D636CC5193E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C3B7C Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetProcessHeap.KERNEL32(?,?,?,?,008C2375,?,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000), ref: 008C3B90
                                                            • RtlReAllocateHeap.NTDLL(00000000,?,008C2375,?,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C3B97
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateProcess
                                                            • String ID:
                                                            • API String ID: 1357844191-0
                                                            • Opcode ID: 35f84eb11b991eee2e83cab87d52ff9e70fd54b82df477c4335244793db710cc
                                                            • Instruction ID: db7021b46b0416920f52796a80ec0e4da88fda19fe5b044c73d22cf79d657245
                                                            • Opcode Fuzzy Hash: 35f84eb11b991eee2e83cab87d52ff9e70fd54b82df477c4335244793db710cc
                                                            • Instruction Fuzzy Hash: DAD0C93216830DEFCF405FE8DC09DAA3BADEB58602B048405B915C2110C63DE460AAA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C39DF Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                            • RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateProcess
                                                            • String ID:
                                                            • API String ID: 1357844191-0
                                                            • Opcode ID: d774b1d0cea59b5316464a37b0d62658d5cb15604c9839ce0240d72dd617bc0c
                                                            • Instruction ID: aebacf3958e3fdbc676af5a4b7754d86b29c17ca8b8d636acc6db980d8e41317
                                                            • Opcode Fuzzy Hash: d774b1d0cea59b5316464a37b0d62658d5cb15604c9839ce0240d72dd617bc0c
                                                            • Instruction Fuzzy Hash: C0C002725AC30DAFCB406FF8EC0EC9A7BACBB68A12B048511B915C6150D639E554ABA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00902E25 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VariantInit.OLEAUT32(?), ref: 00902E5A
                                                              • Part of subcall function 009028BD: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00902E6B,00000000,?,00000000), ref: 009028D7
                                                              • Part of subcall function 009028BD: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,008EBD14,?,008C5442,?,00000000,?), ref: 009028E3
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorHandleInitLastModuleVariant
                                                            • String ID:
                                                            • API String ID: 52713655-0
                                                            • Opcode ID: 0fcda2ded4812da7cc8e966aaa72a911125b397429d5c3ba98282e56d1c3103e
                                                            • Instruction ID: 5d81b99aedb85f26dbe7b84343ef41065dee11f3c23f6f7595e9bb98797f77dc
                                                            • Opcode Fuzzy Hash: 0fcda2ded4812da7cc8e966aaa72a911125b397429d5c3ba98282e56d1c3103e
                                                            • Instruction Fuzzy Hash: CC313A76E006299FCB11DFA8C884ADEB7F8EF08710F01456AED15FB351DA70AD048BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0090897B Relevance: 1.6, APIs: 1, Instructions: 81registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 009085F6: lstrlenW.KERNEL32(00000100,?,?,?,00908996,000002C0,00000100,00000100,00000100,?,?,?,008E7AD3,?,?,000001BC), ref: 0090861B
                                                            • RegCloseKey.ADVAPI32(000002C0,000002C0,00000100,00000100,00000100,?,?,?,008E7AD3,?,?,000001BC,00000000,00000000,00000000,00000100), ref: 00908A33
                                                              • Part of subcall function 00900823: RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000001,0092AA7C,00000000,?,00904FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00900837
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseOpenlstrlen
                                                            • String ID:
                                                            • API String ID: 514153755-0
                                                            • Opcode ID: d4e219a6e8b677587eeebbb939e657d770b1844123472609cab9db2eed1d3c58
                                                            • Instruction ID: 3222caa1aa066072c462258ba516e98bc873a8faa300d4235c8c0631d2b57b1b
                                                            • Opcode Fuzzy Hash: d4e219a6e8b677587eeebbb939e657d770b1844123472609cab9db2eed1d3c58
                                                            • Instruction Fuzzy Hash: 5E215132E10129EFCF319FA8CD4199EBAB8EB84750B154266FD80B6561E6325E50A7D0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0090506B Relevance: 1.6, APIs: 1, Instructions: 59registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegCloseKey.ADVAPI32(80070490,00000000,80070490,0092AA7C,00000000,80070490,?,?,008D89F4,WiX\Burn,PackageCache,00000000,0092AA7C,00000000,00000000,80070490), ref: 009050C5
                                                              • Part of subcall function 0090095E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 009009D4
                                                              • Part of subcall function 0090095E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00900A0C
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$Close
                                                            • String ID:
                                                            • API String ID: 1979452859-0
                                                            • Opcode ID: 139b9284e84a7650a50e756c817f24b2004d04f6015d7c27789a0510d3c5cc89
                                                            • Instruction ID: bbb6f8bedbf383c02363d04086601ec211234bb8c3c1a04d9a01cfd95a5f2e1c
                                                            • Opcode Fuzzy Hash: 139b9284e84a7650a50e756c817f24b2004d04f6015d7c27789a0510d3c5cc89
                                                            • Instruction Fuzzy Hash: 9411CE3680062AEFDB226F98C985AAFBA7AEB44320B224139ED4567150C7314D50DFD2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F5D22 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,008F1782,?,0000015D,?,?,?,?,008F2BDB,000000FF,00000000,?,?), ref: 008F5D54
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: bbee78dd0fc74cfcc7d39109906e46b37fb19d9b5a66fcbdcfc3ef3f05311089
                                                            • Instruction ID: a6d09b61712a38a2155f3df3b47c57fd8bcb13d830e16123da74411b2077ed3f
                                                            • Opcode Fuzzy Hash: bbee78dd0fc74cfcc7d39109906e46b37fb19d9b5a66fcbdcfc3ef3f05311089
                                                            • Instruction Fuzzy Hash: 00E03035607A1C66EB3136759C09B7B6A88FB413A0F591131BB04DA191EB10D80155A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C35A8 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,008D8AAE,0000001C,80070490,00000000,00000000,80070490), ref: 008C35C8
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FolderPath
                                                            • String ID:
                                                            • API String ID: 1514166925-0
                                                            • Opcode ID: c38cd45b1916a968bb041e97a42647658c62af70d75e2b116ba6e1fce77f8cc2
                                                            • Instruction ID: 42364310cf42068d2e737087295a73084afabe620898ffb624992617f7637101
                                                            • Opcode Fuzzy Hash: c38cd45b1916a968bb041e97a42647658c62af70d75e2b116ba6e1fce77f8cc2
                                                            • Instruction Fuzzy Hash: 2FE017723512257BEA012AA99D05EAB7BACFF163A1B008019FE40E6001DA71EA1157B2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C4238 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNEL32(00000000,00000000,?,008DA318,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,80070490), ref: 008C4241
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 1cd2d8b4d2dd784aba1b24514f4a150200c3977cc6ecef4d9b13ad6db34d2b07
                                                            • Instruction ID: 40b2b8ca2b8371971271a6b11a1e7e492233e411fcee6ca7408ec146ad87acdd
                                                            • Opcode Fuzzy Hash: 1cd2d8b4d2dd784aba1b24514f4a150200c3977cc6ecef4d9b13ad6db34d2b07
                                                            • Instruction Fuzzy Hash: 7DD02B312011245B47184EFA9819B6A7B24FF41770740521AFC38C6190D330CC9183C0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C14AC Relevance: 1.3, APIs: 1, Instructions: 52stringCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,008C22B1,?,00000000,?,00000000,?,008C39A5,00000000,?,00000104), ref: 008C14DC
                                                              • Part of subcall function 008C3C5F: GetProcessHeap.KERNEL32(00000000,?,?,008C22D5,?,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C3C67
                                                              • Part of subcall function 008C3C5F: HeapSize.KERNEL32(00000000,?,008C22D5,?,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C3C6E
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$ProcessSizelstrlen
                                                            • String ID:
                                                            • API String ID: 3492610842-0
                                                            • Opcode ID: 79902dc65f61c52facb6d8b2960f0e9a4ceda6f619011eb51f39e68413aad6b5
                                                            • Instruction ID: 50dd14e998848e83c21642f88eeeea115ceef4a94afaf1cacb8ac554a2d40287
                                                            • Opcode Fuzzy Hash: 79902dc65f61c52facb6d8b2960f0e9a4ceda6f619011eb51f39e68413aad6b5
                                                            • Instruction Fuzzy Hash: 7301B532100128BBCF116E15DCC8FCABB7AFF42760F108119FE15EB192C671E95096A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 008EC01F Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 375COMMONCrypto
                                                            Download Yara Rule
                                                            C-Code - Quality: 83%
                                                            			E008EC01F(void* __ebx, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr* _a56, intOrPtr* _a60, intOrPtr* _a64, intOrPtr* _a68, intOrPtr* _a72, intOrPtr _a76) {
				intOrPtr _t85;
				intOrPtr* _t87;
				intOrPtr _t90;
				intOrPtr* _t92;
				intOrPtr* _t96;
				intOrPtr* _t101;
				intOrPtr* _t102;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr _t117;
				intOrPtr _t139;
				intOrPtr _t143;
				intOrPtr _t150;
				void* _t163;
				intOrPtr _t166;
				void* _t167;
				intOrPtr* _t168;
				intOrPtr* _t175;
				intOrPtr _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr _t180;
				intOrPtr _t190;
				char _t191;
				intOrPtr* _t192;
				intOrPtr* _t197;
				intOrPtr* _t199;
				intOrPtr _t200;
				void* _t201;

				_t163 = __ebx;
				_t191 = _a12;
				_a12 = 0;
				if(E008D7FEC(_a24) != 0) {
					E008C2022( &_a12, L" -%ls", _t84);
					_t201 = _t201 + 0xc;
				}
				_push(_t163);
				_t85 = E008C39DF(8, 1);
				 *((intOrPtr*)(_t191 + 0x7c)) = _t85;
				if(_t85 != 0) {
					 *((intOrPtr*)(_t191 + 0x80)) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) = E008C39DF(0x58, 1);
					_t87 =  *((intOrPtr*)(_t191 + 0x7c));
					__eflags = _t87;
					if(_t87 != 0) {
						_t166 = _a44;
						 *((intOrPtr*)( *_t87 + 4)) = 3;
						_t90 =  *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c))));
						 *((intOrPtr*)(_t90 + 0x10)) = _t166;
						 *((intOrPtr*)(_t90 + 0x14)) = _a48;
						_t92 = E008C229E( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))), _a20, 0);
						__eflags = _t92;
						if(_t92 >= 0) {
							_t96 = E008C229E( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x18, _a32, 0);
							__eflags = _t96;
							if(_t96 >= 0) {
								_t101 = E008C229E( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x38, _a36, 0);
								__eflags = _t101;
								if(_t101 >= 0) {
									_t102 = _a40;
									_t175 = 0;
									__eflags = _t102;
									if(_t102 == 0) {
										L18:
										__eflags = _a72;
										if(_a72 == 0) {
											L22:
											_t176 = _a28;
											__eflags = _t176 - 4;
											if(_t176 == 4) {
												L25:
												_t190 = 1;
												_t197 = 0;
												__eflags = 0;
											} else {
												__eflags = _t176 - 3;
												if(_t176 == 3) {
													goto L25;
												} else {
													_t197 = 0;
													_t190 = 0;
												}
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)) + 4)) = _t190;
											 *((intOrPtr*)(_t191 + 0x40)) = _t176;
											 *((intOrPtr*)(_t191 + 0xa8)) = 1;
											 *((intOrPtr*)(_t191 + 0x8c)) = 1;
											 *((intOrPtr*)(_t191 + 0x14)) = _a16;
											__eflags = _t176 - 4;
											if(_t176 == 4) {
												L29:
												_t107 = 2;
											} else {
												__eflags = _t176 - 3;
												if(_t176 == 3) {
													goto L29;
												} else {
													_t107 = _t197;
												}
											}
											 *((intOrPtr*)(_t191 + 0x44)) = _t107;
											_t108 = _a48;
											 *((intOrPtr*)(_t191 + 0x2c)) = _t108;
											 *((intOrPtr*)(_t191 + 0x34)) = _t108;
											 *((intOrPtr*)(_t191 + 0x28)) = _t166;
											 *((intOrPtr*)(_t191 + 0x30)) = _t166;
											 *((intOrPtr*)(_t191 + 0x1c)) = _a52;
											_t110 = E008C229E(_t191, _a20, _t197);
											__eflags = _t110;
											if(_t110 >= 0) {
												_t52 = _t191 + 0x24; // 0x2e4
												_t199 = E008C229E(_t52, _a20, 0);
												__eflags = _t199;
												if(_t199 >= 0) {
													__eflags = _a56;
													_t54 = _t191 + 0x94; // 0x354
													_t167 = _t54;
													if(_a56 == 0) {
														L37:
														_t114 = _a12;
														__eflags = _t114;
														if(_t114 == 0) {
															L40:
															__eflags = _a60;
															if(_a60 == 0) {
																L47:
																__eflags = _a64;
																if(_a64 == 0) {
																	L54:
																	_t178 = _a4 + 0xf7530000;
																	asm("adc eax, 0xfffcfff9");
																	__eflags = _a8 - 5;
																	if(__eflags > 0) {
																		L58:
																		_t179 = 0;
																		__eflags = 0;
																		_t116 = 0;
																	} else {
																		if(__eflags < 0) {
																			L57:
																			_t116 = 1;
																			_t179 = 0;
																		} else {
																			__eflags = _t178 - 0x8f70000;
																			if(_t178 > 0x8f70000) {
																				goto L58;
																			} else {
																				goto L57;
																			}
																		}
																	}
																	__eflags = _a8 - 0x30009;
																	 *((intOrPtr*)(_t191 + 0xb0)) = _t116;
																	if(__eflags < 0) {
																		L63:
																		_t117 = _t179;
																	} else {
																		if(__eflags > 0) {
																			L62:
																			_t117 = 1;
																		} else {
																			__eflags = _a4 - 0x3ee0000;
																			if(_a4 < 0x3ee0000) {
																				goto L63;
																			} else {
																				goto L62;
																			}
																		}
																	}
																	_t168 = _a68;
																	 *((intOrPtr*)(_t191 + 0xb4)) = _t117;
																	__eflags = _t168;
																	if(_t168 != 0) {
																		_t180 = E008C39DF(0x10, 1);
																		 *((intOrPtr*)(_t191 + 0x84)) = _t180;
																		__eflags = _t180;
																		if(_t180 != 0) {
																			 *((intOrPtr*)(_t191 + 0x88)) = 1;
																			 *((intOrPtr*)(_t180 + 0xc)) =  *((intOrPtr*)(_t168 + 0xc));
																			_t199 = E008C229E( *((intOrPtr*)(_t191 + 0x84)),  *_t168, 0);
																			__eflags = _t199;
																			if(_t199 < 0) {
																				goto L31;
																			} else {
																				_t199 = E008C229E( *((intOrPtr*)(_t191 + 0x84)) + 4,  *((intOrPtr*)(_t168 + 4)), 0);
																				__eflags = _t199;
																				if(_t199 >= 0) {
																					_t199 = E008C229E( *((intOrPtr*)(_t191 + 0x84)) + 8,  *((intOrPtr*)(_t168 + 8)), 0);
																					__eflags = _t199;
																					if(_t199 < 0) {
																						_push("Failed to copy display name for pseudo bundle.");
																						goto L72;
																					}
																				} else {
																					_push("Failed to copy version for pseudo bundle.");
																					goto L72;
																				}
																			}
																		} else {
																			_t192 = 0x8007000e;
																			_t199 = 0x8007000e;
																			E008C38BA(_t121, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0x89, 0x8007000e);
																			_push("Failed to allocate memory for dependency providers.");
																			goto L4;
																		}
																	}
																} else {
																	_t63 = _t191 + 0x9c; // 0x35c
																	_t170 = _t63;
																	_t199 = E008C229E(_t63, _a64, 0);
																	__eflags = _t199;
																	if(_t199 >= 0) {
																		_t139 = _a12;
																		__eflags = _t139;
																		if(_t139 == 0) {
																			L53:
																			 *((intOrPtr*)(_t191 + 0x18)) = 1;
																			goto L54;
																		} else {
																			_t199 = E008C1FF4(_t170, _t139, 0);
																			__eflags = _t199;
																			if(_t199 >= 0) {
																				goto L53;
																			} else {
																				_push("Failed to append relation type to uninstall arguments for related bundle package");
																				goto L72;
																			}
																		}
																	} else {
																		_push("Failed to copy uninstall arguments for related bundle package");
																		goto L72;
																	}
																}
															} else {
																_t58 = _t191 + 0x98; // 0x358
																_t171 = _t58;
																_t199 = E008C229E(_t58, _a60, 0);
																__eflags = _t199;
																if(_t199 >= 0) {
																	_t143 = _a12;
																	__eflags = _t143;
																	if(_t143 == 0) {
																		L46:
																		 *((intOrPtr*)(_t191 + 0xac)) = 1;
																		goto L47;
																	} else {
																		_t199 = E008C1FF4(_t171, _t143, 0);
																		__eflags = _t199;
																		if(_t199 >= 0) {
																			goto L46;
																		} else {
																			_push("Failed to append relation type to repair arguments for related bundle package");
																			goto L72;
																		}
																	}
																} else {
																	_push("Failed to copy repair arguments for related bundle package");
																	goto L72;
																}
															}
														} else {
															_t199 = E008C1FF4(_t167, _t114, 0);
															__eflags = _t199;
															if(_t199 >= 0) {
																goto L40;
															} else {
																_push("Failed to append relation type to install arguments for related bundle package");
																goto L72;
															}
														}
													} else {
														_t199 = E008C229E(_t167, _a56, 0);
														__eflags = _t199;
														if(_t199 >= 0) {
															goto L37;
														} else {
															_push("Failed to copy install arguments for related bundle package");
															goto L72;
														}
													}
												} else {
													_push("Failed to copy cache id for pseudo bundle.");
													goto L72;
												}
											} else {
												L31:
												_push("Failed to copy key for pseudo bundle.");
												goto L72;
											}
										} else {
											_t200 = _a76;
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x30)) = E008C39DF(_t200, _t175);
											_t150 =  *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c))));
											__eflags =  *((intOrPtr*)(_t150 + 0x30));
											if( *((intOrPtr*)(_t150 + 0x30)) != 0) {
												 *((intOrPtr*)(_t150 + 0x34)) = _t200;
												E008C3C78( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x34)), _a72, _t200);
												goto L22;
											} else {
												_t192 = 0x8007000e;
												_t199 = 0x8007000e;
												E008C38BA(_t150, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0x3f, 0x8007000e);
												_push("Failed to allocate memory for pseudo bundle payload hash.");
												goto L4;
											}
										}
									} else {
										__eflags =  *_t102;
										if( *_t102 == 0) {
											goto L18;
										} else {
											_t199 = E008C229E( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x7c)))) + 0x40, _t102, 0);
											__eflags = _t199;
											if(_t199 >= 0) {
												_t175 = 0;
												__eflags = 0;
												goto L18;
											} else {
												_push("Failed to copy download source for pseudo bundle.");
												goto L72;
											}
										}
									}
								} else {
									_push("Failed to copy local source path for pseudo bundle.");
									goto L72;
								}
							} else {
								_push("Failed to copy filename for pseudo bundle.");
								goto L72;
							}
						} else {
							_push("Failed to copy key for pseudo bundle payload.");
							L72:
							_push(_t199);
							goto L73;
						}
					} else {
						_t192 = 0x8007000e;
						_t199 = 0x8007000e;
						E008C38BA(_t87, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0x29, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L4;
					}
				} else {
					_t192 = 0x8007000e;
					_t199 = 0x8007000e;
					E008C38BA(_t85, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0x25, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of related bundle struct");
					L4:
					_push(_t192);
					L73:
					E008FFB09();
				}
				_t118 = _a12;
				if(_a12 != 0) {
					E008C2762(_t118);
				}
				return _t199;
			}



































                                                            0x008ec01f
                                                            0x008ec024
                                                            0x008ec02c
                                                            0x008ec036
                                                            0x008ec042
                                                            0x008ec047
                                                            0x008ec047
                                                            0x008ec04a
                                                            0x008ec051
                                                            0x008ec056
                                                            0x008ec05b
                                                            0x008ec07f
                                                            0x008ec08d
                                                            0x008ec08f
                                                            0x008ec092
                                                            0x008ec094
                                                            0x008ec0b3
                                                            0x008ec0bd
                                                            0x008ec0c7
                                                            0x008ec0c9
                                                            0x008ec0cc
                                                            0x008ec0d4
                                                            0x008ec0db
                                                            0x008ec0dd
                                                            0x008ec0f8
                                                            0x008ec0ff
                                                            0x008ec101
                                                            0x008ec11c
                                                            0x008ec123
                                                            0x008ec125
                                                            0x008ec131
                                                            0x008ec134
                                                            0x008ec136
                                                            0x008ec138
                                                            0x008ec161
                                                            0x008ec161
                                                            0x008ec165
                                                            0x008ec1bd
                                                            0x008ec1bd
                                                            0x008ec1c0
                                                            0x008ec1c3
                                                            0x008ec1d0
                                                            0x008ec1d2
                                                            0x008ec1d3
                                                            0x008ec1d3
                                                            0x008ec1c5
                                                            0x008ec1c5
                                                            0x008ec1c8
                                                            0x00000000
                                                            0x008ec1ca
                                                            0x008ec1ca
                                                            0x008ec1cc
                                                            0x008ec1cc
                                                            0x008ec1c8
                                                            0x008ec1d8
                                                            0x008ec1de
                                                            0x008ec1e1
                                                            0x008ec1e7
                                                            0x008ec1f0
                                                            0x008ec1f3
                                                            0x008ec1f6
                                                            0x008ec201
                                                            0x008ec203
                                                            0x008ec1f8
                                                            0x008ec1f8
                                                            0x008ec1fb
                                                            0x00000000
                                                            0x008ec1fd
                                                            0x008ec1fd
                                                            0x008ec1fd
                                                            0x008ec1fb
                                                            0x008ec208
                                                            0x008ec20b
                                                            0x008ec20e
                                                            0x008ec211
                                                            0x008ec218
                                                            0x008ec21b
                                                            0x008ec21e
                                                            0x008ec221
                                                            0x008ec228
                                                            0x008ec22a
                                                            0x008ec23c
                                                            0x008ec245
                                                            0x008ec247
                                                            0x008ec249
                                                            0x008ec255
                                                            0x008ec259
                                                            0x008ec259
                                                            0x008ec25f
                                                            0x008ec27d
                                                            0x008ec27d
                                                            0x008ec280
                                                            0x008ec282
                                                            0x008ec29e
                                                            0x008ec29e
                                                            0x008ec2a2
                                                            0x008ec2f1
                                                            0x008ec2f1
                                                            0x008ec2f5
                                                            0x008ec341
                                                            0x008ec347
                                                            0x008ec34d
                                                            0x008ec352
                                                            0x008ec355
                                                            0x008ec368
                                                            0x008ec368
                                                            0x008ec368
                                                            0x008ec36a
                                                            0x008ec357
                                                            0x008ec357
                                                            0x008ec361
                                                            0x008ec363
                                                            0x008ec364
                                                            0x008ec359
                                                            0x008ec359
                                                            0x008ec35f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008ec35f
                                                            0x008ec357
                                                            0x008ec36c
                                                            0x008ec373
                                                            0x008ec379
                                                            0x008ec38b
                                                            0x008ec38b
                                                            0x008ec37b
                                                            0x008ec37b
                                                            0x008ec386
                                                            0x008ec388
                                                            0x008ec37d
                                                            0x008ec37d
                                                            0x008ec384
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008ec384
                                                            0x008ec37b
                                                            0x008ec38d
                                                            0x008ec390
                                                            0x008ec396
                                                            0x008ec398
                                                            0x008ec3a7
                                                            0x008ec3a9
                                                            0x008ec3af
                                                            0x008ec3b1
                                                            0x008ec3d4
                                                            0x008ec3e1
                                                            0x008ec3f4
                                                            0x008ec3f6
                                                            0x008ec3f8
                                                            0x00000000
                                                            0x008ec3fe
                                                            0x008ec413
                                                            0x008ec415
                                                            0x008ec417
                                                            0x008ec435
                                                            0x008ec437
                                                            0x008ec439
                                                            0x008ec43b
                                                            0x00000000
                                                            0x008ec43b
                                                            0x008ec419
                                                            0x008ec419
                                                            0x00000000
                                                            0x008ec419
                                                            0x008ec417
                                                            0x008ec3b3
                                                            0x008ec3b3
                                                            0x008ec3c3
                                                            0x008ec3c5
                                                            0x008ec3ca
                                                            0x00000000
                                                            0x008ec3ca
                                                            0x008ec3b1
                                                            0x008ec2f7
                                                            0x008ec2f9
                                                            0x008ec2f9
                                                            0x008ec309
                                                            0x008ec30b
                                                            0x008ec30d
                                                            0x008ec319
                                                            0x008ec31c
                                                            0x008ec31e
                                                            0x008ec33a
                                                            0x008ec33a
                                                            0x00000000
                                                            0x008ec320
                                                            0x008ec32a
                                                            0x008ec32c
                                                            0x008ec32e
                                                            0x00000000
                                                            0x008ec330
                                                            0x008ec330
                                                            0x00000000
                                                            0x008ec330
                                                            0x008ec32e
                                                            0x008ec30f
                                                            0x008ec30f
                                                            0x00000000
                                                            0x008ec30f
                                                            0x008ec30d
                                                            0x008ec2a4
                                                            0x008ec2a6
                                                            0x008ec2a6
                                                            0x008ec2b6
                                                            0x008ec2b8
                                                            0x008ec2ba
                                                            0x008ec2c6
                                                            0x008ec2c9
                                                            0x008ec2cb
                                                            0x008ec2e7
                                                            0x008ec2e7
                                                            0x00000000
                                                            0x008ec2cd
                                                            0x008ec2d7
                                                            0x008ec2d9
                                                            0x008ec2db
                                                            0x00000000
                                                            0x008ec2dd
                                                            0x008ec2dd
                                                            0x00000000
                                                            0x008ec2dd
                                                            0x008ec2db
                                                            0x008ec2bc
                                                            0x008ec2bc
                                                            0x00000000
                                                            0x008ec2bc
                                                            0x008ec2ba
                                                            0x008ec284
                                                            0x008ec28e
                                                            0x008ec290
                                                            0x008ec292
                                                            0x00000000
                                                            0x008ec294
                                                            0x008ec294
                                                            0x00000000
                                                            0x008ec294
                                                            0x008ec292
                                                            0x008ec261
                                                            0x008ec26d
                                                            0x008ec26f
                                                            0x008ec271
                                                            0x00000000
                                                            0x008ec273
                                                            0x008ec273
                                                            0x00000000
                                                            0x008ec273
                                                            0x008ec271
                                                            0x008ec24b
                                                            0x008ec24b
                                                            0x00000000
                                                            0x008ec24b
                                                            0x008ec22c
                                                            0x008ec22c
                                                            0x008ec22c
                                                            0x00000000
                                                            0x008ec22c
                                                            0x008ec167
                                                            0x008ec167
                                                            0x008ec176
                                                            0x008ec17e
                                                            0x008ec180
                                                            0x008ec183
                                                            0x008ec1a3
                                                            0x008ec1b5
                                                            0x00000000
                                                            0x008ec185
                                                            0x008ec185
                                                            0x008ec192
                                                            0x008ec194
                                                            0x008ec199
                                                            0x00000000
                                                            0x008ec199
                                                            0x008ec183
                                                            0x008ec13a
                                                            0x008ec13a
                                                            0x008ec13d
                                                            0x00000000
                                                            0x008ec13f
                                                            0x008ec14f
                                                            0x008ec151
                                                            0x008ec153
                                                            0x008ec15f
                                                            0x008ec15f
                                                            0x00000000
                                                            0x008ec155
                                                            0x008ec155
                                                            0x00000000
                                                            0x008ec155
                                                            0x008ec153
                                                            0x008ec13d
                                                            0x008ec127
                                                            0x008ec127
                                                            0x00000000
                                                            0x008ec127
                                                            0x008ec103
                                                            0x008ec103
                                                            0x00000000
                                                            0x008ec103
                                                            0x008ec0df
                                                            0x008ec0df
                                                            0x008ec440
                                                            0x008ec440
                                                            0x00000000
                                                            0x008ec440
                                                            0x008ec096
                                                            0x008ec096
                                                            0x008ec0a3
                                                            0x008ec0a5
                                                            0x008ec0aa
                                                            0x00000000
                                                            0x008ec0aa
                                                            0x008ec05d
                                                            0x008ec05d
                                                            0x008ec06a
                                                            0x008ec06c
                                                            0x008ec071
                                                            0x008ec076
                                                            0x008ec076
                                                            0x008ec441
                                                            0x008ec441
                                                            0x008ec447
                                                            0x008ec448
                                                            0x008ec44e
                                                            0x008ec451
                                                            0x008ec451
                                                            0x008ec45b

                                                            Strings
                                                            • Failed to copy key for pseudo bundle payload., xrefs: 008EC0DF
                                                            • Failed to append relation type to repair arguments for related bundle package, xrefs: 008EC2DD
                                                            • Failed to copy download source for pseudo bundle., xrefs: 008EC155
                                                            • Failed to copy key for pseudo bundle., xrefs: 008EC22C
                                                            • Failed to copy install arguments for related bundle package, xrefs: 008EC273
                                                            • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 008EC071
                                                            • Failed to copy local source path for pseudo bundle., xrefs: 008EC127
                                                            • Failed to copy filename for pseudo bundle., xrefs: 008EC103
                                                            • Failed to copy uninstall arguments for related bundle package, xrefs: 008EC30F
                                                            • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 008EC0AA
                                                            • c:\agent\_work\66\s\src\burn\engine\pseudobundle.cpp, xrefs: 008EC065, 008EC09E, 008EC18D, 008EC3BE
                                                            • Failed to append relation type to install arguments for related bundle package, xrefs: 008EC294
                                                            • Failed to copy repair arguments for related bundle package, xrefs: 008EC2BC
                                                            • Failed to copy display name for pseudo bundle., xrefs: 008EC43B
                                                            • -%ls, xrefs: 008EC03C
                                                            • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 008EC330
                                                            • Failed to allocate memory for dependency providers., xrefs: 008EC3CA
                                                            • Failed to copy cache id for pseudo bundle., xrefs: 008EC24B
                                                            • Failed to copy version for pseudo bundle., xrefs: 008EC419
                                                            • Failed to allocate memory for pseudo bundle payload hash., xrefs: 008EC199
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateProcess
                                                            • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$c:\agent\_work\66\s\src\burn\engine\pseudobundle.cpp
                                                            • API String ID: 1357844191-3959581252
                                                            • Opcode ID: 01cf8795063d9321fe0659db04e237088a1b8ed9cc92e55d340f826a48fdc588
                                                            • Instruction ID: 0511493051309a9479111b0c1e4bb28aa9ca8c97e0dd19d3aa0c099e8512b6f7
                                                            • Opcode Fuzzy Hash: 01cf8795063d9321fe0659db04e237088a1b8ed9cc92e55d340f826a48fdc588
                                                            • Instruction Fuzzy Hash: E7C1D371B0069AABDB26DE29C851FAA77A4FF06718F00812AFD15E7381D770EC528791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FF340 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 172encryptionfileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 45%
                                                            			E008FF340(void* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, long _a24) {
				signed int _v8;
				void _v4104;
				char _v4108;
				long _v4112;
				long _v4116;
				intOrPtr _v4120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				long** _t36;
				signed short _t37;
				signed short _t40;
				signed short _t41;
				signed short _t45;
				signed short _t48;
				void* _t49;
				long _t50;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t58;
				signed short _t59;
				void* _t60;
				signed int _t67;
				signed short _t72;

				_t54 = __edx;
				E00909760();
				_t30 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t30 ^ _t67;
				_t50 = _a24;
				_t56 = _a4;
				_v4120 = _a16;
				_t59 = 0;
				_v4116 = 0;
				_v4108 = 0;
				_v4112 = 0;
				E008EF600(_t56,  &_v4104, 0, 0x1000);
				_t36 =  &_v4116;
				__imp__CryptAcquireContextW(_t36, 0, 0, _a8, 0xf0000040, _t55, _t58, _t49);
				if(_t36 != 0) {
					_t37 =  &_v4108;
					__imp__CryptCreateHash(_v4116, _a12, 0, 0, _t37);
					__eflags = _t37;
					if(_t37 != 0) {
						while(1) {
							_t40 = ReadFile(_t56,  &_v4104, 0x1000,  &_v4112, 0);
							__eflags = _t40;
							if(_t40 == 0) {
								break;
							}
							_push(0);
							__eflags = _v4112 - _t59;
							if(_v4112 == _t59) {
								_t41 =  &_a20;
								__imp__CryptGetHashParam(_v4108, 2, _v4120, _t41);
								__eflags = _t41;
								if(_t41 != 0) {
									__eflags = _t50;
									if(_t50 == 0) {
										L21:
										if(_v4108 != 0) {
											__imp__CryptDestroyHash(_v4108);
										}
										if(_v4116 != 0) {
											CryptReleaseContext(_v4116, 0);
										}
										_pop(_t57);
										_pop(_t60);
										_pop(_t51);
										return E008EDD1F(_t51, _v8 ^ _t67, _t54, _t57, _t60);
									}
									_push(1);
									_t45 = SetFilePointerEx(_t56, 0, 0, _t50);
									__eflags = _t45;
									if(_t45 != 0) {
										goto L21;
									}
									_t59 = GetLastError();
									__eflags = _t59;
									if(__eflags > 0) {
										_t59 = _t59 & 0x0000ffff | 0x80070000;
										__eflags = _t59;
									}
									if(__eflags >= 0) {
										_t59 = 0x80004005;
									}
									_push(_t59);
									_push(0xfa);
									L20:
									_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\cryputil.cpp");
									E008C38BA(_t46);
									goto L21;
								}
								_t59 = GetLastError();
								__eflags = _t59;
								if(__eflags > 0) {
									_t59 = _t59 & 0x0000ffff | 0x80070000;
									__eflags = _t59;
								}
								if(__eflags >= 0) {
									_t59 = 0x80004005;
								}
								_push(_t59);
								_push(0xf3);
								goto L20;
							}
							_t48 =  &_v4104;
							__imp__CryptHashData(_v4108, _t48, _v4112);
							__eflags = _t48;
							if(_t48 == 0) {
								_t59 = GetLastError();
								__eflags = _t59;
								if(__eflags > 0) {
									_t59 = _t59 & 0x0000ffff | 0x80070000;
									__eflags = _t59;
								}
								if(__eflags >= 0) {
									_t59 = 0x80004005;
								}
								_push(_t59);
								_push(0xec);
								goto L20;
							}
						}
						_t59 = GetLastError();
						__eflags = _t59;
						if(__eflags > 0) {
							_t59 = _t59 & 0x0000ffff | 0x80070000;
							__eflags = _t59;
						}
						if(__eflags >= 0) {
							_t59 = 0x80004005;
						}
						_push(_t59);
						_push(0xe1);
						goto L20;
					}
					_t59 = GetLastError();
					__eflags = _t59;
					if(__eflags > 0) {
						_t59 = _t59 & 0x0000ffff | 0x80070000;
						__eflags = _t59;
					}
					if(__eflags >= 0) {
						_t59 = 0x80004005;
					}
					_push(_t59);
					_push(0xd9);
					goto L20;
				}
				_t59 = GetLastError();
				if(_t59 > 0) {
					_t59 = _t59 & 0x0000ffff | 0x80070000;
					_t72 = _t59;
				}
				if(_t72 >= 0) {
					_t59 = 0x80004005;
				}
				_push(_t59);
				_push(0xd3);
				goto L20;
			}































                                                            0x008ff340
                                                            0x008ff348
                                                            0x008ff34d
                                                            0x008ff354
                                                            0x008ff35b
                                                            0x008ff360
                                                            0x008ff363
                                                            0x008ff371
                                                            0x008ff373
                                                            0x008ff379
                                                            0x008ff37f
                                                            0x008ff38c
                                                            0x008ff394
                                                            0x008ff3a5
                                                            0x008ff3ad
                                                            0x008ff3d8
                                                            0x008ff3ec
                                                            0x008ff3f2
                                                            0x008ff3f4
                                                            0x008ff44b
                                                            0x008ff461
                                                            0x008ff467
                                                            0x008ff469
                                                            0x00000000
                                                            0x00000000
                                                            0x008ff41c
                                                            0x008ff41e
                                                            0x008ff424
                                                            0x008ff4fe
                                                            0x008ff510
                                                            0x008ff516
                                                            0x008ff518
                                                            0x008ff543
                                                            0x008ff545
                                                            0x008ff499
                                                            0x008ff4a0
                                                            0x008ff4a8
                                                            0x008ff4a8
                                                            0x008ff4b5
                                                            0x008ff4bf
                                                            0x008ff4bf
                                                            0x008ff4ca
                                                            0x008ff4cb
                                                            0x008ff4ce
                                                            0x008ff4d5
                                                            0x008ff4d5
                                                            0x008ff54b
                                                            0x008ff553
                                                            0x008ff559
                                                            0x008ff55b
                                                            0x00000000
                                                            0x00000000
                                                            0x008ff567
                                                            0x008ff569
                                                            0x008ff56b
                                                            0x008ff570
                                                            0x008ff576
                                                            0x008ff576
                                                            0x008ff578
                                                            0x008ff57a
                                                            0x008ff57a
                                                            0x008ff57f
                                                            0x008ff580
                                                            0x008ff48f
                                                            0x008ff48f
                                                            0x008ff494
                                                            0x00000000
                                                            0x008ff494
                                                            0x008ff520
                                                            0x008ff522
                                                            0x008ff524
                                                            0x008ff529
                                                            0x008ff52f
                                                            0x008ff52f
                                                            0x008ff531
                                                            0x008ff533
                                                            0x008ff533
                                                            0x008ff538
                                                            0x008ff539
                                                            0x00000000
                                                            0x008ff539
                                                            0x008ff430
                                                            0x008ff43d
                                                            0x008ff443
                                                            0x008ff445
                                                            0x008ff4de
                                                            0x008ff4e0
                                                            0x008ff4e2
                                                            0x008ff4e7
                                                            0x008ff4ed
                                                            0x008ff4ed
                                                            0x008ff4ef
                                                            0x008ff4f1
                                                            0x008ff4f1
                                                            0x008ff4f6
                                                            0x008ff4f7
                                                            0x00000000
                                                            0x008ff4f7
                                                            0x008ff445
                                                            0x008ff471
                                                            0x008ff473
                                                            0x008ff475
                                                            0x008ff47a
                                                            0x008ff480
                                                            0x008ff480
                                                            0x008ff482
                                                            0x008ff484
                                                            0x008ff484
                                                            0x008ff489
                                                            0x008ff48a
                                                            0x00000000
                                                            0x008ff48a
                                                            0x008ff3fc
                                                            0x008ff3fe
                                                            0x008ff400
                                                            0x008ff405
                                                            0x008ff40b
                                                            0x008ff40b
                                                            0x008ff40d
                                                            0x008ff40f
                                                            0x008ff40f
                                                            0x008ff414
                                                            0x008ff415
                                                            0x00000000
                                                            0x008ff415
                                                            0x008ff3b5
                                                            0x008ff3b9
                                                            0x008ff3be
                                                            0x008ff3c4
                                                            0x008ff3c4
                                                            0x008ff3c6
                                                            0x008ff3c8
                                                            0x008ff3c8
                                                            0x008ff3cd
                                                            0x008ff3ce
                                                            0x00000000

                                                            APIs
                                                            • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000003,F0000040,00000003,00000000,00000000,008D9DDA,00000003,000007D0,00000003,?,000007D0,?,000007D0), ref: 008FF3A5
                                                            • GetLastError.KERNEL32 ref: 008FF3AF
                                                            • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 008FF3EC
                                                            • GetLastError.KERNEL32 ref: 008FF3F6
                                                            • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 008FF43D
                                                            • ReadFile.KERNEL32(00000000,?,00001000,?,00000000), ref: 008FF461
                                                            • GetLastError.KERNEL32 ref: 008FF46B
                                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 008FF4A8
                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 008FF4BF
                                                            • GetLastError.KERNEL32 ref: 008FF4D8
                                                            • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 008FF510
                                                            • GetLastError.KERNEL32 ref: 008FF51A
                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00008004,00000001), ref: 008FF553
                                                            • GetLastError.KERNEL32 ref: 008FF561
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CryptErrorLast$Hash$ContextFile$AcquireCreateDataDestroyParamPointerReadRelease
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\cryputil.cpp
                                                            • API String ID: 3955742341-2085169681
                                                            • Opcode ID: 5c16af10327d9dcd28064d0c3cbbebf64f5d095dc3008f5cc69c2a77bec337c9
                                                            • Instruction ID: 0ee23f1c2f7efb1f66ef274f7a9c9e4445576841a946c729e87228bce757408d
                                                            • Opcode Fuzzy Hash: 5c16af10327d9dcd28064d0c3cbbebf64f5d095dc3008f5cc69c2a77bec337c9
                                                            • Instruction Fuzzy Hash: F151B337D5023DABDB318A658C04BEB7AA4FF04751F1140B5BF48FA191E2748D80DAE5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C8463 Relevance: 59.8, APIs: 5, Strings: 29, Instructions: 331COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E008C8463(struct _CRITICAL_SECTION* _a4, intOrPtr _a8) {
				char _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				void* _v24;
				int _v28;
				char _v32;
				char _v36;
				void _v60;
				intOrPtr* _t97;
				int _t148;
				struct _CRITICAL_SECTION* _t154;
				signed int _t155;
				intOrPtr* _t158;
				signed int _t159;
				intOrPtr _t162;
				int _t168;
				signed int _t169;
				void* _t170;
				signed int _t171;
				struct _CRITICAL_SECTION* _t173;
				void* _t175;
				int _t176;
				void* _t178;
				void* _t179;

				_t154 = _a4;
				_t155 = 6;
				_v24 = 0;
				_v16 = 0;
				memset( &_v60, 0, _t155 << 2);
				_t179 = _t178 + 0xc;
				_v32 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v36 = 0;
				_v28 = 0;
				EnterCriticalSection(_t154);
				if(E00903183(_a8, L"Variable",  &_v24) >= 0) {
					_t97 = _v24;
					_t157 =  *_t97;
					_t175 =  *((intOrPtr*)( *_t97 + 0x20))(_t97,  &_v32);
					if(_t175 >= 0) {
						_t168 = 0;
						_a4 = 0;
						if(_v32 > 0) {
							while(1) {
								_t175 = E009030E2(_t157, _v24,  &_v16, _t168);
								if(_t175 < 0) {
									break;
								}
								_t175 = E00902B5D(_v16, L"Id",  &_v8);
								if(_t175 < 0) {
									_push("Failed to get @Id.");
									goto L58;
								} else {
									_t175 = E00902D69(_t157, _v16, L"Hidden",  &_v20);
									if(_t175 < 0) {
										_push("Failed to get @Hidden.");
										goto L58;
									} else {
										_t175 = E00902D69(_t157, _v16, L"Persisted",  &_v36);
										if(_t175 < 0) {
											_push("Failed to get @Persisted.");
											goto L58;
										} else {
											_t175 = E00902B5D(_v16, L"Value",  &_v12);
											if(_t175 == 0x80070490) {
												_t176 = _t168;
												goto L25;
											} else {
												if(_t175 < 0) {
													_push("Failed to get @Value.");
													goto L58;
												} else {
													_t175 = E008E033F( &_v60, _v12, _t168);
													if(_t175 < 0) {
														_push("Failed to set variant value.");
														goto L58;
													} else {
														_t175 = E00902B5D(_v16, L"Type",  &_v12);
														if(_t175 < 0) {
															_push("Failed to get @Type.");
															goto L58;
														} else {
															_t148 = CompareStringW(0x7f, _t168, _v12, 0xffffffff, L"numeric", 0xffffffff);
															_t176 = 2;
															if(_t148 != _t176) {
																if(CompareStringW(0x7f, _t168, _v12, 0xffffffff, L"string", 0xffffffff) != _t176) {
																	if(CompareStringW(0x7f, _t168, _v12, 0xffffffff, L"version", 0xffffffff) != _t176) {
																		_push(_v12);
																		_t170 = 0x80070057;
																		_t175 = 0x80070057;
																		_push("Invalid value for @Type: %ls");
																		goto L42;
																	} else {
																		if(_v20 == 0) {
																			_push(_v60);
																			E008FFFF0(_t176, "Initializing version variable \'%ls\' to value \'%ls\'", _v8);
																			_t179 = _t179 + 0x10;
																		}
																		_t176 = 3;
																		goto L25;
																	}
																} else {
																	if(_v20 != 0) {
																		goto L26;
																	} else {
																		_push(_v60);
																		E008FFFF0(_t176, "Initializing string variable \'%ls\' to value \'%ls\'", _v8);
																		_t179 = _t179 + 0x10;
																		goto L25;
																	}
																	goto L27;
																}
															} else {
																if(_v20 == 0) {
																	_push(_v60);
																	E008FFFF0(_t176, "Initializing numeric variable \'%ls\' to value \'%ls\'", _v8);
																	_t179 = _t179 + 0x10;
																}
																_t176 = 1;
																L25:
																if(_v20 != 0) {
																	L26:
																	E008FFFF0(2, "Initializing hidden variable \'%ls\'", _v8);
																	_t179 = _t179 + 0xc;
																}
																L27:
																_t175 = E008DFF10( &_v60, _t176);
																if(_t175 < 0) {
																	_push("Failed to change variant type.");
																	goto L58;
																} else {
																	_t175 = E008C56E2(_t157, _t154, _v8,  &_v28);
																	if(_t175 < 0) {
																		_push(_v8);
																		_push("Failed to find variable value \'%ls\'.");
																		goto L52;
																	} else {
																		_t169 = _v28;
																		if(_t175 != 1) {
																			_t53 = _t154 + 0x20; // 0x85f08bff
																			_t162 =  *_t53;
																			_t124 = _t169 * 0x38;
																			if( *((intOrPtr*)(_t169 * 0x38 + _t162 + 0x2c)) > 0) {
																				_t170 = 0x80070057;
																				_t175 = 0x80070057;
																				E008C38BA(_t124, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\variable.cpp", 0x190, 0x80070057);
																				_push(_v8);
																				_push("Attempt to set built-in variable value: %ls");
																				L42:
																				_push(_t170);
																				goto L43;
																			} else {
																				goto L33;
																			}
																		} else {
																			_t175 = E008C6C3C(_t157, _t154, _v8, _t169);
																			if(_t175 < 0) {
																				_push(_v8);
																				_push("Failed to insert variable \'%ls\'.");
																				goto L52;
																			} else {
																				_t52 = _t154 + 0x20; // 0x85f08bff
																				_t162 =  *_t52;
																				L33:
																				_t171 = _t169 * 0x38;
																				 *((intOrPtr*)(_t171 + _t162 + 0x20)) = _v20;
																				_t59 = _t154 + 0x20; // 0x85f08bff
																				 *((intOrPtr*)(_t171 +  *_t59 + 0x28)) = _v36;
																				_t64 = _t154 + 0x20; // 0x85f08bff
																				_t175 = E008E03A6( *_t64 + 8 + _t171,  &_v60);
																				if(_t175 < 0) {
																					_push(_v8);
																					_push("Failed to set value of variable: %ls");
																					L52:
																					_push(_t175);
																					L43:
																					E008FFB09();
																				} else {
																					_t65 = _t154 + 0x20; // 0x85f08bff
																					_t175 = E008E0291( *_t65 + 8 + _t171, _v20);
																					if(_t175 < 0) {
																						_push("Failed to set variant encryption");
																						goto L58;
																					} else {
																						_t157 = _v16;
																						if(_t157 != 0) {
																							 *((intOrPtr*)( *_t157 + 8))(_t157);
																							_v16 = _v16 & 0x00000000;
																						}
																						E008E04E3( &_v60);
																						if(_v12 != 0) {
																							E008C287D(_v12);
																							_v12 = _v12 & 0x00000000;
																						}
																						_t173 = _a4 + 1;
																						_a4 = _t173;
																						if(_t173 < _v32) {
																							_t168 = 0;
																							continue;
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
								goto L59;
							}
							_push("Failed to get next node.");
							goto L58;
						}
					} else {
						_push("Failed to get variable node count.");
						goto L58;
					}
				} else {
					_push("Failed to select variable nodes.");
					L58:
					_push(_t175);
					E008FFB09();
				}
				L59:
				LeaveCriticalSection(_t154);
				_t158 = _v24;
				if(_t158 != 0) {
					 *((intOrPtr*)( *_t158 + 8))(_t158);
				}
				_t159 = _v16;
				if(_t159 != 0) {
					 *((intOrPtr*)( *_t159 + 8))(_t159);
				}
				if(_v12 != 0) {
					E008C2762(_v12);
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				E008E04E3( &_v60);
				return _t175;
			}




























                                                            0x008c846a
                                                            0x008c8473
                                                            0x008c8476
                                                            0x008c847c
                                                            0x008c847f
                                                            0x008c847f
                                                            0x008c8482
                                                            0x008c8485
                                                            0x008c8488
                                                            0x008c848b
                                                            0x008c848e
                                                            0x008c8491
                                                            0x008c8494
                                                            0x008c84af
                                                            0x008c84bb
                                                            0x008c84c3
                                                            0x008c84c8
                                                            0x008c84cc
                                                            0x008c84d8
                                                            0x008c84da
                                                            0x008c84e0
                                                            0x008c84e6
                                                            0x008c84f3
                                                            0x008c84f7
                                                            0x00000000
                                                            0x00000000
                                                            0x008c850e
                                                            0x008c8512
                                                            0x008c87e2
                                                            0x00000000
                                                            0x008c8518
                                                            0x008c8529
                                                            0x008c852d
                                                            0x008c87db
                                                            0x00000000
                                                            0x008c8533
                                                            0x008c8544
                                                            0x008c8548
                                                            0x008c87d4
                                                            0x00000000
                                                            0x008c854e
                                                            0x008c855f
                                                            0x008c8567
                                                            0x008c8653
                                                            0x00000000
                                                            0x008c856d
                                                            0x008c856f
                                                            0x008c877f
                                                            0x00000000
                                                            0x008c8575
                                                            0x008c8582
                                                            0x008c8586
                                                            0x008c8778
                                                            0x00000000
                                                            0x008c858c
                                                            0x008c859d
                                                            0x008c85a1
                                                            0x008c8771
                                                            0x00000000
                                                            0x008c85a7
                                                            0x008c85b6
                                                            0x008c85be
                                                            0x008c85c1
                                                            0x008c85f9
                                                            0x008c862e
                                                            0x008c8754
                                                            0x008c8757
                                                            0x008c875c
                                                            0x008c875e
                                                            0x00000000
                                                            0x008c8634
                                                            0x008c8638
                                                            0x008c863a
                                                            0x008c8646
                                                            0x008c864b
                                                            0x008c864b
                                                            0x008c8650
                                                            0x00000000
                                                            0x008c8650
                                                            0x008c85fb
                                                            0x008c85ff
                                                            0x00000000
                                                            0x008c8601
                                                            0x008c8601
                                                            0x008c860d
                                                            0x008c8612
                                                            0x00000000
                                                            0x008c8612
                                                            0x00000000
                                                            0x008c85ff
                                                            0x008c85c3
                                                            0x008c85c7
                                                            0x008c85c9
                                                            0x008c85d5
                                                            0x008c85da
                                                            0x008c85da
                                                            0x008c85df
                                                            0x008c8655
                                                            0x008c8659
                                                            0x008c865b
                                                            0x008c8665
                                                            0x008c866a
                                                            0x008c866a
                                                            0x008c866d
                                                            0x008c8677
                                                            0x008c867b
                                                            0x008c87cd
                                                            0x00000000
                                                            0x008c8681
                                                            0x008c868e
                                                            0x008c8692
                                                            0x008c87c2
                                                            0x008c87c5
                                                            0x00000000
                                                            0x008c8698
                                                            0x008c8698
                                                            0x008c869e
                                                            0x008c86b9
                                                            0x008c86b9
                                                            0x008c86bc
                                                            0x008c86c4
                                                            0x008c87a1
                                                            0x008c87b1
                                                            0x008c87b3
                                                            0x008c87b8
                                                            0x008c87bb
                                                            0x008c8763
                                                            0x008c8763
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c86a0
                                                            0x008c86aa
                                                            0x008c86ae
                                                            0x008c8786
                                                            0x008c8789
                                                            0x00000000
                                                            0x008c86b4
                                                            0x008c86b4
                                                            0x008c86b4
                                                            0x008c86ca
                                                            0x008c86cd
                                                            0x008c86d0
                                                            0x008c86d4
                                                            0x008c86da
                                                            0x008c86e2
                                                            0x008c86f0
                                                            0x008c86f4
                                                            0x008c8797
                                                            0x008c879a
                                                            0x008c87ca
                                                            0x008c87ca
                                                            0x008c8764
                                                            0x008c8764
                                                            0x008c86fa
                                                            0x008c86fa
                                                            0x008c870b
                                                            0x008c870f
                                                            0x008c8790
                                                            0x00000000
                                                            0x008c8711
                                                            0x008c8711
                                                            0x008c8716
                                                            0x008c871b
                                                            0x008c871e
                                                            0x008c871e
                                                            0x008c8726
                                                            0x008c872f
                                                            0x008c8734
                                                            0x008c8739
                                                            0x008c8739
                                                            0x008c8740
                                                            0x008c8741
                                                            0x008c8747
                                                            0x008c874d
                                                            0x00000000
                                                            0x008c874d
                                                            0x008c8747
                                                            0x008c870f
                                                            0x008c86f4
                                                            0x008c86ae
                                                            0x008c869e
                                                            0x008c8692
                                                            0x008c867b
                                                            0x008c85c1
                                                            0x008c85a1
                                                            0x008c8586
                                                            0x008c856f
                                                            0x008c8567
                                                            0x008c8548
                                                            0x008c852d
                                                            0x00000000
                                                            0x008c8512
                                                            0x008c87e9
                                                            0x00000000
                                                            0x008c87e9
                                                            0x008c84ce
                                                            0x008c84ce
                                                            0x00000000
                                                            0x008c84ce
                                                            0x008c84b1
                                                            0x008c84b1
                                                            0x008c87ee
                                                            0x008c87ee
                                                            0x008c87ef
                                                            0x008c87f5
                                                            0x008c87f6
                                                            0x008c87f7
                                                            0x008c87fd
                                                            0x008c8802
                                                            0x008c8807
                                                            0x008c8807
                                                            0x008c880a
                                                            0x008c880f
                                                            0x008c8814
                                                            0x008c8814
                                                            0x008c881b
                                                            0x008c8820
                                                            0x008c8820
                                                            0x008c8829
                                                            0x008c882e
                                                            0x008c882e
                                                            0x008c8837
                                                            0x008c8842

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(008C5482,?,00000000,80070490,?,?,?,?,?,?,?,?,008EBEAE,?,008C5482,?), ref: 008C8494
                                                            • LeaveCriticalSection.KERNEL32(008C5482,?,?,?,?,?,?,?,?,008EBEAE,?,008C5482,?,008C5482,008C5482,Chain), ref: 008C87F7
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\variable.cpp, xrefs: 008C87AC
                                                            • version, xrefs: 008C8619
                                                            • Failed to get variable node count., xrefs: 008C84CE
                                                            • Value, xrefs: 008C8552
                                                            • Failed to get @Value., xrefs: 008C877F
                                                            • Initializing numeric variable '%ls' to value '%ls', xrefs: 008C85CF
                                                            • Attempt to set built-in variable value: %ls, xrefs: 008C87BB
                                                            • Failed to get @Persisted., xrefs: 008C87D4
                                                            • string, xrefs: 008C85E4
                                                            • Failed to select variable nodes., xrefs: 008C84B1
                                                            • Failed to get @Id., xrefs: 008C87E2
                                                            • Failed to change variant type., xrefs: 008C87CD
                                                            • Invalid value for @Type: %ls, xrefs: 008C875E
                                                            • Type, xrefs: 008C8590
                                                            • Hidden, xrefs: 008C851C
                                                            • Persisted, xrefs: 008C8537
                                                            • Failed to set variant encryption, xrefs: 008C8790
                                                            • Failed to insert variable '%ls'., xrefs: 008C8789
                                                            • Failed to get @Type., xrefs: 008C8771
                                                            • Failed to get next node., xrefs: 008C87E9
                                                            • Initializing string variable '%ls' to value '%ls', xrefs: 008C8607
                                                            • Initializing hidden variable '%ls', xrefs: 008C865E
                                                            • Failed to set variant value., xrefs: 008C8778
                                                            • Failed to get @Hidden., xrefs: 008C87DB
                                                            • numeric, xrefs: 008C85A9
                                                            • Variable, xrefs: 008C849E
                                                            • Failed to find variable value '%ls'., xrefs: 008C87C5
                                                            • Failed to set value of variable: %ls, xrefs: 008C879A
                                                            • Initializing version variable '%ls' to value '%ls', xrefs: 008C8640
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$c:\agent\_work\66\s\src\burn\engine\variable.cpp$numeric$string$version
                                                            • API String ID: 3168844106-1329848934
                                                            • Opcode ID: 15e1c9652e29319215a957cc6bfd9930e1c575c706efbd4432399e60575ed041
                                                            • Instruction ID: e2a1e1db63f76a78dd503d5b33cc8428c34a44c84b151d54960280c673c5fe01
                                                            • Opcode Fuzzy Hash: 15e1c9652e29319215a957cc6bfd9930e1c575c706efbd4432399e60575ed041
                                                            • Instruction Fuzzy Hash: F0B16B72D80229EFCB119B94CC45FAEBA75FF84718F204669F910F62D1DB70DA409B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008ED10E Relevance: 49.3, APIs: 12, Strings: 16, Instructions: 283synchronizationprocessCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 61%
                                                            			E008ED10E(void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, DWORD* _a20) {
				signed int _v8;
				char _v88;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				struct _SECURITY_ATTRIBUTES* _v120;
				WCHAR* _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				struct _PROCESS_INFORMATION _v148;
				intOrPtr _v152;
				DWORD* _v156;
				intOrPtr _v160;
				void* _v164;
				signed int _v168;
				signed short _v172;
				signed int _v176;
				char _v180;
				struct _STARTUPINFOW _v248;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t78;
				signed int _t90;
				signed short _t92;
				signed short _t95;
				signed short _t106;
				signed short _t110;
				intOrPtr _t124;
				DWORD* _t127;
				signed short _t128;
				signed short _t131;
				void* _t140;
				void* _t147;
				void* _t151;
				signed short _t156;
				signed int _t160;

				_t147 = __edx;
				_t78 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t78 ^ _t160;
				_v124 = _a4;
				_v152 = _a8;
				_v132 = _a12;
				_v128 = _a16;
				_v156 = _a20;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t139 = 0;
				_v116 = 0;
				_v112 = 0;
				_v120 = 0;
				_v108 = 0;
				E008EF600( &_v104,  &_v248, 0, 0x44);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t90 =  &_v104;
				__imp__UuidCreate(_t90);
				if((_t90 | 0x00000001) >= 0) {
					_t92 =  &_v104;
					__imp__StringFromGUID2(_t92,  &_v88, 0x27);
					__eflags = _t92;
					if(_t92 != 0) {
						_t95 = E008C2022( &_v112, L"NetFxSection.%ls",  &_v88);
						__eflags = _t95;
						if(_t95 >= 0) {
							__eflags = E008C2022( &_v116, L"NetFxEvent.%ls",  &_v88);
							if(__eflags >= 0) {
								_t156 = E008ECB5D(0, _t140, __eflags, _v112, _v116,  &_v108);
								__eflags = _t156;
								if(_t156 >= 0) {
									_push(_v112);
									_t156 = E008C2064( &_v120, L"%ls /pipe %ls", _v152);
									__eflags = _t156;
									if(_t156 >= 0) {
										_t150 = _v124;
										_v248.cb = 0x44;
										_t106 = CreateProcessW(_v124, _v120, 0, 0, 0, 0x8000000, 0, 0,  &_v248,  &_v148);
										__eflags = _t106;
										if(_t106 != 0) {
											_t139 = _v108;
											_t150 = WaitForMultipleObjects;
											_v164 = _v148.hProcess;
											_v160 =  *((intOrPtr*)(_t139 + 4));
											while(1) {
												_t110 = WaitForMultipleObjects(2,  &_v164, 0, 0x64);
												__eflags = _t110;
												if(_t110 == 0) {
													break;
												}
												__eflags = _t110 - 1;
												if(_t110 != 1) {
													__eflags = _t110 - 0xffffffff;
													if(_t110 == 0xffffffff) {
														_t156 = GetLastError();
														__eflags = _t156;
														if(__eflags > 0) {
															_t156 = _t156 & 0x0000ffff | 0x80070000;
															__eflags = _t156;
														}
														if(__eflags >= 0) {
															_t156 = 0x80004005;
														}
														E008C38BA(_t111, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x19e, _t156);
														_push("Failed to wait for netfx chainer process to complete");
														L2:
														_push(_t156);
														E008FFB09();
														L45:
														if(_v112 != 0) {
															E008C2762(_v112);
														}
														if(_v116 != 0) {
															E008C2762(_v116);
														}
														E008C287D(_v120);
														E008ECE2C(_t139, _t150, _t139);
														_t151 = CloseHandle;
														if(_v148.hThread != 0) {
															CloseHandle(_v148.hThread);
															_v148.hThread = _v148.hThread & 0x00000000;
														}
														if(_v148.hProcess != 0) {
															CloseHandle(_v148.hProcess);
														}
														return E008EDD1F(_t139, _v8 ^ _t160, _t147, _t151, _t156);
													}
													continue;
												}
												_t156 = E008ED016(_t139, _v132, _v128);
												__eflags = _t156;
												if(_t156 >= 0) {
													continue;
												}
												_push("Failed to process netfx chainer message.");
												goto L2;
											}
											WaitForSingleObject( *(_t139 + 0xc), 0xffffffff);
											_t124 =  *((intOrPtr*)(_t139 + 0x10));
											__eflags =  *(_t124 + 4);
											_t49 = _t124 + 8; // 0x31006e
											_t150 =  *_t49;
											if( *(_t124 + 4) >= 0) {
												L31:
												_t51 = _t124 + 0xc; // 0x64002e
												_v124 =  *_t51;
												ReleaseMutex( *(_t139 + 0xc));
												_t127 = _v156;
												 *_t127 = _t150;
												__eflags = _t150 - 0x8000000a;
												if(_t150 != 0x8000000a) {
													_t128 = _v124;
													__eflags = _t128;
													if(_t128 < 0) {
														_v176 = _v176 & 0x00000000;
														_t60 =  &_v168;
														 *_t60 = _v168 & 0x00000000;
														__eflags =  *_t60;
														_v172 = _t128;
														_v180 = 1;
														_v132( &_v180, _v128);
													}
													goto L45;
												}
												_t131 = GetExitCodeProcess(_v148, _t127);
												__eflags = _t131;
												if(_t131 != 0) {
													goto L45;
												}
												_t156 = GetLastError();
												__eflags = _t156;
												if(__eflags > 0) {
													_t156 = _t156 & 0x0000ffff | 0x80070000;
													__eflags = _t156;
												}
												if(__eflags >= 0) {
													_t156 = 0x80004005;
												}
												E008C38BA(_t132, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x18a, _t156);
												_push("Failed to get netfx return code.");
												goto L2;
											}
											__eflags = _t150;
											if(_t150 == 0) {
												L30:
												_t50 = _t124 + 4; // 0x730061
												_t150 =  *_t50;
												goto L31;
											}
											__eflags = _t150 - 0x80004004;
											if(_t150 != 0x80004004) {
												goto L31;
											}
											goto L30;
										}
										_t156 = GetLastError();
										__eflags = _t156;
										if(__eflags > 0) {
											__eflags = _t156;
										}
										if(__eflags >= 0) {
											_t156 = 0x80004005;
										}
										E008C38BA(_t134, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x17a, _t156);
										E008FFB09(_t156, "Failed to CreateProcess on path: %ls", _t150);
										L12:
										_t139 = _v108;
										goto L45;
									}
									_push("Failed to allocate netfx chainer arguments.");
									L11:
									_push(_t156);
									E008FFB09();
									goto L12;
								}
								_push("Failed to create netfx chainer.");
								goto L11;
							}
							_push("Failed to allocate event name.");
							goto L2;
						}
						_push("Failed to allocate section name.");
						goto L2;
					}
					_t156 = 0x8007000e;
					E008C38BA(_t92, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x168, 0x8007000e);
					_push("Failed to convert netfx chainer guid into string.");
					goto L2;
				}
				_push("Failed to create netfx chainer guid.");
				goto L2;
			}









































                                                            0x008ed10e
                                                            0x008ed117
                                                            0x008ed11e
                                                            0x008ed124
                                                            0x008ed12a
                                                            0x008ed133
                                                            0x008ed13a
                                                            0x008ed140
                                                            0x008ed14d
                                                            0x008ed150
                                                            0x008ed151
                                                            0x008ed152
                                                            0x008ed155
                                                            0x008ed157
                                                            0x008ed15b
                                                            0x008ed15e
                                                            0x008ed168
                                                            0x008ed16b
                                                            0x008ed178
                                                            0x008ed17c
                                                            0x008ed17d
                                                            0x008ed17e
                                                            0x008ed17f
                                                            0x008ed183
                                                            0x008ed18e
                                                            0x008ed1a8
                                                            0x008ed1ac
                                                            0x008ed1b2
                                                            0x008ed1b4
                                                            0x008ed1df
                                                            0x008ed1e9
                                                            0x008ed1eb
                                                            0x008ed20b
                                                            0x008ed20d
                                                            0x008ed228
                                                            0x008ed22a
                                                            0x008ed22c
                                                            0x008ed243
                                                            0x008ed25a
                                                            0x008ed25f
                                                            0x008ed261
                                                            0x008ed26a
                                                            0x008ed27a
                                                            0x008ed295
                                                            0x008ed29b
                                                            0x008ed29d
                                                            0x008ed2e1
                                                            0x008ed2ea
                                                            0x008ed2f0
                                                            0x008ed2f9
                                                            0x008ed32b
                                                            0x008ed338
                                                            0x008ed33a
                                                            0x008ed33c
                                                            0x00000000
                                                            0x00000000
                                                            0x008ed301
                                                            0x008ed304
                                                            0x008ed322
                                                            0x008ed325
                                                            0x008ed3da
                                                            0x008ed3dc
                                                            0x008ed3de
                                                            0x008ed3e3
                                                            0x008ed3e9
                                                            0x008ed3e9
                                                            0x008ed3eb
                                                            0x008ed3ed
                                                            0x008ed3ed
                                                            0x008ed3fd
                                                            0x008ed402
                                                            0x008ed195
                                                            0x008ed195
                                                            0x008ed196
                                                            0x008ed43e
                                                            0x008ed442
                                                            0x008ed447
                                                            0x008ed447
                                                            0x008ed450
                                                            0x008ed455
                                                            0x008ed455
                                                            0x008ed45d
                                                            0x008ed463
                                                            0x008ed46f
                                                            0x008ed475
                                                            0x008ed47d
                                                            0x008ed47f
                                                            0x008ed47f
                                                            0x008ed48d
                                                            0x008ed495
                                                            0x008ed495
                                                            0x008ed4a7
                                                            0x008ed4a7
                                                            0x00000000
                                                            0x008ed325
                                                            0x008ed312
                                                            0x008ed314
                                                            0x008ed316
                                                            0x00000000
                                                            0x00000000
                                                            0x008ed318
                                                            0x00000000
                                                            0x008ed318
                                                            0x008ed343
                                                            0x008ed349
                                                            0x008ed34c
                                                            0x008ed350
                                                            0x008ed350
                                                            0x008ed353
                                                            0x008ed364
                                                            0x008ed364
                                                            0x008ed36a
                                                            0x008ed36d
                                                            0x008ed373
                                                            0x008ed379
                                                            0x008ed37b
                                                            0x008ed381
                                                            0x008ed40c
                                                            0x008ed40f
                                                            0x008ed411
                                                            0x008ed416
                                                            0x008ed41d
                                                            0x008ed41d
                                                            0x008ed41d
                                                            0x008ed424
                                                            0x008ed431
                                                            0x008ed43b
                                                            0x008ed43b
                                                            0x00000000
                                                            0x008ed411
                                                            0x008ed38e
                                                            0x008ed394
                                                            0x008ed396
                                                            0x00000000
                                                            0x00000000
                                                            0x008ed3a2
                                                            0x008ed3a4
                                                            0x008ed3a6
                                                            0x008ed3ab
                                                            0x008ed3b1
                                                            0x008ed3b1
                                                            0x008ed3b3
                                                            0x008ed3b5
                                                            0x008ed3b5
                                                            0x008ed3c5
                                                            0x008ed3ca
                                                            0x00000000
                                                            0x008ed3ca
                                                            0x008ed355
                                                            0x008ed357
                                                            0x008ed361
                                                            0x008ed361
                                                            0x008ed361
                                                            0x00000000
                                                            0x008ed361
                                                            0x008ed359
                                                            0x008ed35f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008ed35f
                                                            0x008ed2a5
                                                            0x008ed2a7
                                                            0x008ed2a9
                                                            0x008ed2b4
                                                            0x008ed2b4
                                                            0x008ed2b6
                                                            0x008ed2b8
                                                            0x008ed2b8
                                                            0x008ed2c8
                                                            0x008ed2d4
                                                            0x008ed23b
                                                            0x008ed23b
                                                            0x00000000
                                                            0x008ed23b
                                                            0x008ed263
                                                            0x008ed233
                                                            0x008ed233
                                                            0x008ed234
                                                            0x00000000
                                                            0x008ed23a
                                                            0x008ed22e
                                                            0x00000000
                                                            0x008ed22e
                                                            0x008ed20f
                                                            0x00000000
                                                            0x008ed20f
                                                            0x008ed1ed
                                                            0x00000000
                                                            0x008ed1ed
                                                            0x008ed1b6
                                                            0x008ed1c6
                                                            0x008ed1cb
                                                            0x00000000
                                                            0x008ed1cb
                                                            0x008ed190
                                                            0x00000000

                                                            APIs
                                                            • UuidCreate.RPCRT4(?), ref: 008ED183
                                                            • StringFromGUID2.OLE32(?,?,00000027), ref: 008ED1AC
                                                            • CreateProcessW.KERNEL32 ref: 008ED295
                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 008ED29F
                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 008ED338
                                                            • WaitForSingleObject.KERNEL32(0090A500,000000FF,?,?,?,?), ref: 008ED343
                                                            • ReleaseMutex.KERNEL32(0090A500,?,?,?,?), ref: 008ED36D
                                                            • GetExitCodeProcess.KERNEL32 ref: 008ED38E
                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 008ED39C
                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 008ED3D4
                                                              • Part of subcall function 008ED016: WaitForSingleObject.KERNEL32(?,000000FF,7476F730,00000000,?,?,?,008ED312,?), ref: 008ED035
                                                              • Part of subcall function 008ED016: ReleaseMutex.KERNEL32(?,?,?,008ED312,?), ref: 008ED049
                                                              • Part of subcall function 008ED016: WaitForSingleObject.KERNEL32(?,000000FF), ref: 008ED08E
                                                              • Part of subcall function 008ED016: ReleaseMutex.KERNEL32(?), ref: 008ED0A1
                                                              • Part of subcall function 008ED016: SetEvent.KERNEL32(?), ref: 008ED0AA
                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 008ED47D
                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 008ED495
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Wait$ErrorLastMutexObjectReleaseSingle$CloseCreateHandleProcess$CodeEventExitFromMultipleObjectsStringUuid
                                                            • String ID: %ls /pipe %ls$@Mqt$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxEvent.%ls$NetFxSection.%ls$c:\agent\_work\66\s\src\burn\engine\netfxchainer.cpp
                                                            • API String ID: 1533322865-747619422
                                                            • Opcode ID: 7f10ae856da1a1638ca8b735cefe79709279769e7ee1834049a3e9b64d9ef70a
                                                            • Instruction ID: 35f75b23f63627f555f59a1a51c81abaabe52a5420ba05872dcde54df21ce107
                                                            • Opcode Fuzzy Hash: 7f10ae856da1a1638ca8b735cefe79709279769e7ee1834049a3e9b64d9ef70a
                                                            • Instruction Fuzzy Hash: 7DA19E32E0032DAFDB219BA9CD45BAEB7B8FF05314F104165E908FB291E7359D449B92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00906C19 Relevance: 45.8, APIs: 13, Strings: 13, Instructions: 339COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 83%
                                                            			E00906C19(void* __ebx, void* __eflags, int _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				int _v20;
				int _v24;
				int _v28;
				void* __edi;
				int _t110;
				int _t111;
				int _t112;
				int _t114;
				int _t116;
				int _t117;
				int _t118;
				int _t119;
				int _t120;
				int _t121;
				int _t122;
				int _t123;
				int _t124;
				int _t125;
				int _t128;
				void* _t147;
				intOrPtr* _t150;
				void* _t151;
				signed int _t153;
				intOrPtr* _t154;
				intOrPtr _t160;
				int _t161;

				_t149 = __ebx;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t160 = E008C39DF(0x48, 1);
				if(_t160 != 0) {
					_t150 = _a4;
					 *((intOrPtr*)(_t160 + 0x40)) = _t150;
					 *((intOrPtr*)( *_t150 + 4))(_t150, __ebx);
					_t7 = _t160 + 0x20; // 0x20
					_t8 = _t160 + 0x24; // 0x24
					_t161 = E00905E35(_t8, _t150, L"author", _t8, _t7);
					__eflags = _t161;
					if(_t161 >= 0) {
						_t9 = _t160 + 0x28; // 0x28
						_t10 = _t160 + 0x2c; // 0x2c
						_t161 = E00905ECB(_t10, _t150, L"category", _t10, _t9);
						__eflags = _t161;
						if(_t161 >= 0) {
							_t11 = _t160 + 0x30; // 0x30
							_t12 = _t160 + 0x34; // 0x34
							_t161 = E00905F61(_t12, _t150, L"entry", _t12, _t11);
							__eflags = _t161;
							if(_t161 >= 0) {
								_t13 = _t160 + 0x38; // 0x38
								_t14 = _t160 + 0x3c; // 0x3c
								_t161 = E00905FF7(_t14, _t150, L"link", _t14, _t13);
								__eflags = _t161;
								if(_t161 >= 0) {
									_t158 =  &_v16;
									_t161 =  *((intOrPtr*)( *_t150 + 0x30))(_t150,  &_v16);
									__eflags = _t161;
									if(_t161 >= 0) {
										_t110 = E009030E2( &_v16, _v16,  &_v12,  &_v8);
										_t161 = _t110;
										__eflags = _t161;
										if(_t161 != 0) {
											L45:
											_t111 =  *(_t160 + 8);
											__eflags = _t111;
											if(_t111 == 0) {
												L54:
												_t112 = 0x8007000d;
												_push(0x8007000d);
												_push(0x197);
												goto L55;
											} else {
												__eflags =  *_t111;
												if( *_t111 == 0) {
													goto L54;
												} else {
													_t114 =  *(_t160 + 0x14);
													__eflags = _t114;
													if(_t114 == 0) {
														L53:
														_t112 = 0x8007000d;
														_push(0x8007000d);
														_push(0x19c);
														goto L55;
													} else {
														__eflags =  *_t114;
														if( *_t114 == 0) {
															goto L53;
														} else {
															__eflags =  *(_t160 + 0x1c);
															if( *(_t160 + 0x1c) != 0) {
																L52:
																 *_a8 = _t160;
																_t160 = 0;
															} else {
																__eflags =  *(_t160 + 0x18);
																if( *(_t160 + 0x18) != 0) {
																	goto L52;
																} else {
																	_t112 = 0x8007000d;
																	_push(0x8007000d);
																	_push(0x1a1);
																	L55:
																	_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp");
																	_t161 = _t112;
																	E008C38BA(_t112);
																}
															}
														}
													}
												}
											}
										} else {
											_t151 = CompareStringW;
											_v28 = _t161;
											_v24 = _t110;
											_v20 = _t110;
											_a4 = _t110;
											while(1) {
												_t116 = CompareStringW(0x7f, _t110, _v8, 0xffffffff, L"generator", 0xffffffff);
												__eflags = _t116 - 2;
												if(_t116 != 2) {
													goto L13;
												}
												_push(_v12);
												_push(_t160);
												L12:
												_t128 = E009060FB(_t158);
												L39:
												_t161 = _t128;
												__eflags = _t161;
												if(_t161 >= 0) {
													L40:
													__eflags = _v8;
													if(_v8 != 0) {
														__imp__#6(_v8);
														_t68 =  &_v8;
														 *_t68 = _v8 & 0x00000000;
														__eflags =  *_t68;
													}
													_t158 = _v12;
													__eflags = _t158;
													if(_t158 != 0) {
														 *((intOrPtr*)( *_t158 + 8))(_t158);
														_t72 =  &_v12;
														 *_t72 = _v12 & 0x00000000;
														__eflags =  *_t72;
													}
													_t161 = E009030E2(_t158, _v16,  &_v12,  &_v8);
													__eflags = _t161;
													if(_t161 == 0) {
														_t161 = _v28;
														_t110 = 0;
														__eflags = 0;
														continue;
													} else {
														goto L45;
													}
												}
												goto L56;
												L13:
												_t117 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"icon", 0xffffffff);
												__eflags = _t117 - 2;
												if(_t117 != 2) {
													_t118 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"id", 0xffffffff);
													__eflags = _t118 - 2;
													if(_t118 != 2) {
														_t119 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"logo", 0xffffffff);
														__eflags = _t119 - 2;
														if(_t119 != 2) {
															_t120 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"subtitle", 0xffffffff);
															__eflags = _t120 - 2;
															if(_t120 != 2) {
																_t121 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
																__eflags = _t121 - 2;
																if(_t121 != 2) {
																	_t122 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"updated", 0xffffffff);
																	__eflags = _t122 - 2;
																	if(_t122 != 2) {
																		_t123 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"author", 0xffffffff);
																		__eflags = _t123 - 2;
																		if(_t123 != 2) {
																			_t124 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"category", 0xffffffff);
																			__eflags = _t124 - 2;
																			if(_t124 != 2) {
																				_t125 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"entry", 0xffffffff);
																				__eflags = _t125 - 2;
																				if(_t125 != 2) {
																					__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"link", 0xffffffff) - 2;
																					if(__eflags != 0) {
																						_t64 = _t160 + 0x44; // 0x44
																						_t128 = E009072DE(_t151, __eflags, _v12, _t64);
																						goto L39;
																					} else {
																						_t161 = E00906FC4(_v12,  *((intOrPtr*)(_t160 + 0x3c)) + _t161);
																						__eflags = _t161;
																						if(_t161 >= 0) {
																							_v28 = _v28 + 0x28;
																							goto L40;
																						}
																					}
																				} else {
																					_t161 = E009068DE(_v12,  *((intOrPtr*)(_t160 + 0x34)) + _v24);
																					__eflags = _t161;
																					if(_t161 >= 0) {
																						_v24 = _v24 + 0x40;
																						goto L40;
																					}
																				}
																			} else {
																				_t161 = E00906527(_v12,  *((intOrPtr*)(_t160 + 0x2c)) + _v20);
																				__eflags = _t161;
																				if(_t161 >= 0) {
																					_v20 = _v20 + 0x10;
																					goto L40;
																				}
																			}
																		} else {
																			_t161 = E00906402(_v12,  *((intOrPtr*)(_t160 + 0x24)) + _a4);
																			__eflags = _t161;
																			if(_t161 >= 0) {
																				_a4 = _a4 + 0xc;
																				goto L40;
																			}
																		}
																	} else {
																		_t40 = _t160 + 0x18; // 0x18
																		_t128 = E0090608D(_t158, _t40, _v12);
																		goto L39;
																	}
																} else {
																	_t37 = _t160 + 0x14; // 0x14
																	_t147 = _t37;
																	goto L15;
																}
															} else {
																_t35 = _t160 + 0x10; // 0x10
																_t147 = _t35;
																goto L15;
															}
														} else {
															_t33 = _t160 + 0xc; // 0xc
															_t147 = _t33;
															goto L15;
														}
													} else {
														_t31 = _t160 + 8; // 0x8
														_t147 = _t31;
														goto L15;
													}
												} else {
													_t28 = _t160 + 4; // 0x4
													_t147 = _t28;
													L15:
													_push(_v12);
													_push(_t147);
													goto L12;
												}
												goto L56;
											}
										}
									}
								}
							}
						}
					}
					L56:
					_pop(_t149);
				} else {
					_t161 = 0x8007000e;
					E008C38BA(_t89, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp", 0x134, 0x8007000e);
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t153 = _v12;
				if(_t153 != 0) {
					 *((intOrPtr*)( *_t153 + 8))(_t153);
				}
				_t154 = _v16;
				if(_t154 != 0) {
					 *((intOrPtr*)( *_t154 + 8))(_t154);
				}
				if(_t160 != 0) {
					E00907475(_t149, _t160, _t160);
				}
				return _t161;
			}
































                                                            0x00906c19
                                                            0x00906c27
                                                            0x00906c2a
                                                            0x00906c2d
                                                            0x00906c35
                                                            0x00906c39
                                                            0x00906c56
                                                            0x00906c59
                                                            0x00906c5f
                                                            0x00906c62
                                                            0x00906c66
                                                            0x00906c75
                                                            0x00906c77
                                                            0x00906c79
                                                            0x00906c7f
                                                            0x00906c83
                                                            0x00906c92
                                                            0x00906c94
                                                            0x00906c96
                                                            0x00906c9c
                                                            0x00906ca0
                                                            0x00906caf
                                                            0x00906cb1
                                                            0x00906cb3
                                                            0x00906cb9
                                                            0x00906cbd
                                                            0x00906ccc
                                                            0x00906cce
                                                            0x00906cd0
                                                            0x00906cd8
                                                            0x00906ce0
                                                            0x00906ce2
                                                            0x00906ce4
                                                            0x00906cf5
                                                            0x00906cfa
                                                            0x00906cfc
                                                            0x00906cfe
                                                            0x00906f2a
                                                            0x00906f2a
                                                            0x00906f2d
                                                            0x00906f2f
                                                            0x00906f71
                                                            0x00906f71
                                                            0x00906f76
                                                            0x00906f77
                                                            0x00000000
                                                            0x00906f31
                                                            0x00906f33
                                                            0x00906f36
                                                            0x00000000
                                                            0x00906f38
                                                            0x00906f38
                                                            0x00906f3b
                                                            0x00906f3d
                                                            0x00906f64
                                                            0x00906f64
                                                            0x00906f69
                                                            0x00906f6a
                                                            0x00000000
                                                            0x00906f3f
                                                            0x00906f3f
                                                            0x00906f42
                                                            0x00000000
                                                            0x00906f44
                                                            0x00906f44
                                                            0x00906f47
                                                            0x00906f5b
                                                            0x00906f5e
                                                            0x00906f60
                                                            0x00906f49
                                                            0x00906f49
                                                            0x00906f4c
                                                            0x00000000
                                                            0x00906f4e
                                                            0x00906f4e
                                                            0x00906f53
                                                            0x00906f54
                                                            0x00906f7c
                                                            0x00906f7c
                                                            0x00906f81
                                                            0x00906f83
                                                            0x00906f83
                                                            0x00906f4c
                                                            0x00906f47
                                                            0x00906f42
                                                            0x00906f3d
                                                            0x00906f36
                                                            0x00906d04
                                                            0x00906d04
                                                            0x00906d0a
                                                            0x00906d0d
                                                            0x00906d10
                                                            0x00906d13
                                                            0x00906d1d
                                                            0x00906d2c
                                                            0x00906d2e
                                                            0x00906d31
                                                            0x00000000
                                                            0x00000000
                                                            0x00906d33
                                                            0x00906d36
                                                            0x00906d37
                                                            0x00906d37
                                                            0x00906ee2
                                                            0x00906ee2
                                                            0x00906ee4
                                                            0x00906ee6
                                                            0x00906eec
                                                            0x00906eec
                                                            0x00906ef0
                                                            0x00906ef5
                                                            0x00906efb
                                                            0x00906efb
                                                            0x00906efb
                                                            0x00906efb
                                                            0x00906eff
                                                            0x00906f02
                                                            0x00906f04
                                                            0x00906f09
                                                            0x00906f0c
                                                            0x00906f0c
                                                            0x00906f0c
                                                            0x00906f0c
                                                            0x00906f20
                                                            0x00906f22
                                                            0x00906f24
                                                            0x00906d18
                                                            0x00906d1b
                                                            0x00906d1b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00906f24
                                                            0x00000000
                                                            0x00906d41
                                                            0x00906d51
                                                            0x00906d53
                                                            0x00906d56
                                                            0x00906d71
                                                            0x00906d73
                                                            0x00906d76
                                                            0x00906d8d
                                                            0x00906d8f
                                                            0x00906d92
                                                            0x00906da9
                                                            0x00906dab
                                                            0x00906dae
                                                            0x00906dc5
                                                            0x00906dc7
                                                            0x00906dca
                                                            0x00906de1
                                                            0x00906de3
                                                            0x00906de6
                                                            0x00906e09
                                                            0x00906e0b
                                                            0x00906e0e
                                                            0x00906e42
                                                            0x00906e44
                                                            0x00906e47
                                                            0x00906e7b
                                                            0x00906e7d
                                                            0x00906e80
                                                            0x00906eb3
                                                            0x00906eb6
                                                            0x00906ed6
                                                            0x00906edd
                                                            0x00000000
                                                            0x00906eb8
                                                            0x00906ec6
                                                            0x00906ec8
                                                            0x00906eca
                                                            0x00906ed0
                                                            0x00000000
                                                            0x00906ed0
                                                            0x00906eca
                                                            0x00906e82
                                                            0x00906e91
                                                            0x00906e93
                                                            0x00906e95
                                                            0x00906e9b
                                                            0x00000000
                                                            0x00906e9b
                                                            0x00906e95
                                                            0x00906e49
                                                            0x00906e58
                                                            0x00906e5a
                                                            0x00906e5c
                                                            0x00906e62
                                                            0x00000000
                                                            0x00906e62
                                                            0x00906e5c
                                                            0x00906e10
                                                            0x00906e1f
                                                            0x00906e21
                                                            0x00906e23
                                                            0x00906e29
                                                            0x00000000
                                                            0x00906e29
                                                            0x00906e23
                                                            0x00906de8
                                                            0x00906deb
                                                            0x00906def
                                                            0x00000000
                                                            0x00906def
                                                            0x00906dcc
                                                            0x00906dcc
                                                            0x00906dcc
                                                            0x00000000
                                                            0x00906dcc
                                                            0x00906db0
                                                            0x00906db0
                                                            0x00906db0
                                                            0x00000000
                                                            0x00906db0
                                                            0x00906d94
                                                            0x00906d94
                                                            0x00906d94
                                                            0x00000000
                                                            0x00906d94
                                                            0x00906d78
                                                            0x00906d78
                                                            0x00906d78
                                                            0x00000000
                                                            0x00906d78
                                                            0x00906d58
                                                            0x00906d58
                                                            0x00906d58
                                                            0x00906d5b
                                                            0x00906d5b
                                                            0x00906d5e
                                                            0x00000000
                                                            0x00906d5e
                                                            0x00000000
                                                            0x00906d56
                                                            0x00906d1d
                                                            0x00906cfe
                                                            0x00906ce4
                                                            0x00906cd0
                                                            0x00906cb3
                                                            0x00906c96
                                                            0x00906f88
                                                            0x00906f88
                                                            0x00906c3b
                                                            0x00906c3b
                                                            0x00906c4b
                                                            0x00906c4b
                                                            0x00906f8d
                                                            0x00906f92
                                                            0x00906f92
                                                            0x00906f98
                                                            0x00906f9d
                                                            0x00906fa2
                                                            0x00906fa2
                                                            0x00906fa5
                                                            0x00906faa
                                                            0x00906faf
                                                            0x00906faf
                                                            0x00906fb4
                                                            0x00906fb7
                                                            0x00906fb7
                                                            0x00906fc1

                                                            APIs
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 00906D2C
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00906EF5
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00906F92
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$FreeHeap$AllocateCompareProcess
                                                            • String ID: ($@$author$c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp$category$entry$generator$icon$link$logo$subtitle$title$updated
                                                            • API String ID: 1555028553-2916413190
                                                            • Opcode ID: f93f2715f3662eb16db887ceae0e5c89238ae30622c7c4745215aa3e83276cbc
                                                            • Instruction ID: 6c681d13990811ab9a775ebc8e04a3250c7bb6caf562dea5fbe397c055a8e3aa
                                                            • Opcode Fuzzy Hash: f93f2715f3662eb16db887ceae0e5c89238ae30622c7c4745215aa3e83276cbc
                                                            • Instruction Fuzzy Hash: 7BB19135A44226BFCB11DBA4CC41FAEB778AF04724F204755F621AA5E1DB70EE60DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 009068DE Relevance: 45.8, APIs: 11, Strings: 15, Instructions: 297COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 79%
                                                            			E009068DE(signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				signed int _t99;
				signed int _t100;
				signed int _t102;
				int _t104;
				int _t105;
				int _t106;
				int _t107;
				int _t108;
				int _t109;
				int _t110;
				signed int _t113;
				signed int* _t128;
				signed int* _t129;
				signed int _t130;
				void* _t131;
				signed int _t133;
				signed int _t134;
				signed int* _t139;
				signed int _t140;

				_t130 = _a4;
				_t139 = _a8;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t139[0xe] = _t130;
				 *((intOrPtr*)( *_t130 + 4))(_t130);
				_t140 = E00905E35( &(_t139[9]), _t130, L"author",  &(_t139[9]),  &(_t139[8]));
				if(_t140 >= 0) {
					_t140 = E00905ECB( &(_t139[0xb]), _t130, L"category",  &(_t139[0xb]),  &(_t139[0xa]));
					if(_t140 >= 0) {
						_t140 = E00905FF7( &(_t139[0xd]), _t130, L"link",  &(_t139[0xd]),  &(_t139[0xc]));
						if(_t140 >= 0) {
							_t137 =  &_v16;
							_t140 =  *((intOrPtr*)( *_t130 + 0x30))(_t130,  &_v16);
							if(_t140 >= 0) {
								_t140 = E009030E2( &_v16, _v16,  &_v12,  &_v8);
								if(_t140 != 0) {
									L42:
									if(__eflags >= 0) {
										_t99 =  *_t139;
										__eflags = _t99;
										if(_t99 == 0) {
											L52:
											_t100 = 0x8007000d;
											_push(0x8007000d);
											_push(0x311);
											goto L53;
										} else {
											__eflags =  *_t99;
											if( *_t99 == 0) {
												goto L52;
											} else {
												_t102 = _t139[2];
												__eflags = _t102;
												if(_t102 == 0) {
													L51:
													_t100 = 0x8007000d;
													_push(0x8007000d);
													_push(0x316);
													goto L53;
												} else {
													__eflags =  *_t102;
													if( *_t102 == 0) {
														goto L51;
													} else {
														__eflags = _t139[6];
														if(_t139[6] != 0) {
															L50:
															_t140 = 0;
														} else {
															__eflags = _t139[5];
															if(_t139[5] != 0) {
																goto L50;
															} else {
																_t100 = 0x8007000d;
																_push(0x8007000d);
																_push(0x31b);
																L53:
																_t140 = _t100;
																goto L54;
															}
														}
													}
												}
											}
										}
									}
								} else {
									_a8 = _a8 & _t140;
									_a4 = _a4 & _t140;
									_t131 = CompareStringW;
									_v20 = _t140;
									L6:
									while(1) {
										if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"id", 0xffffffff) != 2) {
											_t104 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"summary", 0xffffffff);
											__eflags = _t104 - 2;
											if(_t104 != 2) {
												_t105 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
												__eflags = _t105 - 2;
												if(_t105 != 2) {
													_t106 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"published", 0xffffffff);
													__eflags = _t106 - 2;
													if(_t106 != 2) {
														_t107 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"updated", 0xffffffff);
														__eflags = _t107 - 2;
														if(_t107 != 2) {
															_t108 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"author", 0xffffffff);
															__eflags = _t108 - 2;
															if(_t108 != 2) {
																_t109 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"category", 0xffffffff);
																__eflags = _t109 - 2;
																if(_t109 != 2) {
																	_t110 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"content", 0xffffffff);
																	__eflags = _t110 - 2;
																	if(_t110 != 2) {
																		__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"link", 0xffffffff) - 2;
																		if(__eflags != 0) {
																			_t113 = E009072DE(_t131, __eflags, _v12,  &(_t139[0xf]));
																			goto L33;
																		} else {
																			_t140 = E00906FC4(_v12, _t139[0xd] + _t140);
																			__eflags = _t140;
																			if(_t140 >= 0) {
																				_v20 = _v20 + 0x28;
																				goto L34;
																			}
																		}
																	} else {
																		__eflags = _t139[7];
																		if(_t139[7] != 0) {
																			_t140 = 0x8000ffff;
																		} else {
																			_t100 = E008C39DF(0x10, 1);
																			_t139[7] = _t100;
																			__eflags = _t100;
																			if(_t100 == 0) {
																				_t140 = 0x8007000e;
																				_push(0x8007000e);
																				_push(0x2f7);
																				L54:
																				_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp");
																				E008C38BA(_t100);
																			} else {
																				_t113 = E009066D4(_v12, _t100);
																				goto L33;
																			}
																		}
																	}
																} else {
																	_t140 = E00906527(_v12, _t139[0xb] + _a8);
																	__eflags = _t140;
																	if(_t140 >= 0) {
																		_a8 = _a8 + 0x10;
																		goto L34;
																	}
																}
															} else {
																_t140 = E00906402(_v12, _t139[9] + _a4);
																__eflags = _t140;
																if(_t140 >= 0) {
																	_a4 = _a4 + 0xc;
																	goto L34;
																}
															}
														} else {
															_t128 =  &(_t139[5]);
															goto L16;
														}
													} else {
														_t128 =  &(_t139[3]);
														L16:
														_t113 = E0090608D(_t137, _t128, _v12);
														goto L33;
													}
												} else {
													_t129 =  &(_t139[2]);
													goto L11;
												}
											} else {
												_t129 =  &(_t139[1]);
												L11:
												_push(_v12);
												_push(_t129);
												goto L8;
											}
										} else {
											_push(_v12);
											_push(_t139);
											L8:
											_t113 = E009060FB(_t137);
											L33:
											_t140 = _t113;
											if(_t140 >= 0) {
												L34:
												if(_v8 != 0) {
													__imp__#6(_v8);
													_v8 = _v8 & 0x00000000;
												}
												_t137 = _v12;
												if(_t137 != 0) {
													 *((intOrPtr*)( *_t137 + 8))(_t137);
													_v12 = _v12 & 0x00000000;
												}
												_t140 = E009030E2(_t137, _v16,  &_v12,  &_v8);
												if(_t140 != 0) {
													goto L42;
												} else {
													_t140 = _v20;
													continue;
												}
											}
										}
										goto L55;
									}
								}
							}
						}
					}
				}
				L55:
				__eflags = _v8;
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t133 = _v12;
				__eflags = _t133;
				if(_t133 != 0) {
					 *((intOrPtr*)( *_t133 + 8))(_t133);
				}
				_t134 = _v16;
				__eflags = _t134;
				if(_t134 != 0) {
					 *((intOrPtr*)( *_t134 + 8))(_t134);
				}
				return _t140;
			}



























                                                            0x009068e5
                                                            0x009068ec
                                                            0x009068ef
                                                            0x009068f2
                                                            0x009068f5
                                                            0x009068f8
                                                            0x009068fe
                                                            0x00906914
                                                            0x00906918
                                                            0x00906931
                                                            0x00906935
                                                            0x0090694e
                                                            0x00906952
                                                            0x0090695a
                                                            0x00906962
                                                            0x00906966
                                                            0x0090697c
                                                            0x00906980
                                                            0x00906b8d
                                                            0x00906b8d
                                                            0x00906b8f
                                                            0x00906b91
                                                            0x00906b93
                                                            0x00906bd0
                                                            0x00906bd0
                                                            0x00906bd5
                                                            0x00906bd6
                                                            0x00000000
                                                            0x00906b95
                                                            0x00906b97
                                                            0x00906b9a
                                                            0x00000000
                                                            0x00906b9c
                                                            0x00906b9c
                                                            0x00906b9f
                                                            0x00906ba1
                                                            0x00906bc3
                                                            0x00906bc3
                                                            0x00906bc8
                                                            0x00906bc9
                                                            0x00000000
                                                            0x00906ba3
                                                            0x00906ba3
                                                            0x00906ba6
                                                            0x00000000
                                                            0x00906ba8
                                                            0x00906ba8
                                                            0x00906bab
                                                            0x00906bbf
                                                            0x00906bbf
                                                            0x00906bad
                                                            0x00906bad
                                                            0x00906bb0
                                                            0x00000000
                                                            0x00906bb2
                                                            0x00906bb2
                                                            0x00906bb7
                                                            0x00906bb8
                                                            0x00906bdb
                                                            0x00906bdb
                                                            0x00000000
                                                            0x00906bdb
                                                            0x00906bb0
                                                            0x00906bab
                                                            0x00906ba6
                                                            0x00906ba1
                                                            0x00906b9a
                                                            0x00906b93
                                                            0x00906986
                                                            0x00906986
                                                            0x00906989
                                                            0x0090698c
                                                            0x00906992
                                                            0x00000000
                                                            0x00906995
                                                            0x009069aa
                                                            0x009069ca
                                                            0x009069cc
                                                            0x009069cf
                                                            0x009069ea
                                                            0x009069ec
                                                            0x009069ef
                                                            0x00906a06
                                                            0x00906a08
                                                            0x00906a0b
                                                            0x00906a2e
                                                            0x00906a30
                                                            0x00906a33
                                                            0x00906a4a
                                                            0x00906a4c
                                                            0x00906a4f
                                                            0x00906a83
                                                            0x00906a85
                                                            0x00906a88
                                                            0x00906abc
                                                            0x00906abe
                                                            0x00906ac1
                                                            0x00906afe
                                                            0x00906b01
                                                            0x00906b28
                                                            0x00000000
                                                            0x00906b03
                                                            0x00906b11
                                                            0x00906b13
                                                            0x00906b15
                                                            0x00906b1b
                                                            0x00000000
                                                            0x00906b1b
                                                            0x00906b15
                                                            0x00906ac3
                                                            0x00906ac3
                                                            0x00906ac7
                                                            0x00906b86
                                                            0x00906acd
                                                            0x00906ad1
                                                            0x00906ad6
                                                            0x00906ad9
                                                            0x00906adb
                                                            0x00906b79
                                                            0x00906b7e
                                                            0x00906b7f
                                                            0x00906bdd
                                                            0x00906bdd
                                                            0x00906be2
                                                            0x00906ae1
                                                            0x00906ae5
                                                            0x00000000
                                                            0x00906ae5
                                                            0x00906adb
                                                            0x00906ac7
                                                            0x00906a8a
                                                            0x00906a99
                                                            0x00906a9b
                                                            0x00906a9d
                                                            0x00906aa3
                                                            0x00000000
                                                            0x00906aa3
                                                            0x00906a9d
                                                            0x00906a51
                                                            0x00906a60
                                                            0x00906a62
                                                            0x00906a64
                                                            0x00906a6a
                                                            0x00000000
                                                            0x00906a6a
                                                            0x00906a64
                                                            0x00906a35
                                                            0x00906a35
                                                            0x00000000
                                                            0x00906a35
                                                            0x00906a0d
                                                            0x00906a0d
                                                            0x00906a10
                                                            0x00906a14
                                                            0x00000000
                                                            0x00906a14
                                                            0x009069f1
                                                            0x009069f1
                                                            0x00000000
                                                            0x009069f1
                                                            0x009069d1
                                                            0x009069d1
                                                            0x009069d4
                                                            0x009069d4
                                                            0x009069d7
                                                            0x00000000
                                                            0x009069d7
                                                            0x009069ac
                                                            0x009069ac
                                                            0x009069af
                                                            0x009069b0
                                                            0x009069b0
                                                            0x00906b2d
                                                            0x00906b2d
                                                            0x00906b31
                                                            0x00906b37
                                                            0x00906b3b
                                                            0x00906b40
                                                            0x00906b46
                                                            0x00906b46
                                                            0x00906b4a
                                                            0x00906b4f
                                                            0x00906b54
                                                            0x00906b57
                                                            0x00906b57
                                                            0x00906b6b
                                                            0x00906b6f
                                                            0x00000000
                                                            0x00906b71
                                                            0x00906b71
                                                            0x00000000
                                                            0x00906b71
                                                            0x00906b6f
                                                            0x00906b31
                                                            0x00000000
                                                            0x009069aa
                                                            0x00906995
                                                            0x00906980
                                                            0x00906966
                                                            0x00906952
                                                            0x00906935
                                                            0x00906be7
                                                            0x00906be7
                                                            0x00906beb
                                                            0x00906bf0
                                                            0x00906bf0
                                                            0x00906bf6
                                                            0x00906bf9
                                                            0x00906bfb
                                                            0x00906c00
                                                            0x00906c00
                                                            0x00906c03
                                                            0x00906c06
                                                            0x00906c08
                                                            0x00906c0d
                                                            0x00906c0d
                                                            0x00906c16

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,00926470,000000FF,?,?,?), ref: 009069A5
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 009069CA
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 009069EA
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 00906A06
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 00906A2E
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 00906A4A
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 00906A83
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 00906ABC
                                                              • Part of subcall function 00906527: SysFreeString.OLEAUT32(00000000), ref: 00906660
                                                              • Part of subcall function 00906527: SysFreeString.OLEAUT32(00000000), ref: 0090669F
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00906B40
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00906BF0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$Compare$Free
                                                            • String ID: ($author$c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp$cabinet.dll$category$clbcatq.dll$content$feclient.dll$link$msi.dll$published$summary$title$updated$version.dll
                                                            • API String ID: 318886736-3425300192
                                                            • Opcode ID: 8e0d3efe22be3d23657745e02975e5f78bf12632ab57a199f97d05a4a7027736
                                                            • Instruction ID: d9cda7e15ba0f106a2c808c5b215e7954f72e6044e1a4336ae1156cb8d384da2
                                                            • Opcode Fuzzy Hash: 8e0d3efe22be3d23657745e02975e5f78bf12632ab57a199f97d05a4a7027736
                                                            • Instruction Fuzzy Hash: 56A19FB190822ABFDB219B94CC41FADB778AF04734F204365F521EA5D1DB74EA60DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D545D Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 228filepipesleepCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 83%
                                                            			E008D545D(long _a4) {
				long _v8;
				signed int _v12;
				void _v16;
				signed int _v20;
				void* _v24;
				void _v28;
				void _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				WCHAR* _t40;
				long _t43;
				signed int _t44;
				void* _t77;
				long _t78;
				signed short _t82;
				void* _t90;
				signed short _t101;

				_t78 = _a4;
				_t82 = 0;
				_v40 =  *((intOrPtr*)(_t78 + 0x10));
				_v36 =  *((intOrPtr*)(_t78 + 0x14));
				_t40 =  *(_t78 + 4);
				_v24 = _t40;
				_v16 = lstrlenW(_t40) + _t41;
				_t43 = GetCurrentProcessId();
				_v32 = _v32 & 0;
				_a4 = _a4 & 0;
				_v28 = _t43;
				_t44 = 0;
				_v20 = 0;
				while(1) {
					L1:
					_t77 =  *(_t90 + _t44 * 4 - 0x24);
					if(_t77 == 0xffffffff) {
						break;
					}
					_v8 = 1;
					if(SetNamedPipeHandleState(_t77,  &_v8, 0, 0) == 0) {
						_t82 = GetLastError();
						__eflags = _t82;
						if(__eflags > 0) {
							_t82 = _t82 & 0x0000ffff | 0x80070000;
							__eflags = _t82;
						}
						if(__eflags >= 0) {
							_t82 = 0x80004005;
						}
						E008C38BA(_t48, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x1ce, _t82);
						_push("Failed to set pipe to non-blocking.");
						goto L54;
					} else {
						_v12 = _v12 & 0x00000000;
						do {
							if(ConnectNamedPipe(_t77, 0) != 0) {
								goto L9;
							} else {
								_t82 = GetLastError();
								if(_t82 == 0x217) {
									_t82 = 0;
									goto L12;
								} else {
									if(_t82 != 0x218) {
										__eflags = _t82;
										if(_t82 <= 0) {
											L11:
											if(_t101 < 0) {
												goto L23;
											} else {
												L12:
												_v8 = _v8 & 0x00000000;
												if(SetNamedPipeHandleState(_t77,  &_v8, 0, 0) == 0) {
													_t82 = GetLastError();
													__eflags = _t82;
													if(__eflags > 0) {
														_t82 = _t82 & 0x0000ffff | 0x80070000;
														__eflags = _t82;
													}
													if(__eflags >= 0) {
														_t82 = 0x80004005;
													}
													E008C38BA(_t55, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x1f9, _t82);
													_push("Failed to reset pipe to blocking.");
													goto L54;
												} else {
													if(WriteFile(_t77,  &_v16, 4,  &_a4, 0) == 0) {
														_t82 = GetLastError();
														__eflags = _t82;
														if(__eflags > 0) {
															_t82 = _t82 & 0x0000ffff | 0x80070000;
															__eflags = _t82;
														}
														if(__eflags >= 0) {
															_t82 = 0x80004005;
														}
														E008C38BA(_t60, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x1ff, _t82);
														_push("Failed to write secret length to pipe.");
														goto L54;
													} else {
														if(WriteFile(_t77, _v24, _v16,  &_a4, 0) == 0) {
															_t82 = GetLastError();
															__eflags = _t82;
															if(__eflags > 0) {
																_t82 = _t82 & 0x0000ffff | 0x80070000;
																__eflags = _t82;
															}
															if(__eflags >= 0) {
																_t82 = 0x80004005;
															}
															E008C38BA(_t64, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x204, _t82);
															_push("Failed to write secret to pipe.");
															goto L54;
														} else {
															if(WriteFile(_t77,  &_v28, 4,  &_a4, 0) == 0) {
																_t82 = GetLastError();
																__eflags = _t82;
																if(__eflags > 0) {
																	_t82 = _t82 & 0x0000ffff | 0x80070000;
																	__eflags = _t82;
																}
																if(__eflags >= 0) {
																	_t82 = 0x80004005;
																}
																E008C38BA(_t69, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x209, _t82);
																_push("Failed to write our process id to pipe.");
																goto L54;
															} else {
																if(ReadFile(_t77,  &_v32, 4,  &_a4, 0) == 0) {
																	_t82 = GetLastError();
																	__eflags = _t82;
																	if(__eflags > 0) {
																		_t82 = _t82 & 0x0000ffff | 0x80070000;
																		__eflags = _t82;
																	}
																	if(__eflags >= 0) {
																		_t82 = 0x80004005;
																	}
																	E008C38BA(_t74, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x20f, _t82);
																	_push("Failed to read ACK from pipe.");
																	goto L54;
																} else {
																	_t44 = _v20 + 1;
																	_v20 = _t44;
																	if(_t44 < 2) {
																		goto L1;
																	} else {
																	}
																}
															}
														}
													}
												}
											}
											goto L55;
										} else {
											_t82 = _t82 & 0x0000ffff | 0x80070000;
											break;
										}
										L56:
									} else {
										_t51 = _v12;
										if(_t51 >= 0x708) {
											_t82 = 0x800705b4;
											L23:
											E008C38BA(_t51, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x1f3, _t82);
											_push("Failed to wait for child to connect to pipe.");
											L54:
											_push(_t82);
											E008FFB09();
										} else {
											_t51 = _t51 + 1;
											_t82 = 0x80070218;
											_v12 = _t51;
											Sleep(0x64);
											goto L9;
										}
									}
								}
							}
							goto L55;
							L9:
						} while (_t82 == 0x80070218);
						_t101 = _t82;
						goto L11;
					}
					break;
				}
				L55:
				return _t82;
				goto L56;
			}




















                                                            0x008d5463
                                                            0x008d546c
                                                            0x008d546e
                                                            0x008d5474
                                                            0x008d5477
                                                            0x008d547b
                                                            0x008d5486
                                                            0x008d5489
                                                            0x008d548f
                                                            0x008d5492
                                                            0x008d549b
                                                            0x008d549e
                                                            0x008d54a0
                                                            0x008d54a3
                                                            0x008d54a3
                                                            0x008d54a3
                                                            0x008d54aa
                                                            0x00000000
                                                            0x00000000
                                                            0x008d54b7
                                                            0x008d54c8
                                                            0x008d56fe
                                                            0x008d5700
                                                            0x008d5702
                                                            0x008d5707
                                                            0x008d570d
                                                            0x008d570d
                                                            0x008d570f
                                                            0x008d5711
                                                            0x008d5711
                                                            0x008d5721
                                                            0x008d5726
                                                            0x00000000
                                                            0x008d54ce
                                                            0x008d54ce
                                                            0x008d54d2
                                                            0x008d54dd
                                                            0x00000000
                                                            0x008d54df
                                                            0x008d54e1
                                                            0x008d54e9
                                                            0x008d55d8
                                                            0x00000000
                                                            0x008d54ef
                                                            0x008d54f5
                                                            0x008d55c2
                                                            0x008d55c4
                                                            0x008d5524
                                                            0x008d5524
                                                            0x00000000
                                                            0x008d552a
                                                            0x008d552a
                                                            0x008d552a
                                                            0x008d553f
                                                            0x008d56cd
                                                            0x008d56cf
                                                            0x008d56d1
                                                            0x008d56d6
                                                            0x008d56dc
                                                            0x008d56dc
                                                            0x008d56de
                                                            0x008d56e0
                                                            0x008d56e0
                                                            0x008d56f0
                                                            0x008d56f5
                                                            0x00000000
                                                            0x008d5545
                                                            0x008d555a
                                                            0x008d569c
                                                            0x008d569e
                                                            0x008d56a0
                                                            0x008d56a5
                                                            0x008d56ab
                                                            0x008d56ab
                                                            0x008d56ad
                                                            0x008d56af
                                                            0x008d56af
                                                            0x008d56bf
                                                            0x008d56c4
                                                            0x00000000
                                                            0x008d5560
                                                            0x008d5575
                                                            0x008d5668
                                                            0x008d566a
                                                            0x008d566c
                                                            0x008d5671
                                                            0x008d5677
                                                            0x008d5677
                                                            0x008d5679
                                                            0x008d567b
                                                            0x008d567b
                                                            0x008d568b
                                                            0x008d5690
                                                            0x00000000
                                                            0x008d557b
                                                            0x008d5590
                                                            0x008d5634
                                                            0x008d5636
                                                            0x008d5638
                                                            0x008d563d
                                                            0x008d5643
                                                            0x008d5643
                                                            0x008d5645
                                                            0x008d5647
                                                            0x008d5647
                                                            0x008d5657
                                                            0x008d565c
                                                            0x00000000
                                                            0x008d5596
                                                            0x008d55ab
                                                            0x008d5600
                                                            0x008d5602
                                                            0x008d5604
                                                            0x008d5609
                                                            0x008d560f
                                                            0x008d560f
                                                            0x008d5611
                                                            0x008d5613
                                                            0x008d5613
                                                            0x008d5623
                                                            0x008d5628
                                                            0x00000000
                                                            0x008d55ad
                                                            0x008d55b0
                                                            0x008d55b1
                                                            0x008d55b7
                                                            0x00000000
                                                            0x00000000
                                                            0x008d55bd
                                                            0x008d55b7
                                                            0x008d55ab
                                                            0x008d5590
                                                            0x008d5575
                                                            0x008d555a
                                                            0x008d553f
                                                            0x00000000
                                                            0x008d55ca
                                                            0x008d55cd
                                                            0x00000000
                                                            0x008d55cd
                                                            0x00000000
                                                            0x008d54fb
                                                            0x008d54fb
                                                            0x008d5503
                                                            0x008d55df
                                                            0x008d55e4
                                                            0x008d55ef
                                                            0x008d55f4
                                                            0x008d572b
                                                            0x008d572b
                                                            0x008d572c
                                                            0x008d5509
                                                            0x008d5509
                                                            0x008d550a
                                                            0x008d5511
                                                            0x008d5514
                                                            0x00000000
                                                            0x008d5514
                                                            0x008d5503
                                                            0x008d54f5
                                                            0x008d54e9
                                                            0x00000000
                                                            0x008d551a
                                                            0x008d551a
                                                            0x008d5522
                                                            0x00000000
                                                            0x008d5522
                                                            0x00000000
                                                            0x008d54c8
                                                            0x008d5734
                                                            0x008d5739
                                                            0x00000000

                                                            APIs
                                                            • lstrlenW.KERNEL32(?,?,00000000,?,0090A500,?,00000000,?,008C457C,?,0090A500), ref: 008D547E
                                                            • GetCurrentProcessId.KERNEL32(?,008C457C,?,0090A500), ref: 008D5489
                                                            • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,008C457C,?,0090A500), ref: 008D54C0
                                                            • ConnectNamedPipe.KERNEL32(?,00000000,?,008C457C,?,0090A500), ref: 008D54D5
                                                            • GetLastError.KERNEL32(?,008C457C,?,0090A500), ref: 008D54DF
                                                            • Sleep.KERNEL32(00000064,?,008C457C,?,0090A500), ref: 008D5514
                                                            • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,008C457C,?,0090A500), ref: 008D5537
                                                            • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,008C457C,?,0090A500), ref: 008D5552
                                                            • WriteFile.KERNEL32(?,008C457C,0090A500,00000000,00000000,?,008C457C,?,0090A500), ref: 008D556D
                                                            • WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,008C457C,?,0090A500), ref: 008D5588
                                                            • ReadFile.KERNEL32(?,00000000,00000004,00000000,00000000,?,008C457C,?,0090A500), ref: 008D55A3
                                                            • GetLastError.KERNEL32(?,008C457C,?,0090A500), ref: 008D55FE
                                                            • GetLastError.KERNEL32(?,008C457C,?,0090A500), ref: 008D5632
                                                            • GetLastError.KERNEL32(?,008C457C,?,0090A500), ref: 008D5666
                                                            • GetLastError.KERNEL32(?,008C457C,?,0090A500), ref: 008D569A
                                                            • GetLastError.KERNEL32(?,008C457C,?,0090A500), ref: 008D56CB
                                                            • GetLastError.KERNEL32(?,008C457C,?,0090A500), ref: 008D56FC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                            • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$c:\agent\_work\66\s\src\burn\engine\pipe.cpp$crypt32.dll
                                                            • API String ID: 2944378912-152052350
                                                            • Opcode ID: e6c2856118b7b295e866f8898ea2fc10407fe55e18c4c2091cfb9d648fd7214b
                                                            • Instruction ID: 63c1fa83dba871fa92d398edf78c709618a77cf7a0579e1bcf522c9adf0b3086
                                                            • Opcode Fuzzy Hash: e6c2856118b7b295e866f8898ea2fc10407fe55e18c4c2091cfb9d648fd7214b
                                                            • Instruction Fuzzy Hash: C161C573E9062AABD7209AA49C45FAEB7B8FF10754F114227BD01FB380D678CD0086E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008ECB5D Relevance: 42.2, APIs: 12, Strings: 12, Instructions: 239synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 62%
                                                            			E008ECB5D(void* __ebx, void* __ecx, void* __eflags, WCHAR* _a4, WCHAR* _a8, void*** _a12) {
				long _v8;
				void* __edi;
				signed short _t48;
				signed short _t50;
				signed short _t52;
				signed short _t55;
				void* _t56;
				signed short _t57;
				WCHAR* _t94;
				void** _t103;
				signed short _t108;
				void* _t116;
				void* _t117;

				_t93 = __ebx;
				_v8 = 0;
				_t103 = E008C39DF(0x18, 1);
				if(_t103 != 0) {
					_push(__ebx);
					_t94 = _a8;
					_t48 = CreateEventW(0, 0, 0, _t94);
					_t103[1] = _t48;
					__eflags = _t48;
					if(_t48 != 0) {
						_t50 = E008C2022( &_v8, L"%ls_send", _t94);
						_t117 = _t116 + 0xc;
						__eflags = _t50;
						if(_t50 >= 0) {
							_t52 = CreateEventW(0, 0, 0, _v8);
							_t103[2] = _t52;
							__eflags = _t52;
							if(_t52 != 0) {
								_t108 = E008C2022( &_v8, L"%ls_mutex", _t94);
								_t117 = _t117 + 0xc;
								__eflags = _t108;
								if(_t108 >= 0) {
									_t55 = CreateMutexW(0, 1, _v8);
									_t103[3] = _t55;
									__eflags = _t55;
									if(_t55 != 0) {
										_t56 = CreateFileMappingW(0xffffffff, 0, 4, 0, 0x10000, _a4);
										 *_t103 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											_t57 = MapViewOfFile(_t56, 2, 0, 0, 0);
											_t103[4] = _t57;
											__eflags = _t57;
											if(_t57 != 0) {
												_t108 = E008C1C3A(_t57 + 0x21a, 0x104, _t94);
												__eflags = _t108;
												if(_t108 >= 0) {
													__eflags = 0;
													 *(_t103[4]) = 0;
													 *((char*)(_t103[4] + 0x218)) = 0;
													 *((intOrPtr*)(_t103[4] + 4)) = 0x8000000a;
													 *((char*)(_t103[4] + 2)) = 0;
													 *((char*)(_t103[4] + 1)) = 0;
													 *((char*)(_t103[4] + 0x219)) = 0;
													 *((intOrPtr*)(_t103[4] + 8)) = 0x8000000a;
													 *((char*)(_t103[4] + 3)) = 0;
													 *((intOrPtr*)(_t103[4] + 0xc)) = 0;
													 *((char*)(_t103[4] + 0x422)) = 1;
													 *((intOrPtr*)(_t103[4] + 0x424)) = 0;
													 *((intOrPtr*)(_t103[4] + 0x428)) = 0;
													 *((intOrPtr*)(_t103[4] + 0x42c)) = 0;
													ReleaseMutex(_t103[3]);
													 *_a12 = _t103;
													_t103 = 0;
												} else {
													_push("failed to copy event name to shared memory structure.");
													goto L40;
												}
											} else {
												_t108 = GetLastError();
												__eflags = _t108;
												if(__eflags > 0) {
													_t108 = _t108 & 0x0000ffff | 0x80070000;
													__eflags = _t108;
												}
												if(__eflags >= 0) {
													_t108 = 0x80004005;
												}
												E008C38BA(_t80, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x43, _t108);
												_push(_a4);
												_push("Failed to MapViewOfFile for %ls.");
												goto L37;
											}
										} else {
											_t108 = GetLastError();
											__eflags = _t108;
											if(__eflags > 0) {
												_t108 = _t108 & 0x0000ffff | 0x80070000;
												__eflags = _t108;
											}
											if(__eflags >= 0) {
												_t108 = 0x80004005;
											}
											E008C38BA(_t83, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x3c, _t108);
											_push(_a4);
											_push("Failed to memory map cabinet file: %ls");
											goto L37;
										}
									} else {
										_t108 = GetLastError();
										__eflags = _t108;
										if(__eflags > 0) {
											_t108 = _t108 & 0x0000ffff | 0x80070000;
											__eflags = _t108;
										}
										if(__eflags >= 0) {
											_t108 = 0x80004005;
										}
										E008C38BA(_t85, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x34, _t108);
										_push(_v8);
										_push("Failed to create mutex: %ls");
										goto L37;
									}
								} else {
									_push("failed to allocate memory for mutex name");
									goto L40;
								}
							} else {
								_t108 = GetLastError();
								__eflags = _t108;
								if(__eflags > 0) {
									_t108 = _t108 & 0x0000ffff | 0x80070000;
									__eflags = _t108;
								}
								if(__eflags >= 0) {
									_t108 = 0x80004005;
								}
								E008C38BA(_t87, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x2d, _t108);
								_push(_v8);
								goto L16;
							}
						} else {
							_push("failed to allocate memory for event name");
							L40:
							_push(_t108);
							E008FFB09();
						}
					} else {
						_t108 = GetLastError();
						__eflags = _t108;
						if(__eflags > 0) {
							_t108 = _t108 & 0x0000ffff | 0x80070000;
							__eflags = _t108;
						}
						if(__eflags >= 0) {
							_t108 = 0x80004005;
						}
						E008C38BA(_t89, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x27, _t108);
						_push(_t94);
						L16:
						_push("Failed to create event: %ls");
						L37:
						_push(_t108);
						E008FFB09();
					}
					_pop(_t93);
				} else {
					_t108 = 0x8007000e;
					E008C38BA(_t47, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\netfxchainer.cpp", 0x24, 0x8007000e);
					_push("Failed to allocate memory for NetFxChainer struct.");
					_push(0x8007000e);
					E008FFB09();
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				if(_t103 != 0) {
					if(_t103[3] != 0) {
						ReleaseMutex(_t103[3]);
					}
					E008ECE2C(_t93, _t103, _t103);
				}
				return _t108;
			}
















                                                            0x008ecb5d
                                                            0x008ecb69
                                                            0x008ecb71
                                                            0x008ecb75
                                                            0x008ecb9b
                                                            0x008ecb9c
                                                            0x008ecba3
                                                            0x008ecba9
                                                            0x008ecbac
                                                            0x008ecbae
                                                            0x008ecbe8
                                                            0x008ecbef
                                                            0x008ecbf2
                                                            0x008ecbf4
                                                            0x008ecc08
                                                            0x008ecc0e
                                                            0x008ecc11
                                                            0x008ecc13
                                                            0x008ecc5c
                                                            0x008ecc5e
                                                            0x008ecc61
                                                            0x008ecc63
                                                            0x008ecc77
                                                            0x008ecc7d
                                                            0x008ecc80
                                                            0x008ecc82
                                                            0x008eccca
                                                            0x008eccd0
                                                            0x008eccd2
                                                            0x008eccd4
                                                            0x008ecd11
                                                            0x008ecd17
                                                            0x008ecd1a
                                                            0x008ecd1c
                                                            0x008ecd70
                                                            0x008ecd72
                                                            0x008ecd74
                                                            0x008ecd88
                                                            0x008ecd8f
                                                            0x008ecd94
                                                            0x008ecd9d
                                                            0x008ecda3
                                                            0x008ecda9
                                                            0x008ecdaf
                                                            0x008ecdb8
                                                            0x008ecdbe
                                                            0x008ecdc4
                                                            0x008ecdca
                                                            0x008ecdd4
                                                            0x008ecddd
                                                            0x008ecde6
                                                            0x008ecdef
                                                            0x008ecdf8
                                                            0x008ecdfa
                                                            0x008ecd76
                                                            0x008ecd76
                                                            0x00000000
                                                            0x008ecd76
                                                            0x008ecd1e
                                                            0x008ecd24
                                                            0x008ecd26
                                                            0x008ecd28
                                                            0x008ecd2d
                                                            0x008ecd33
                                                            0x008ecd33
                                                            0x008ecd35
                                                            0x008ecd37
                                                            0x008ecd37
                                                            0x008ecd44
                                                            0x008ecd49
                                                            0x008ecd4c
                                                            0x00000000
                                                            0x008ecd4c
                                                            0x008eccd6
                                                            0x008eccdc
                                                            0x008eccde
                                                            0x008ecce0
                                                            0x008ecce5
                                                            0x008ecceb
                                                            0x008ecceb
                                                            0x008ecced
                                                            0x008eccef
                                                            0x008eccef
                                                            0x008eccfc
                                                            0x008ecd01
                                                            0x008ecd04
                                                            0x00000000
                                                            0x008ecd04
                                                            0x008ecc84
                                                            0x008ecc8a
                                                            0x008ecc8c
                                                            0x008ecc8e
                                                            0x008ecc93
                                                            0x008ecc99
                                                            0x008ecc99
                                                            0x008ecc9b
                                                            0x008ecc9d
                                                            0x008ecc9d
                                                            0x008eccaa
                                                            0x008eccaf
                                                            0x008eccb2
                                                            0x00000000
                                                            0x008eccb2
                                                            0x008ecc65
                                                            0x008ecc65
                                                            0x00000000
                                                            0x008ecc65
                                                            0x008ecc15
                                                            0x008ecc1b
                                                            0x008ecc1d
                                                            0x008ecc1f
                                                            0x008ecc24
                                                            0x008ecc2a
                                                            0x008ecc2a
                                                            0x008ecc2c
                                                            0x008ecc2e
                                                            0x008ecc2e
                                                            0x008ecc3b
                                                            0x008ecc40
                                                            0x00000000
                                                            0x008ecc40
                                                            0x008ecbf6
                                                            0x008ecbf6
                                                            0x008ecd7b
                                                            0x008ecd7b
                                                            0x008ecd7c
                                                            0x008ecd82
                                                            0x008ecbb0
                                                            0x008ecbb6
                                                            0x008ecbb8
                                                            0x008ecbba
                                                            0x008ecbbf
                                                            0x008ecbc5
                                                            0x008ecbc5
                                                            0x008ecbc7
                                                            0x008ecbc9
                                                            0x008ecbc9
                                                            0x008ecbd6
                                                            0x008ecbdb
                                                            0x008ecc43
                                                            0x008ecc43
                                                            0x008ecd51
                                                            0x008ecd51
                                                            0x008ecd52
                                                            0x008ecd57
                                                            0x008ecdfc
                                                            0x008ecb77
                                                            0x008ecb77
                                                            0x008ecb84
                                                            0x008ecb89
                                                            0x008ecb8e
                                                            0x008ecb8f
                                                            0x008ecb95
                                                            0x008ece01
                                                            0x008ece06
                                                            0x008ece06
                                                            0x008ece0d
                                                            0x008ece13
                                                            0x008ece18
                                                            0x008ece18
                                                            0x008ece1f
                                                            0x008ece1f
                                                            0x008ece29

                                                            APIs
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,008ED228,?,?,?), ref: 008ECBA3
                                                            • GetLastError.KERNEL32(?,?,008ED228,?,?,?), ref: 008ECBB0
                                                            • ReleaseMutex.KERNEL32(?), ref: 008ECE18
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
                                                            • String ID: %ls_mutex$%ls_send$@Mqt$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$c:\agent\_work\66\s\src\burn\engine\netfxchainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                            • API String ID: 3944734951-3887124222
                                                            • Opcode ID: b7da0ed9483ad4ac1f166cc4b0b3d826dc4bbee4136b39e90a0b1bec76ba4059
                                                            • Instruction ID: 0e6e37b732fe833d4578cb2bae2807d1b71214832acecc09261008548f4a4c35
                                                            • Opcode Fuzzy Hash: b7da0ed9483ad4ac1f166cc4b0b3d826dc4bbee4136b39e90a0b1bec76ba4059
                                                            • Instruction Fuzzy Hash: 9F811172A4176ABFC3219B6A8C49F8A7EA4FF06724F114134FD08EB241E635DD41C6E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CE9FC Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E008CE9FC(void* __edi, intOrPtr _a4, int _a8) {
				signed int _v8;
				int _v12;
				void* _v16;
				void* _v20;
				char _v24;
				intOrPtr* _t82;
				intOrPtr _t108;
				intOrPtr* _t125;
				intOrPtr* _t126;
				intOrPtr _t141;
				intOrPtr _t143;

				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v8 = 0;
				_v24 = 0;
				_t143 = E00903183(_a8, L"RelatedBundle",  &_v16);
				if(_t143 >= 0) {
					_t82 = _v16;
					_t124 =  *_t82;
					_t143 =  *((intOrPtr*)( *_t82 + 0x20))(_t82,  &_v24);
					__eflags = _t143;
					if(_t143 >= 0) {
						_a8 = 0;
						__eflags = _v24;
						if(_v24 > 0) {
							_t141 = _a4;
							while(1) {
								_t143 = E009030E2(_t124, _v16,  &_v20, 0);
								__eflags = _t143;
								if(_t143 < 0) {
									break;
								}
								_t143 = E00902B5D(_v20, L"Action",  &_v12);
								__eflags = _t143;
								if(_t143 < 0) {
									_push("Failed to get @Action.");
									goto L32;
								} else {
									_t143 = E00902B5D(_v20, L"Id",  &_v8);
									__eflags = _t143;
									if(_t143 < 0) {
										_push("Failed to get @Id.");
										goto L32;
									} else {
										__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Detect", 0xffffffff) - 2;
										if(__eflags != 0) {
											__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Upgrade", 0xffffffff) - 2;
											if(__eflags != 0) {
												__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Addon", 0xffffffff) - 2;
												if(__eflags != 0) {
													__eflags = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"Patch", 0xffffffff) - 2;
													if(__eflags != 0) {
														_t143 = 0x80070057;
														E008FFB09(0x80070057, "Invalid value for @Action: %ls", _v12);
													} else {
														_t143 = E008C3A01(_t141 + 0x30, __eflags, _t141 + 0x30,  *(_t141 + 0x34) + 1, 4, 5);
														__eflags = _t143;
														if(_t143 < 0) {
															_push("Failed to resize Patch code array in registration");
															goto L32;
														} else {
															_t124 =  *((intOrPtr*)(_t141 + 0x30));
															 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x30)) +  *(_t141 + 0x34) * 4)) = _v8;
															_v8 = _v8 & 0x00000000;
															_t66 = _t141 + 0x34;
															 *_t66 =  *(_t141 + 0x34) + 1;
															__eflags =  *_t66;
															goto L22;
														}
													}
												} else {
													_t143 = E008C3A01(_t141 + 0x28, __eflags, _t141 + 0x28,  *(_t141 + 0x2c) + 1, 4, 5);
													__eflags = _t143;
													if(_t143 < 0) {
														_push("Failed to resize Addon code array in registration");
														goto L32;
													} else {
														_t124 =  *((intOrPtr*)(_t141 + 0x28));
														 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x28)) +  *(_t141 + 0x2c) * 4)) = _v8;
														_v8 = _v8 & 0x00000000;
														 *(_t141 + 0x2c) =  *(_t141 + 0x2c) + 1;
														goto L22;
													}
												}
											} else {
												_t143 = E008C3A01(_t141 + 0x20, __eflags, _t141 + 0x20,  *(_t141 + 0x24) + 1, 4, 5);
												__eflags = _t143;
												if(_t143 < 0) {
													_push("Failed to resize Upgrade code array in registration");
													goto L32;
												} else {
													_t124 =  *((intOrPtr*)(_t141 + 0x20));
													 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x20)) +  *(_t141 + 0x24) * 4)) = _v8;
													_v8 = _v8 & 0x00000000;
													 *(_t141 + 0x24) =  *(_t141 + 0x24) + 1;
													goto L22;
												}
											}
										} else {
											_t143 = E008C3A01(_t141 + 0x18, __eflags, _t141 + 0x18,  *(_t141 + 0x1c) + 1, 4, 5);
											__eflags = _t143;
											if(_t143 < 0) {
												_push("Failed to resize Detect code array in registration");
												L32:
												_push(_t143);
												E008FFB09();
											} else {
												_t124 =  *((intOrPtr*)(_t141 + 0x18));
												 *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x18)) +  *(_t141 + 0x1c) * 4)) = _v8;
												_v8 = _v8 & 0x00000000;
												 *(_t141 + 0x1c) =  *(_t141 + 0x1c) + 1;
												L22:
												_t108 = _a8 + 1;
												_a8 = _t108;
												__eflags = _t108 - _v24;
												if(_t108 < _v24) {
													continue;
												} else {
												}
											}
										}
									}
								}
								goto L34;
							}
							_push("Failed to get next RelatedBundle element.");
							goto L32;
						}
					} else {
						_push("Failed to get RelatedBundle element count.");
						goto L2;
					}
				} else {
					_push("Failed to get RelatedBundle nodes");
					L2:
					_push(_t143);
					E008FFB09();
				}
				L34:
				_t125 = _v16;
				if(_t125 != 0) {
					 *((intOrPtr*)( *_t125 + 8))(_t125);
				}
				_t126 = _v20;
				if(_t126 != 0) {
					 *((intOrPtr*)( *_t126 + 8))(_t126);
				}
				if(_v12 != 0) {
					E008C2762(_v12);
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				return _t143;
			}














                                                            0x008cea12
                                                            0x008cea15
                                                            0x008cea18
                                                            0x008cea1b
                                                            0x008cea1e
                                                            0x008cea26
                                                            0x008cea2a
                                                            0x008cea3e
                                                            0x008cea46
                                                            0x008cea4b
                                                            0x008cea4d
                                                            0x008cea4f
                                                            0x008cea58
                                                            0x008cea5b
                                                            0x008cea5e
                                                            0x008cea6b
                                                            0x008cea6e
                                                            0x008cea7c
                                                            0x008cea7e
                                                            0x008cea80
                                                            0x00000000
                                                            0x00000000
                                                            0x008cea97
                                                            0x008cea99
                                                            0x008cea9b
                                                            0x008cec23
                                                            0x00000000
                                                            0x008ceaa1
                                                            0x008ceab2
                                                            0x008ceab4
                                                            0x008ceab6
                                                            0x008cec1c
                                                            0x00000000
                                                            0x008ceabc
                                                            0x008ceacf
                                                            0x008cead2
                                                            0x008ceb19
                                                            0x008ceb1c
                                                            0x008ceb63
                                                            0x008ceb66
                                                            0x008ceba6
                                                            0x008ceba9
                                                            0x008cec07
                                                            0x008cec12
                                                            0x008cebab
                                                            0x008cebbd
                                                            0x008cebbf
                                                            0x008cebc1
                                                            0x008cebfd
                                                            0x00000000
                                                            0x008cebc3
                                                            0x008cebc6
                                                            0x008cebcc
                                                            0x008cebcf
                                                            0x008cebd3
                                                            0x008cebd3
                                                            0x008cebd3
                                                            0x00000000
                                                            0x008cebd3
                                                            0x008cebc1
                                                            0x008ceb68
                                                            0x008ceb7a
                                                            0x008ceb7c
                                                            0x008ceb7e
                                                            0x008cebf6
                                                            0x00000000
                                                            0x008ceb80
                                                            0x008ceb83
                                                            0x008ceb89
                                                            0x008ceb8c
                                                            0x008ceb90
                                                            0x00000000
                                                            0x008ceb90
                                                            0x008ceb7e
                                                            0x008ceb1e
                                                            0x008ceb30
                                                            0x008ceb32
                                                            0x008ceb34
                                                            0x008cebef
                                                            0x00000000
                                                            0x008ceb3a
                                                            0x008ceb3d
                                                            0x008ceb43
                                                            0x008ceb46
                                                            0x008ceb4a
                                                            0x00000000
                                                            0x008ceb4a
                                                            0x008ceb34
                                                            0x008cead4
                                                            0x008ceae6
                                                            0x008ceae8
                                                            0x008ceaea
                                                            0x008cebe8
                                                            0x008cec2f
                                                            0x008cec2f
                                                            0x008cec30
                                                            0x008ceaf0
                                                            0x008ceaf3
                                                            0x008ceaf9
                                                            0x008ceafc
                                                            0x008ceb00
                                                            0x008cebd6
                                                            0x008cebd9
                                                            0x008cebda
                                                            0x008cebdd
                                                            0x008cebe0
                                                            0x00000000
                                                            0x00000000
                                                            0x008cebe6
                                                            0x008cebe0
                                                            0x008ceaea
                                                            0x008cead2
                                                            0x008ceab6
                                                            0x00000000
                                                            0x008cec37
                                                            0x008cec2a
                                                            0x00000000
                                                            0x008cec2a
                                                            0x008cea51
                                                            0x008cea51
                                                            0x00000000
                                                            0x008cea51
                                                            0x008cea2c
                                                            0x008cea2c
                                                            0x008cea31
                                                            0x008cea31
                                                            0x008cea32
                                                            0x008cea38
                                                            0x008cec38
                                                            0x008cec38
                                                            0x008cec3d
                                                            0x008cec42
                                                            0x008cec42
                                                            0x008cec45
                                                            0x008cec4a
                                                            0x008cec4f
                                                            0x008cec4f
                                                            0x008cec56
                                                            0x008cec5b
                                                            0x008cec5b
                                                            0x008cec64
                                                            0x008cec69
                                                            0x008cec69
                                                            0x008cec73

                                                            APIs
                                                              • Part of subcall function 00902B5D: VariantInit.OLEAUT32(?), ref: 00902B73
                                                              • Part of subcall function 00902B5D: SysAllocString.OLEAUT32(?), ref: 00902B8F
                                                              • Part of subcall function 00902B5D: VariantClear.OLEAUT32(?), ref: 00902C16
                                                              • Part of subcall function 00902B5D: SysFreeString.OLEAUT32(00000000), ref: 00902C21
                                                            • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,Detect,000000FF,?,0090BB64,?,?,Action,?,?,?,00000000,008C5482), ref: 008CEACD
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF), ref: 008CEB17
                                                            Strings
                                                            • Failed to get @Action., xrefs: 008CEC23
                                                            • cabinet.dll, xrefs: 008CEB74
                                                            • version.dll, xrefs: 008CEB2A
                                                            • comres.dll, xrefs: 008CEAE0
                                                            • Failed to get RelatedBundle nodes, xrefs: 008CEA2C
                                                            • Patch, xrefs: 008CEB97
                                                            • Addon, xrefs: 008CEB54
                                                            • Failed to resize Detect code array in registration, xrefs: 008CEBE8
                                                            • Failed to get next RelatedBundle element., xrefs: 008CEC2A
                                                            • Action, xrefs: 008CEA8A
                                                            • Failed to get RelatedBundle element count., xrefs: 008CEA51
                                                            • Detect, xrefs: 008CEABE
                                                            • Failed to resize Addon code array in registration, xrefs: 008CEBF6
                                                            • RelatedBundle, xrefs: 008CEA0A
                                                            • Failed to resize Upgrade code array in registration, xrefs: 008CEBEF
                                                            • Upgrade, xrefs: 008CEB0A
                                                            • Failed to get @Id., xrefs: 008CEC1C
                                                            • Failed to resize Patch code array in registration, xrefs: 008CEBFD
                                                            • Invalid value for @Action: %ls, xrefs: 008CEC0C
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$CompareVariant$AllocClearFreeInit
                                                            • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$cabinet.dll$comres.dll$version.dll
                                                            • API String ID: 702752599-259800149
                                                            • Opcode ID: 7ffccd1355e06648e75500574a4597c5952f0fccfe63e385b1d32704b5438d04
                                                            • Instruction ID: f7d7b4d7c5fd590493e39b38385f58b1955666c7cfb6c704c760e97f290457ff
                                                            • Opcode Fuzzy Hash: 7ffccd1355e06648e75500574a4597c5952f0fccfe63e385b1d32704b5438d04
                                                            • Instruction Fuzzy Hash: EC715B71A4562ABBCB109E54C981FAEB7B4FB05728F204258EA21F7681D770EE51CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D85B1 Relevance: 37.0, APIs: 9, Strings: 12, Instructions: 208fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E008D85B1(void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v20;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				signed short _t37;
				signed short _t39;
				signed short _t41;
				signed short _t48;
				intOrPtr _t62;
				WCHAR* _t63;
				void* _t69;
				void* _t71;
				signed short _t73;
				signed int _t79;
				signed short _t86;

				_t69 = __edx;
				_t25 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t25 ^ _t79;
				_t63 = _a12;
				_t62 = _a16;
				_t72 = _a4;
				_v28 = _a8;
				_v32 = _a4;
				asm("stosd");
				asm("stosd");
				_v24 = _t63;
				asm("stosd");
				_t71 = CreateFileW(_t63, 0x40000000, 5, 0, 2, 0x8000080, 0);
				if(_t71 != 0xffffffff) {
					_t73 = E0090412E(_t63, _t72, 0, 0, 0, 0);
					__eflags = _t73;
					if(_t73 >= 0) {
						_t73 = E00903709(_t69, _v32, _t71,  *((intOrPtr*)(_t62 + 0xc)), 0, 0);
						__eflags = _t73;
						if(_t73 >= 0) {
							__eflags =  *(_t62 + 0x28);
							if( *(_t62 + 0x28) != 0) {
								_push(0);
								_t37 = SetFilePointerEx(_t71,  *(_t62 + 0x18), 0, 0);
								__eflags = _t37;
								if(_t37 != 0) {
									_t39 = E00904650(0, _t71, _t62 + 0x24, 4);
									__eflags = _t39;
									if(_t39 >= 0) {
										_push(0);
										_t41 = SetFilePointerEx(_t71,  *(_t62 + 0x1c), 0, 0);
										__eflags = _t41;
										if(_t41 != 0) {
											_t73 = E00904650(0, _t71, _t62 + 0x28, 4);
											__eflags = _t73;
											if(_t73 < 0) {
												goto L18;
											} else {
												_t73 = E00904650(0, _t71, _t62 + 0x2c, 4);
												__eflags = _t73;
												if(_t73 < 0) {
													goto L18;
												} else {
													_push(0);
													_t48 = SetFilePointerEx(_t71,  *(_t62 + 0x20), 0, 0);
													__eflags = _t48;
													if(_t48 != 0) {
														_t73 = E00904650(0, _t71,  &_v20, 0xc);
														__eflags = _t73;
														if(_t73 < 0) {
															_push("Failed to zero out original data offset.");
															goto L35;
														}
													} else {
														_t73 = GetLastError();
														__eflags = _t73;
														if(__eflags > 0) {
															_t73 = _t73 & 0x0000ffff | 0x80070000;
															__eflags = _t73;
														}
														if(__eflags >= 0) {
															_t73 = 0x80004005;
														}
														E008C38BA(_t51, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x6d6, _t73);
														_push("Failed to seek to original data in exe burn section header.");
														goto L35;
													}
												}
											}
										} else {
											_t73 = GetLastError();
											__eflags = _t73;
											if(__eflags > 0) {
												_t73 = _t73 & 0x0000ffff | 0x80070000;
												__eflags = _t73;
											}
											if(__eflags >= 0) {
												_t73 = 0x80004005;
											}
											E008C38BA(_t53, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x6c9, _t73);
											_push("Failed to seek to signature table in exe header.");
											goto L35;
										}
									} else {
										L18:
										_push("Failed to update signature offset.");
										goto L35;
									}
								} else {
									_t73 = GetLastError();
									__eflags = _t73;
									if(__eflags > 0) {
										_t73 = _t73 & 0x0000ffff | 0x80070000;
										__eflags = _t73;
									}
									if(__eflags >= 0) {
										_t73 = 0x80004005;
									}
									E008C38BA(_t55, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x6bf, _t73);
									_push("Failed to seek to checksum in exe header.");
									L35:
									_push(_t73);
									E008FFB09();
								}
							}
						} else {
							_push(_v24);
							E008FFB09(_t73, "Failed to copy engine from: %ls to: %ls", _v28);
						}
					} else {
						E008FFB09(_t73, "Failed to seek to beginning of engine file: %ls", _v28);
					}
					CloseHandle(_t71);
				} else {
					_t73 = GetLastError();
					if(_t73 > 0) {
						_t86 = _t73;
					}
					if(_t86 >= 0) {
						_t73 = 0x80004005;
					}
					E008C38BA(_t59, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x6af, _t73);
					E008FFB09(_t73, "Failed to create engine file at path: %ls", _v24);
				}
				return E008EDD1F(_t62, _v8 ^ _t79, _t69, _t71, _t73);
			}























                                                            0x008d85b1
                                                            0x008d85b7
                                                            0x008d85be
                                                            0x008d85c4
                                                            0x008d85c8
                                                            0x008d85cc
                                                            0x008d85d2
                                                            0x008d85df
                                                            0x008d85e4
                                                            0x008d85ee
                                                            0x008d85f0
                                                            0x008d85f3
                                                            0x008d85fa
                                                            0x008d85ff
                                                            0x008d8651
                                                            0x008d8653
                                                            0x008d8655
                                                            0x008d867d
                                                            0x008d867f
                                                            0x008d8681
                                                            0x008d869e
                                                            0x008d86a1
                                                            0x008d86a7
                                                            0x008d86ae
                                                            0x008d86b4
                                                            0x008d86b6
                                                            0x008d86f7
                                                            0x008d86fe
                                                            0x008d8700
                                                            0x008d870e
                                                            0x008d8715
                                                            0x008d871b
                                                            0x008d871d
                                                            0x008d8763
                                                            0x008d8765
                                                            0x008d8767
                                                            0x00000000
                                                            0x008d8769
                                                            0x008d8775
                                                            0x008d8777
                                                            0x008d8779
                                                            0x00000000
                                                            0x008d877b
                                                            0x008d877d
                                                            0x008d8784
                                                            0x008d878a
                                                            0x008d878c
                                                            0x008d87cf
                                                            0x008d87d1
                                                            0x008d87d3
                                                            0x008d87d5
                                                            0x00000000
                                                            0x008d87d5
                                                            0x008d878e
                                                            0x008d8794
                                                            0x008d8796
                                                            0x008d8798
                                                            0x008d879d
                                                            0x008d87a3
                                                            0x008d87a3
                                                            0x008d87a5
                                                            0x008d87a7
                                                            0x008d87a7
                                                            0x008d87b7
                                                            0x008d87bc
                                                            0x00000000
                                                            0x008d87bc
                                                            0x008d878c
                                                            0x008d8779
                                                            0x008d871f
                                                            0x008d8725
                                                            0x008d8727
                                                            0x008d8729
                                                            0x008d872e
                                                            0x008d8734
                                                            0x008d8734
                                                            0x008d8736
                                                            0x008d8738
                                                            0x008d8738
                                                            0x008d8748
                                                            0x008d874d
                                                            0x00000000
                                                            0x008d874d
                                                            0x008d8702
                                                            0x008d8702
                                                            0x008d8702
                                                            0x00000000
                                                            0x008d8702
                                                            0x008d86b8
                                                            0x008d86be
                                                            0x008d86c0
                                                            0x008d86c2
                                                            0x008d86c7
                                                            0x008d86cd
                                                            0x008d86cd
                                                            0x008d86cf
                                                            0x008d86d1
                                                            0x008d86d1
                                                            0x008d86e1
                                                            0x008d86e6
                                                            0x008d87da
                                                            0x008d87da
                                                            0x008d87db
                                                            0x008d87e1
                                                            0x008d86b6
                                                            0x008d8683
                                                            0x008d8683
                                                            0x008d868f
                                                            0x008d8694
                                                            0x008d8657
                                                            0x008d8660
                                                            0x008d8665
                                                            0x008d87e3
                                                            0x008d8601
                                                            0x008d8607
                                                            0x008d860b
                                                            0x008d8616
                                                            0x008d8616
                                                            0x008d8618
                                                            0x008d861a
                                                            0x008d861a
                                                            0x008d862a
                                                            0x008d8638
                                                            0x008d863d
                                                            0x008d87f9

                                                            APIs
                                                            • CreateFileW.KERNEL32(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,008C4DFD,?,?,00000000,008C4DFD,00000000), ref: 008D85F4
                                                            • GetLastError.KERNEL32 ref: 008D8601
                                                              • Part of subcall function 00903709: ReadFile.KERNEL32(?,?,00000000,?,00000000), ref: 0090379F
                                                            • SetFilePointerEx.KERNEL32(00000000,0090A4B8,00000000,00000000,00000000,?,00000000,0090A500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008D86AE
                                                            • GetLastError.KERNEL32 ref: 008D86B8
                                                            • CloseHandle.KERNEL32(00000000,?,00000000,0090A500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008D87E3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: File$ErrorLast$CloseCreateHandlePointerRead
                                                            • String ID: @Mqt$Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$c:\agent\_work\66\s\src\burn\engine\cache.cpp$cabinet.dll$msi.dll
                                                            • API String ID: 3456208997-753767185
                                                            • Opcode ID: 10321b321e34219d0ebc017788daeac931e2fe258d9954d77bb03de4d51a20f8
                                                            • Instruction ID: 10ced251c753b3507c5dae20bc28bd1b56c415481bcd058dfeea26cde621bdc0
                                                            • Opcode Fuzzy Hash: 10321b321e34219d0ebc017788daeac931e2fe258d9954d77bb03de4d51a20f8
                                                            • Instruction Fuzzy Hash: 6251C772E4062AFBE7115A648C46FBF6668FB45B20F120215FF10FB381EA65DC0056E2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E2596 Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 144COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E008E2596(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __ebx;
				int _t39;
				signed int _t48;
				intOrPtr _t50;
				void* _t57;
				void* _t58;
				void* _t59;

				_t45 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t43 = _a4;
				_t50 = _a8;
				if(E00902B5D(_a4, L"DetectCondition", _t50 + 0x90) >= 0) {
					if(E00902B5D(_t43, L"InstallArguments", _t50 + 0x94) >= 0) {
						if(E00902B5D(_t43, L"UninstallArguments", _t50 + 0x9c) >= 0) {
							if(E00902B5D(_t43, L"RepairArguments", _t50 + 0x98) >= 0) {
								_t57 = E00902D69(_t45, _t43, L"Repairable", _t50 + 0xac);
								if(_t57 == 0x80070490 || _t57 >= 0) {
									_t58 = E00902B5D(_t43, L"Protocol",  &_v8);
									if(_t58 < 0) {
										if(_t58 == 0x80070490) {
											goto L14;
										} else {
											_push("Failed to get @Protocol.");
											goto L25;
										}
									} else {
										if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"burn", 0xffffffff) != 2) {
											_t39 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"netfx4", 0xffffffff);
											_t48 = 2;
											if(_t39 != _t48) {
												if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"none", 0xffffffff) != 2) {
													_t59 = 0x8000ffff;
													E008FFB09(0x8000ffff, "Invalid protocol type: %ls", _v8);
												} else {
													 *(_t50 + 0xb0) =  *(_t50 + 0xb0) & 0x00000000;
													goto L14;
												}
											} else {
												 *(_t50 + 0xb0) = _t48;
												goto L14;
											}
										} else {
											 *(_t50 + 0xb0) = 1;
											L14:
											_t59 = E008E1951(_t43, _t43, _t50);
											if(_t59 >= 0) {
												_t59 = E008E17A7(_t43, _t50);
												if(_t59 < 0) {
													_push("Failed to parse command lines.");
													goto L25;
												}
											} else {
												_push("Failed to parse exit codes.");
												goto L25;
											}
										}
									}
								} else {
									_push("Failed to get @Repairable.");
									goto L25;
								}
							} else {
								_push("Failed to get @RepairArguments.");
								goto L25;
							}
						} else {
							_push("Failed to get @UninstallArguments.");
							goto L25;
						}
					} else {
						_push("Failed to get @InstallArguments.");
						goto L25;
					}
				} else {
					_push("Failed to get @DetectCondition.");
					L25:
					_push(_t59);
					E008FFB09();
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				return _t59;
			}











                                                            0x008e2596
                                                            0x008e2599
                                                            0x008e259a
                                                            0x008e259f
                                                            0x008e25a4
                                                            0x008e25bd
                                                            0x008e25df
                                                            0x008e2601
                                                            0x008e2623
                                                            0x008e2641
                                                            0x008e2649
                                                            0x008e2668
                                                            0x008e266c
                                                            0x008e270c
                                                            0x00000000
                                                            0x008e270e
                                                            0x008e270e
                                                            0x00000000
                                                            0x008e270e
                                                            0x008e2672
                                                            0x008e268d
                                                            0x008e26bd
                                                            0x008e26c1
                                                            0x008e26c4
                                                            0x008e26e3
                                                            0x008e26f1
                                                            0x008e26fc
                                                            0x008e26e5
                                                            0x008e26e5
                                                            0x00000000
                                                            0x008e26e5
                                                            0x008e26c6
                                                            0x008e26c6
                                                            0x00000000
                                                            0x008e26c6
                                                            0x008e268f
                                                            0x008e268f
                                                            0x008e2699
                                                            0x008e26a0
                                                            0x008e26a4
                                                            0x008e271c
                                                            0x008e2720
                                                            0x008e2722
                                                            0x00000000
                                                            0x008e2722
                                                            0x008e26a6
                                                            0x008e26a6
                                                            0x00000000
                                                            0x008e26a6
                                                            0x008e26a4
                                                            0x008e268d
                                                            0x008e264f
                                                            0x008e264f
                                                            0x00000000
                                                            0x008e264f
                                                            0x008e2625
                                                            0x008e2625
                                                            0x00000000
                                                            0x008e2625
                                                            0x008e2603
                                                            0x008e2603
                                                            0x00000000
                                                            0x008e2603
                                                            0x008e25e1
                                                            0x008e25e1
                                                            0x00000000
                                                            0x008e25e1
                                                            0x008e25bf
                                                            0x008e25bf
                                                            0x008e2727
                                                            0x008e2727
                                                            0x008e2728
                                                            0x008e272e
                                                            0x008e2733
                                                            0x008e2738
                                                            0x008e2738
                                                            0x008e2743

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: StringVariant$AllocClearFreeInit
                                                            • String ID: DetectCondition$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$UninstallArguments$burn$netfx4$none
                                                            • API String ID: 760788290-1911311241
                                                            • Opcode ID: 03a2a3f40c9b42531aec9a50063343c7ea439f93ea03447d57006461c8e0e151
                                                            • Instruction ID: 88d1644bb9be33212c0aea5918a6990f23ba95bc2574c5f2736cf23aba06bedf
                                                            • Opcode Fuzzy Hash: 03a2a3f40c9b42531aec9a50063343c7ea439f93ea03447d57006461c8e0e151
                                                            • Instruction Fuzzy Hash: 1F415672B863ABBAC71256258D46FAA765CFB53B38F200311F934FB2D2C7649C4042D2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E1951 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 211COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 64%
                                                            			E008E1951(void* __ebx, int _a4, intOrPtr _a8) {
				int _v8;
				void* _v12;
				int _v16;
				void* _v20;
				int _v24;
				intOrPtr* _t50;
				intOrPtr _t60;
				int _t61;
				int _t68;
				void* _t74;
				intOrPtr _t78;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr* _t94;
				int _t98;
				int _t100;
				intOrPtr* _t102;
				intOrPtr _t103;

				_t100 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_t103 = E00903183(_a4, L"ExitCode",  &_v20);
				if(_t103 >= 0) {
					_t50 = _v20;
					_t103 =  *((intOrPtr*)( *_t50 + 0x20))(_t50,  &_v16);
					if(_t103 >= 0) {
						_t52 = _v16;
						if(_v16 == 0) {
							L35:
							_t103 = _t100;
						} else {
							_t60 = E008C39DF(_t52 * 0xc, 1);
							_t89 = _a8;
							 *((intOrPtr*)(_t89 + 0xb8)) = _t60;
							if(_t60 != 0) {
								_t61 = _v16;
								 *((intOrPtr*)(_t89 + 0xbc)) = _t61;
								_a4 = 0;
								if(_t61 == 0) {
									goto L35;
								} else {
									_t98 = 0;
									_v24 = 0;
									while(1) {
										_t102 =  *((intOrPtr*)(_t89 + 0xb8)) + _t98;
										_t103 = E009030E2(_t89, _v20,  &_v12, 0);
										if(_t103 < 0) {
											break;
										}
										_t103 = E00902B5D(_v12, L"Type",  &_v8);
										if(_t103 < 0) {
											_push("Failed to get @Type.");
											goto L34;
										} else {
											if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"success", 0xffffffff) != 2) {
												_t68 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"error", 0xffffffff);
												_t92 = 2;
												if(_t68 != _t92) {
													if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"scheduleReboot", 0xffffffff) != 2) {
														if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"forceReboot", 0xffffffff) != 2) {
															_push(_v8);
															_t103 = 0x8000ffff;
															_push("Invalid exit code type: %ls");
															goto L31;
														} else {
															 *_t102 = 4;
															goto L20;
														}
													} else {
														 *_t102 = 3;
														goto L20;
													}
												} else {
													 *_t102 = _t92;
													goto L20;
												}
											} else {
												 *_t102 = 1;
												L20:
												_t103 = E00902B5D(_v12, L"Code",  &_v8);
												if(_t103 < 0) {
													_push("Failed to get @Code.");
													goto L34;
												} else {
													_t93 = _v8;
													_t74 = 0x2a;
													if(_t74 !=  *_v8) {
														_t100 = 0;
														_t103 = E008C2ABF(_t93, _t93, 0, _t102 + 4);
														if(_t103 < 0) {
															_push(_v8);
															_push("Failed to parse @Code value: %ls");
															L31:
															_push(_t103);
															E008FFB09();
														} else {
															goto L24;
														}
													} else {
														 *((intOrPtr*)(_t102 + 8)) = 1;
														_t100 = 0;
														L24:
														_t94 = _v12;
														if(_t94 != 0) {
															 *((intOrPtr*)( *_t94 + 8))(_t94);
															_v12 = _t100;
														}
														_t78 = _a4 + 1;
														_t98 = _v24 + 0xc;
														_a4 = _t78;
														_v24 = _t98;
														if(_t78 >= _v16) {
															goto L35;
														} else {
															_t89 = _a8;
															continue;
														}
													}
												}
											}
										}
										goto L36;
									}
									_push("Failed to get next node.");
									goto L34;
								}
							} else {
								_t103 = 0x8007000e;
								E008C38BA(_t60, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\exeengine.cpp", 0x272, 0x8007000e);
								_push("Failed to allocate memory for exit code structs.");
								L34:
								_push(_t103);
								E008FFB09();
							}
						}
						L36:
					} else {
						_push("Failed to get exit code node count.");
						goto L2;
					}
				} else {
					_push("Failed to select exit code nodes.");
					L2:
					_push(_t103);
					E008FFB09();
				}
				_t87 = _v20;
				if(_t87 != 0) {
					 *((intOrPtr*)( *_t87 + 8))(_t87);
				}
				_t88 = _v12;
				if(_t88 != 0) {
					 *((intOrPtr*)( *_t88 + 8))(_t88);
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				return _t103;
			}























                                                            0x008e195c
                                                            0x008e1967
                                                            0x008e196a
                                                            0x008e196d
                                                            0x008e1970
                                                            0x008e1978
                                                            0x008e197c
                                                            0x008e1990
                                                            0x008e199d
                                                            0x008e19a1
                                                            0x008e19aa
                                                            0x008e19b0
                                                            0x008e1b6d
                                                            0x008e1b6d
                                                            0x008e19b6
                                                            0x008e19bc
                                                            0x008e19c1
                                                            0x008e19c4
                                                            0x008e19cc
                                                            0x008e19ed
                                                            0x008e19f0
                                                            0x008e19f6
                                                            0x008e19fb
                                                            0x00000000
                                                            0x008e1a01
                                                            0x008e1a07
                                                            0x008e1a09
                                                            0x008e1a0c
                                                            0x008e1a1b
                                                            0x008e1a22
                                                            0x008e1a26
                                                            0x00000000
                                                            0x00000000
                                                            0x008e1a3d
                                                            0x008e1a41
                                                            0x008e1b57
                                                            0x00000000
                                                            0x008e1a47
                                                            0x008e1a5d
                                                            0x008e1a76
                                                            0x008e1a7a
                                                            0x008e1a7d
                                                            0x008e1a97
                                                            0x008e1ab5
                                                            0x008e1b3f
                                                            0x008e1b42
                                                            0x008e1b47
                                                            0x00000000
                                                            0x008e1abb
                                                            0x008e1abb
                                                            0x00000000
                                                            0x008e1abb
                                                            0x008e1a99
                                                            0x008e1a99
                                                            0x00000000
                                                            0x008e1a99
                                                            0x008e1a7f
                                                            0x008e1a7f
                                                            0x00000000
                                                            0x008e1a7f
                                                            0x008e1a5f
                                                            0x008e1a5f
                                                            0x008e1ac1
                                                            0x008e1ad2
                                                            0x008e1ad6
                                                            0x008e1b38
                                                            0x00000000
                                                            0x008e1ad8
                                                            0x008e1ad8
                                                            0x008e1add
                                                            0x008e1ae1
                                                            0x008e1af1
                                                            0x008e1afb
                                                            0x008e1aff
                                                            0x008e1b2e
                                                            0x008e1b31
                                                            0x008e1b4c
                                                            0x008e1b4c
                                                            0x008e1b4d
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e1ae3
                                                            0x008e1ae3
                                                            0x008e1aea
                                                            0x008e1b01
                                                            0x008e1b01
                                                            0x008e1b06
                                                            0x008e1b0b
                                                            0x008e1b0e
                                                            0x008e1b0e
                                                            0x008e1b17
                                                            0x008e1b18
                                                            0x008e1b1b
                                                            0x008e1b1e
                                                            0x008e1b24
                                                            0x00000000
                                                            0x008e1b26
                                                            0x008e1b26
                                                            0x00000000
                                                            0x008e1b26
                                                            0x008e1b24
                                                            0x008e1ae1
                                                            0x008e1ad6
                                                            0x008e1a5d
                                                            0x00000000
                                                            0x008e1a41
                                                            0x008e1b5e
                                                            0x00000000
                                                            0x008e1b5e
                                                            0x008e19ce
                                                            0x008e19ce
                                                            0x008e19de
                                                            0x008e19e3
                                                            0x008e1b63
                                                            0x008e1b63
                                                            0x008e1b64
                                                            0x008e1b6a
                                                            0x008e19cc
                                                            0x008e1b6f
                                                            0x008e19a3
                                                            0x008e19a3
                                                            0x00000000
                                                            0x008e19a3
                                                            0x008e197e
                                                            0x008e197e
                                                            0x008e1983
                                                            0x008e1983
                                                            0x008e1984
                                                            0x008e198a
                                                            0x008e1b70
                                                            0x008e1b75
                                                            0x008e1b7a
                                                            0x008e1b7a
                                                            0x008e1b7d
                                                            0x008e1b82
                                                            0x008e1b87
                                                            0x008e1b87
                                                            0x008e1b8e
                                                            0x008e1b93
                                                            0x008e1b93
                                                            0x008e1b9d

                                                            APIs
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,success,000000FF,?,Type,00000000,?,?,00000000,?,00000001,?), ref: 008E1A58
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,error,000000FF), ref: 008E1A76
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareHeapString$AllocateProcess
                                                            • String ID: Code$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @Type.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$Invalid exit code type: %ls$Type$c:\agent\_work\66\s\src\burn\engine\exeengine.cpp$error$forceReboot$scheduleReboot$success
                                                            • API String ID: 2664528157-2974551199
                                                            • Opcode ID: 7e2bf00c1d56355c651d5507c7c48ed92a15a52be6f84561bab70298e06966aa
                                                            • Instruction ID: 922a7fd5f62eb582075dfb4e79edbfe26da1965c5f416e648473e644365a8718
                                                            • Opcode Fuzzy Hash: 7e2bf00c1d56355c651d5507c7c48ed92a15a52be6f84561bab70298e06966aa
                                                            • Instruction Fuzzy Hash: 4861E031A4522ABBCF109B55CC49EAEBBA5FF82734F204265F424EB2D1DB709E40D781
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 009078F7 Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 308COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E009078F7(intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t100;
				int _t101;
				signed int _t103;
				short** _t110;
				int _t111;
				signed int _t113;
				signed int _t122;
				int _t131;
				int _t132;
				int _t133;
				signed int _t142;
				int _t143;
				int _t145;
				int _t148;
				signed int _t156;
				int _t157;
				intOrPtr* _t162;
				signed int _t163;
				signed int _t170;
				short** _t173;
				intOrPtr _t174;
				signed int _t175;

				_t162 = _a12;
				_t170 = 0;
				_t100 = 0;
				_v8 = 0;
				_t173 =  *(_a4 + 0x3c);
				while(_t173 != 0) {
					_t101 = CompareStringW(0x7f, 0,  *_t173, 0xffffffff, L"http://appsyndication.org/2006/appsyn", 0xffffffff);
					__eflags = _t101 - 2;
					if(_t101 != 2) {
						L9:
						_t100 = _v8;
						L10:
						_t173 = _t173[4];
						continue;
					}
					_t131 = CompareStringW(0x7f, 0, _t173[1], 0xffffffff, L"application", 0xffffffff);
					__eflags = _t131 - 2;
					if(_t131 != 2) {
						_t132 = CompareStringW(0x7f, 0, _t173[1], 0xffffffff, L"upgrade", 0xffffffff);
						__eflags = _t132 - 2;
						if(_t132 != 2) {
							_t133 = CompareStringW(0x7f, 0, _t173[1], 0xffffffff, L"version", 0xffffffff);
							__eflags = _t133 - 2;
							if(_t133 != 2) {
								goto L9;
							}
							_a12 = _a12 & 0x00000000;
							_v16 = _v16 & 0x00000000;
							_t170 = E00904391(_t173[2],  &_a12,  &_v16);
							__eflags = _t170;
							if(__eflags < 0) {
								L54:
								if(__eflags == 0) {
									L56:
									return _t170;
								}
								L55:
								E009076AC(_t162, _t170, _t162);
								E008EF600(_t170, _t162, 0, 0x40);
								goto L56;
							}
							 *((intOrPtr*)(_t162 + 0x20)) = _v16;
							_t100 = 1;
							 *((intOrPtr*)(_t162 + 0x24)) = _a12;
							_v8 = 1;
							goto L10;
						}
						_t20 = _t162 + 0x18; // 0x2d8
						_t170 = E008C229E(_t20, _t173[2], 0);
						__eflags = _t170;
						if(__eflags < 0) {
							goto L54;
						}
						_t142 = _t173[3];
						while(1) {
							_a12 = _t142;
							__eflags = _t142;
							if(_t142 == 0) {
								break;
							}
							_t22 = _t142 + 4; // 0x700079
							_t143 = CompareStringW(0x7f, 0,  *_t22, 0xffffffff, L"version", 0xffffffff);
							__eflags = _t143 - 2;
							if(_t143 != 2) {
								_t145 = CompareStringW(0x7f, 0,  *(_a12 + 4), 0xffffffff, L"exclusive", 0xffffffff);
								__eflags = _t145 - 2;
								if(_t145 == 2) {
									_t148 = CompareStringW(0x7f, 0,  *(_a12 + 8), 0xffffffff, L"true", 0xffffffff);
									__eflags = _t148 - 2;
									if(_t148 == 2) {
										 *((intOrPtr*)(_t162 + 0x1c)) = 1;
									}
								}
								L25:
								_t142 =  *(_a12 + 0xc);
								continue;
							}
							_v12 = _v12 & 0x00000000;
							_v16 = _v16 & 0x00000000;
							_t170 = E00904391( *(_a12 + 8),  &_v12,  &_v16);
							__eflags = _t170;
							if(__eflags < 0) {
								goto L54;
							}
							 *(_t162 + 0x28) = _v16;
							 *(_t162 + 0x2c) = _v12;
							goto L25;
						}
						goto L9;
					}
					_t170 = E008C229E(_t162, _t173[2], 0);
					__eflags = _t170;
					if(__eflags < 0) {
						goto L54;
					} else {
						_t156 = _t173[3];
						while(1) {
							_a12 = _t156;
							__eflags = _t156;
							if(_t156 == 0) {
								goto L9;
							}
							_t8 = _t156 + 4; // 0x700079
							_t157 = CompareStringW(0x7f, 0,  *_t8, 0xffffffff, L"type", 0xffffffff);
							__eflags = _t157 - 2;
							if(_t157 != 2) {
								L7:
								_t13 = _a12 + 0xc; // 0x74006e
								_t156 =  *_t13;
								continue;
							}
							_t11 = _t162 + 4; // 0x2c4
							_t170 = E008C229E(_t11,  *(_a12 + 8), 0);
							__eflags = _t170;
							if(__eflags < 0) {
								goto L54;
							}
							goto L7;
						}
						goto L9;
					}
				}
				if( *_t162 != _t173 || _a8 != _t173) {
					if(_t100 != 0) {
						_t102 =  *(_t162 + 0x2c);
						__eflags =  *(_t162 + 0x2c) -  *((intOrPtr*)(_t162 + 0x24));
						if(__eflags < 0) {
							L36:
							_t174 = _a4;
							__eflags =  *(_t174 + 8);
							if( *(_t174 + 8) == 0) {
								L38:
								__eflags =  *(_t174 + 4);
								if( *(_t174 + 4) == 0) {
									L40:
									_t103 =  *(_t174 + 0x1c);
									__eflags = _t103;
									if(_t103 == 0) {
										L45:
										_t102 = E008C39DF( *(_t174 + 0x30) << 5, 1);
										 *(_t162 + 0x3c) = _t102;
										__eflags = _t102;
										if(_t102 != 0) {
											_a12 = _a12 & 0x00000000;
											__eflags =  *(_t174 + 0x30);
											if( *(_t174 + 0x30) <= 0) {
												L53:
												__eflags = _t170;
												goto L54;
											}
											_t163 = 0;
											__eflags = 0;
											_a8 = 0;
											do {
												_t110 =  *((intOrPtr*)(_t174 + 0x34)) + _t163;
												_v16 = _t110;
												_t111 = CompareStringW(0x7f, 0,  *_t110, 0xffffffff, L"enclosure", 0xffffffff);
												__eflags = _t111 - 2;
												if(_t111 != 2) {
													goto L52;
												}
												_t170 = E00907741(_v16, ( *(_t162 + 0x38) << 5) +  *(_t162 + 0x3c));
												__eflags = _t170;
												if(__eflags < 0) {
													goto L54;
												}
												_t175 =  *(_t162 + 0x38);
												_t88 = _t162 + 0x30;
												 *_t88 =  *(_t162 + 0x30) +  *((intOrPtr*)((_t175 << 5) +  *(_t162 + 0x3c) + 8));
												__eflags =  *_t88;
												asm("adc [ebx+0x34], eax");
												_t174 = _a4;
												 *(_t162 + 0x38) = _t175 + 1;
												L52:
												_t113 = _a12 + 1;
												_t163 = _a8 + 0x28;
												_a12 = _t113;
												_a8 = _t163;
												__eflags = _t113 -  *(_t174 + 0x30);
											} while (_t113 <  *(_t174 + 0x30));
											goto L53;
										}
										_t170 = 0x8007000e;
										_push(0x8007000e);
										_push(0x12c);
										L35:
										_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\apuputil.cpp");
										E008C38BA(_t102);
										goto L55;
									}
									__eflags =  *_t103;
									if( *_t103 == 0) {
										L43:
										_t122 =  *(_t174 + 0x1c);
										__eflags =  *(_t122 + 8);
										if( *(_t122 + 8) == 0) {
											goto L45;
										}
										_t72 = _t162 + 0x14; // 0x2d4
										_t170 = E008C229E(_t72,  *(_t122 + 8), 0);
										__eflags = _t170;
										if(__eflags < 0) {
											goto L54;
										}
										goto L45;
									}
									_t68 = _t162 + 0x10; // 0x2d0
									_t170 = E008C229E(_t68,  *_t103, 0);
									__eflags = _t170;
									if(__eflags < 0) {
										goto L54;
									}
									goto L43;
								}
								_t66 = _t162 + 0xc; // 0x2cc
								_t170 = E008C229E(_t66,  *(_t174 + 4), 0);
								__eflags = _t170;
								if(__eflags < 0) {
									goto L54;
								}
								goto L40;
							}
							_t63 = _t162 + 8; // 0x2c8
							_t170 = E008C229E(_t63,  *(_t174 + 8), 0);
							__eflags = _t170;
							if(__eflags < 0) {
								goto L54;
							}
							goto L38;
						}
						if(__eflags > 0) {
							L34:
							_t170 = 0x8007000d;
							_push(0x8007000d);
							_push(0x10d);
							goto L35;
						}
						_t102 =  *(_t162 + 0x28);
						__eflags =  *(_t162 + 0x28) -  *((intOrPtr*)(_t162 + 0x20));
						if( *(_t162 + 0x28) <  *((intOrPtr*)(_t162 + 0x20))) {
							goto L36;
						}
						goto L34;
					}
					goto L15;
				} else {
					L15:
					_t170 = 1;
					goto L55;
				}
			}






























                                                            0x009078fe
                                                            0x00907906
                                                            0x00907908
                                                            0x0090790a
                                                            0x0090790d
                                                            0x009079b1
                                                            0x00907924
                                                            0x0090792a
                                                            0x0090792d
                                                            0x009079ab
                                                            0x009079ab
                                                            0x009079ae
                                                            0x009079ae
                                                            0x00000000
                                                            0x009079ae
                                                            0x0090793f
                                                            0x00907945
                                                            0x00907948
                                                            0x009079e2
                                                            0x009079e8
                                                            0x009079eb
                                                            0x00907aca
                                                            0x00907ad0
                                                            0x00907ad3
                                                            0x00000000
                                                            0x00000000
                                                            0x00907ad9
                                                            0x00907ae0
                                                            0x00907af1
                                                            0x00907af3
                                                            0x00907af5
                                                            0x00907c6a
                                                            0x00907c6a
                                                            0x00907c7f
                                                            0x00907c85
                                                            0x00907c85
                                                            0x00907c6c
                                                            0x00907c6d
                                                            0x00907c77
                                                            0x00000000
                                                            0x00907c7c
                                                            0x00907b03
                                                            0x00907b08
                                                            0x00907b09
                                                            0x00907b0c
                                                            0x00000000
                                                            0x00907b0c
                                                            0x009079f6
                                                            0x009079ff
                                                            0x00907a01
                                                            0x00907a03
                                                            0x00000000
                                                            0x00000000
                                                            0x00907a09
                                                            0x00907aaa
                                                            0x00907aaa
                                                            0x00907aad
                                                            0x00907aaf
                                                            0x00000000
                                                            0x00000000
                                                            0x00907a1a
                                                            0x00907a21
                                                            0x00907a27
                                                            0x00907a2a
                                                            0x00907a74
                                                            0x00907a7a
                                                            0x00907a7d
                                                            0x00907a92
                                                            0x00907a98
                                                            0x00907a9b
                                                            0x00907a9d
                                                            0x00907a9d
                                                            0x00907a9b
                                                            0x00907aa4
                                                            0x00907aa7
                                                            0x00000000
                                                            0x00907aa7
                                                            0x00907a2c
                                                            0x00907a33
                                                            0x00907a47
                                                            0x00907a49
                                                            0x00907a4b
                                                            0x00000000
                                                            0x00000000
                                                            0x00907a59
                                                            0x00907a5c
                                                            0x00000000
                                                            0x00907a5c
                                                            0x00000000
                                                            0x00907ab5
                                                            0x00907959
                                                            0x0090795b
                                                            0x0090795d
                                                            0x00000000
                                                            0x00907963
                                                            0x00907963
                                                            0x009079a4
                                                            0x009079a4
                                                            0x009079a7
                                                            0x009079a9
                                                            0x00000000
                                                            0x00000000
                                                            0x00907971
                                                            0x00907978
                                                            0x0090797e
                                                            0x00907981
                                                            0x0090799e
                                                            0x009079a1
                                                            0x009079a1
                                                            0x00000000
                                                            0x009079a1
                                                            0x0090798b
                                                            0x00907994
                                                            0x00907996
                                                            0x00907998
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00907998
                                                            0x00000000
                                                            0x009079a4
                                                            0x0090795d
                                                            0x009079bb
                                                            0x009079c4
                                                            0x00907b14
                                                            0x00907b17
                                                            0x00907b1a
                                                            0x00907b40
                                                            0x00907b40
                                                            0x00907b43
                                                            0x00907b47
                                                            0x00907b61
                                                            0x00907b61
                                                            0x00907b65
                                                            0x00907b7f
                                                            0x00907b7f
                                                            0x00907b82
                                                            0x00907b84
                                                            0x00907bc3
                                                            0x00907bcc
                                                            0x00907bd1
                                                            0x00907bd4
                                                            0x00907bd6
                                                            0x00907be8
                                                            0x00907bec
                                                            0x00907bf0
                                                            0x00907c68
                                                            0x00907c68
                                                            0x00000000
                                                            0x00907c68
                                                            0x00907bf2
                                                            0x00907bf2
                                                            0x00907bf4
                                                            0x00907bf7
                                                            0x00907c01
                                                            0x00907c05
                                                            0x00907c0e
                                                            0x00907c14
                                                            0x00907c17
                                                            0x00000000
                                                            0x00000000
                                                            0x00907c2b
                                                            0x00907c2d
                                                            0x00907c2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00907c31
                                                            0x00907c40
                                                            0x00907c40
                                                            0x00907c40
                                                            0x00907c47
                                                            0x00907c4d
                                                            0x00907c50
                                                            0x00907c53
                                                            0x00907c59
                                                            0x00907c5a
                                                            0x00907c5d
                                                            0x00907c60
                                                            0x00907c63
                                                            0x00907c63
                                                            0x00000000
                                                            0x00907bf7
                                                            0x00907bd8
                                                            0x00907bdd
                                                            0x00907bde
                                                            0x00907b31
                                                            0x00907b31
                                                            0x00907b36
                                                            0x00000000
                                                            0x00907b36
                                                            0x00907b86
                                                            0x00907b89
                                                            0x00907ba2
                                                            0x00907ba2
                                                            0x00907ba5
                                                            0x00907ba9
                                                            0x00000000
                                                            0x00000000
                                                            0x00907bb0
                                                            0x00907bb9
                                                            0x00907bbb
                                                            0x00907bbd
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00907bbd
                                                            0x00907b8f
                                                            0x00907b98
                                                            0x00907b9a
                                                            0x00907b9c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00907b9c
                                                            0x00907b6c
                                                            0x00907b75
                                                            0x00907b77
                                                            0x00907b79
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00907b79
                                                            0x00907b4e
                                                            0x00907b57
                                                            0x00907b59
                                                            0x00907b5b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00907b5b
                                                            0x00907b1c
                                                            0x00907b26
                                                            0x00907b26
                                                            0x00907b2b
                                                            0x00907b2c
                                                            0x00000000
                                                            0x00907b2c
                                                            0x00907b1e
                                                            0x00907b21
                                                            0x00907b24
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00907b24
                                                            0x00000000
                                                            0x009079ca
                                                            0x009079ca
                                                            0x009079cc
                                                            0x00000000
                                                            0x009079cc

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,00000410), ref: 00907924
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 0090793F
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 009079E2
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00700079,000000FF,version,000000FF,000002D8,0090A518,00000000), ref: 00907A21
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 00907A74
                                                            • CompareStringW.KERNEL32(0000007F,00000000,0090A518,000000FF,true,000000FF), ref: 00907A92
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 00907ACA
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 00907C0E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: application$c:\agent\_work\66\s\src\libs\dutil\apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                            • API String ID: 1825529933-3624447555
                                                            • Opcode ID: 8983c0475ceb08df21e1bef73b6a7f88beae0db07fb8f521323944fc83ff4318
                                                            • Instruction ID: 7149d7c16c6a46c92c3f577614f5bf4abc10c154dccc8b1ab939ab919ba15df7
                                                            • Opcode Fuzzy Hash: 8983c0475ceb08df21e1bef73b6a7f88beae0db07fb8f521323944fc83ff4318
                                                            • Instruction Fuzzy Hash: 6CB18D71A08216AFDB209F98CC81F5AB7A6BF44B30F208659F965EB2D5D774F840CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E9B0F Relevance: 31.7, APIs: 4, Strings: 14, Instructions: 232threadCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 72%
                                                            			E008E9B0F(void* _a4, intOrPtr* _a8, void* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				long _v8;
				HANDLE* _v12;
				char _v16;
				char _v20;
				HANDLE* _v24;
				void* _v28;
				signed int _t67;
				intOrPtr* _t81;
				long _t82;

				_t82 = 0;
				_v28 = 0;
				_t81 = _a8;
				_v8 = 0;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				 *((intOrPtr*)(_a16 + 4)) = 0;
				while(1) {
					L1:
					_t67 =  *_t81 - 1;
					if(_t67 > 0xd) {
						break;
					}
					switch( *((intOrPtr*)(_t67 * 4 +  &M008E9D9F))) {
						case 0:
							_t77 = _a24;
							goto L28;
						case 1:
							__eax =  *(__edi + 8);
							__esi = _a12;
							_v28 =  *(__edi + 8);
							 &_v28 = 0;
							_v24 = __esi;
							__eflags = __esi;
							0 | __eflags != 0x00000000 = (__eflags != 0) + 1;
							__eax = WaitForMultipleObjects((__eflags != 0) + 1,  &_v28, 0, 0xffffffff);
							__eflags = __eax;
							if(__eax != 0) {
								__eflags = __eax - 1;
								if(__eax == 1) {
									__eax =  &_v8;
									__eax = GetExitCodeThread(__esi,  &_v8);
									__eflags = __eax;
									if(__eax != 0) {
										__eax = _v8;
										__eflags = _v8;
										if(_v8 >= 0) {
											__eax = 0x8000ffff;
											_v8 = 0x8000ffff;
										}
										_push("Cache thread exited unexpectedly.");
										L51:
										_push(0x8000ffff);
									} else {
										__eax = GetLastError();
										__eflags = __eax;
										if(__eax > 0) {
											__eax = __ax & 0x0000ffff;
											__eax = __ax & 0x0000ffff | 0x80070000;
											__eflags = __eax;
										}
										_v8 = __eax;
										__eflags = __eax;
										if(__eax >= 0) {
											__eax = 0x80004005;
											_v8 = 0x80004005;
										}
										__eax = E008C38BA(__eax, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\apply.cpp", 0x654, __eax);
										_push("Failed to get cache thread exit code.");
										goto L40;
									}
								} else {
									__eax = GetLastError();
									__eflags = __eax;
									if(__eax > 0) {
										__eax = __ax & 0x0000ffff;
										__eax = __ax & 0x0000ffff | 0x80070000;
										__eflags = __eax;
									}
									_v8 = __eax;
									__eflags = __eax;
									if(__eax >= 0) {
										__eax = 0x80004005;
										_v8 = 0x80004005;
									}
									__eax = E008C38BA(__eax, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\apply.cpp", 0x65f, __eax);
									_push("Failed to wait for cache check-point.");
									L40:
									_push(_v8);
								}
								goto L52;
							} else {
								__esi = _v8;
								goto L6;
							}
							goto L53;
						case 2:
							goto L50;
						case 3:
							 &_v20 =  &_v16;
							__esi = E008EA218(__ebx, __edi, __ecx, 0,  &_v16, _a32,  &_v20);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute EXE package.");
								goto L9;
							}
							goto L53;
						case 4:
							 &_v20 =  &_v16;
							__esi = E008EA40C(__ebx, __edi, __ecx, 0,  &_v16, _a32,  &_v20);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute MSI package.");
								goto L9;
							}
							goto L53;
						case 5:
							 &_v20 =  &_v16;
							__esi = E008EA569(__ecx, __ebx, __edi, __ecx, 0,  &_v16, _a32,  &_v20);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute MSP package.");
								goto L9;
							}
							goto L53;
						case 6:
							 &_v20 =  &_v16;
							__eax = E008EA726(__ebx, __edi, __ecx, 0, __edx,  &_v16, _a32,  &_v20);
							__edx = _v16;
							__esi = __eax;
							_v8 = __esi;
							_v12 = _v16;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L29;
							} else {
								_push("Failed to execute MSU package.");
								goto L9;
							}
							goto L53;
						case 7:
							_push(__ecx);
							__esi = E008EA9F6(__ebx, __edi);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								goto L6;
							} else {
								_push("Failed to execute package provider registration action.");
								goto L9;
							}
							goto L53;
						case 8:
							_push(__ecx);
							__esi = E008EA16E(__ebx, __edi);
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								L6:
								__edx = _v12;
								goto L29;
							} else {
								_push("Failed to execute dependency action.");
								goto L9;
							}
							goto L53;
						case 9:
							__ecx = _a20;
							goto L28;
						case 0xa:
							__ecx = _a28;
							L28:
							 *_t77 =  *((intOrPtr*)(_t81 + 8));
							goto L29;
						case 0xb:
							__eax =  *(__edi + 8);
							__esi = 0;
							__eflags =  *( *(__edi + 8) + 0x14);
							if(__eflags != 0) {
								__esi = E008DDCCE(__ecx, __eflags,  *((intOrPtr*)(__ebx + 0x4b0)), __edi);
								__eflags = __esi;
								if(__esi < 0) {
									_push("Failed to load compatible package on per-machine package.");
									_push(__esi);
									__eax = E008FFB09();
									_pop(__ecx);
									_pop(__ecx);
								}
								__edx = _v12;
							}
							_v8 = __esi;
							__eflags = __esi;
							if(__esi >= 0) {
								L29:
								_t78 = _a36;
								_t72 = _v20;
								if( *_t78 < _t72) {
									 *_t78 = _t72;
								}
								if(_v16 != 0 &&  *_t78 < 2) {
									goto L1;
								}
							} else {
								_push("Failed to execute compatible package action.");
								L9:
								_push(__esi);
								L52:
								E008FFB09();
								_t82 = _v8;
							}
							L53:
							return _t82;
					}
				}
				L50:
				_v8 = 0x8000ffff;
				_push("Invalid execute action.");
				goto L51;
			}












                                                            0x008e9b21
                                                            0x008e9b23
                                                            0x008e9b27
                                                            0x008e9b2a
                                                            0x008e9b2d
                                                            0x008e9b30
                                                            0x008e9b33
                                                            0x008e9b36
                                                            0x008e9b39
                                                            0x008e9b3c
                                                            0x008e9b3c
                                                            0x008e9b3e
                                                            0x008e9b42
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9b48
                                                            0x00000000
                                                            0x008e9b4f
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9b57
                                                            0x008e9b5a
                                                            0x008e9b5d
                                                            0x008e9b68
                                                            0x008e9b6a
                                                            0x008e9b6d
                                                            0x008e9b72
                                                            0x008e9b74
                                                            0x008e9b7a
                                                            0x008e9b7c
                                                            0x008e9cdf
                                                            0x008e9ce2
                                                            0x008e9d1f
                                                            0x008e9d24
                                                            0x008e9d2a
                                                            0x008e9d2c
                                                            0x008e9d66
                                                            0x008e9d69
                                                            0x008e9d6b
                                                            0x008e9d6d
                                                            0x008e9d72
                                                            0x008e9d72
                                                            0x008e9d75
                                                            0x008e9d89
                                                            0x008e9d89
                                                            0x008e9d2e
                                                            0x008e9d2e
                                                            0x008e9d34
                                                            0x008e9d36
                                                            0x008e9d38
                                                            0x008e9d3b
                                                            0x008e9d3b
                                                            0x008e9d3b
                                                            0x008e9d40
                                                            0x008e9d43
                                                            0x008e9d45
                                                            0x008e9d47
                                                            0x008e9d4c
                                                            0x008e9d4c
                                                            0x008e9d5a
                                                            0x008e9d5f
                                                            0x00000000
                                                            0x008e9d5f
                                                            0x008e9ce4
                                                            0x008e9ce4
                                                            0x008e9cea
                                                            0x008e9cec
                                                            0x008e9cee
                                                            0x008e9cf1
                                                            0x008e9cf1
                                                            0x008e9cf1
                                                            0x008e9cf6
                                                            0x008e9cf9
                                                            0x008e9cfb
                                                            0x008e9cfd
                                                            0x008e9d02
                                                            0x008e9d02
                                                            0x008e9d10
                                                            0x008e9d15
                                                            0x008e9d1a
                                                            0x008e9d1a
                                                            0x008e9d1a
                                                            0x00000000
                                                            0x008e9b82
                                                            0x008e9b82
                                                            0x00000000
                                                            0x008e9b82
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9b94
                                                            0x008e9ba2
                                                            0x008e9ba4
                                                            0x008e9ba7
                                                            0x008e9ba9
                                                            0x00000000
                                                            0x008e9bab
                                                            0x008e9bab
                                                            0x00000000
                                                            0x008e9bab
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9bbd
                                                            0x008e9bcb
                                                            0x008e9bcd
                                                            0x008e9bd0
                                                            0x008e9bd2
                                                            0x00000000
                                                            0x008e9bd4
                                                            0x008e9bd4
                                                            0x00000000
                                                            0x008e9bd4
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9be2
                                                            0x008e9bf0
                                                            0x008e9bf2
                                                            0x008e9bf5
                                                            0x008e9bf7
                                                            0x00000000
                                                            0x008e9bf9
                                                            0x008e9bf9
                                                            0x00000000
                                                            0x008e9bf9
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9c07
                                                            0x008e9c11
                                                            0x008e9c16
                                                            0x008e9c19
                                                            0x008e9c1b
                                                            0x008e9c1e
                                                            0x008e9c21
                                                            0x008e9c23
                                                            0x00000000
                                                            0x008e9c29
                                                            0x008e9c29
                                                            0x00000000
                                                            0x008e9c29
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9c30
                                                            0x008e9c38
                                                            0x008e9c3a
                                                            0x008e9c3d
                                                            0x008e9c3f
                                                            0x00000000
                                                            0x008e9c45
                                                            0x008e9c45
                                                            0x00000000
                                                            0x008e9c45
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9c4f
                                                            0x008e9c57
                                                            0x008e9c59
                                                            0x008e9c5c
                                                            0x008e9c5e
                                                            0x008e9b85
                                                            0x008e9b85
                                                            0x00000000
                                                            0x008e9c64
                                                            0x008e9c64
                                                            0x00000000
                                                            0x008e9c64
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9cb0
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9cab
                                                            0x008e9cb3
                                                            0x008e9cb6
                                                            0x00000000
                                                            0x00000000
                                                            0x008e9c6e
                                                            0x008e9c71
                                                            0x008e9c73
                                                            0x008e9c76
                                                            0x008e9c84
                                                            0x008e9c86
                                                            0x008e9c88
                                                            0x008e9c8a
                                                            0x008e9c8f
                                                            0x008e9c90
                                                            0x008e9c95
                                                            0x008e9c96
                                                            0x008e9c96
                                                            0x008e9c97
                                                            0x008e9c97
                                                            0x008e9c9a
                                                            0x008e9c9d
                                                            0x008e9c9f
                                                            0x008e9cb8
                                                            0x008e9cb8
                                                            0x008e9cbb
                                                            0x008e9cc0
                                                            0x008e9cc2
                                                            0x008e9cc2
                                                            0x008e9cc8
                                                            0x00000000
                                                            0x008e9cd7
                                                            0x008e9ca1
                                                            0x008e9ca1
                                                            0x008e9bb0
                                                            0x008e9bb0
                                                            0x008e9d8a
                                                            0x008e9d8a
                                                            0x008e9d8f
                                                            0x008e9d93
                                                            0x008e9d95
                                                            0x008e9d9a
                                                            0x00000000
                                                            0x008e9b48
                                                            0x008e9d7c
                                                            0x008e9d81
                                                            0x008e9d84
                                                            0x00000000

                                                            APIs
                                                            • WaitForMultipleObjects.KERNEL32(00000001,008EB978,00000000,000000FF,00000001,00000000,00000000,008EB978,00000001,?), ref: 008E9B74
                                                            • GetLastError.KERNEL32 ref: 008E9CE4
                                                            • GetExitCodeThread.KERNEL32(?,00000001), ref: 008E9D24
                                                            • GetLastError.KERNEL32 ref: 008E9D2E
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\apply.cpp, xrefs: 008E9D0B, 008E9D55
                                                            • Failed to get cache thread exit code., xrefs: 008E9D5F
                                                            • Failed to execute package provider registration action., xrefs: 008E9C45
                                                            • Cache thread exited unexpectedly., xrefs: 008E9D75
                                                            • Failed to load compatible package on per-machine package., xrefs: 008E9C8A
                                                            • Failed to wait for cache check-point., xrefs: 008E9D15
                                                            • Failed to execute compatible package action., xrefs: 008E9CA1
                                                            • Invalid execute action., xrefs: 008E9D84
                                                            • Failed to execute MSP package., xrefs: 008E9BF9
                                                            • Failed to execute MSU package., xrefs: 008E9C29
                                                            • Failed to execute MSI package., xrefs: 008E9BD4
                                                            • @Mqt, xrefs: 008E9CE4, 008E9D2E
                                                            • Failed to execute EXE package., xrefs: 008E9BAB
                                                            • Failed to execute dependency action., xrefs: 008E9C64
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                            • String ID: @Mqt$Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$c:\agent\_work\66\s\src\burn\engine\apply.cpp
                                                            • API String ID: 3703294532-731265450
                                                            • Opcode ID: 64c86079bccea16d9cc43a3dae46bb70f32dfe0695cb6a963ea87f528ea51b64
                                                            • Instruction ID: d6c30edccd1a056361ffd863b5b286ed9a3c0a2234e595033da0aefa3d3c8e25
                                                            • Opcode Fuzzy Hash: 64c86079bccea16d9cc43a3dae46bb70f32dfe0695cb6a963ea87f528ea51b64
                                                            • Instruction Fuzzy Hash: 00718171A0126AEFDB11DF65CD41EBE77B8FB46714F214195FC44E7240E2B09E409BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008EC96F Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 173processCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 56%
                                                            			E008EC96F(void* __edx, void* __eflags, WCHAR* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				int _v8;
				int _v12;
				struct _PROCESS_INFORMATION _v28;
				intOrPtr _v36;
				void* _v40;
				long _v44;
				char _v48;
				void _v52;
				int _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				struct _STARTUPINFOW _v136;
				void* __ebx;
				void* __edi;
				signed short _t69;
				signed short _t71;
				signed short _t74;
				long _t94;
				signed int _t95;
				void* _t99;
				void* _t100;
				signed short _t109;

				_t99 = __edx;
				_t94 = GetCurrentProcessId();
				_v8 = 0;
				_v12 = 0;
				E008EF600(_t100,  &_v136, 0, 0x44);
				_v60 = 0;
				_v56 = 0;
				asm("stosd");
				asm("stosd");
				_t95 = 6;
				asm("stosd");
				asm("stosd");
				memset( &_v52, 0, _t95 << 2);
				E008D4C89( &_v52);
				_v68 = _a12;
				_v64 = _a16;
				if(E008D4D1A(_t94, _t99,  &_v52,  &_v48) >= 0) {
					_t69 = E008D4E6A( &_v52, 0,  &_v8);
					__eflags = _t69;
					if(_t69 >= 0) {
						_push(_t94);
						_push(_v48);
						_push(_v52);
						_push(L"burn.embedded");
						_t71 = E008C2064( &_v12, L"%ls -%ls %ls %ls %u", _a8);
						__eflags = _t71;
						if(_t71 >= 0) {
							_t74 = CreateProcessW(_a4, _v12, 0, 0, 1, 0x8000000, 0, 0,  &_v136,  &_v28);
							__eflags = _t74;
							if(_t74 != 0) {
								_v44 = GetProcessId(_v28.hProcess);
								_v28.hProcess = _v28.hProcess & 0x00000000;
								_v40 = _v28.hProcess;
								_t109 = E008D545D( &_v52);
								__eflags = _t109;
								if(_t109 >= 0) {
									_t109 = E008D5132(0, _v36, 0x8ec8cf,  &_v68,  &_v60);
									__eflags = _t109;
									if(_t109 >= 0) {
										_t109 = E009002EC(_v40, 0xffffffff, _a20);
										__eflags = _t109;
										if(_t109 < 0) {
											_push(_a4);
											_push("Failed to wait for embedded executable: %ls");
											goto L19;
										}
									} else {
										_push("Failed to process messages from embedded message.");
										goto L2;
									}
								} else {
									_push("Failed to wait for embedded process to connect to pipe.");
									goto L2;
								}
							} else {
								_t109 = GetLastError();
								__eflags = _t109;
								if(__eflags > 0) {
									_t109 = _t109 & 0x0000ffff | 0x80070000;
									__eflags = _t109;
								}
								if(__eflags >= 0) {
									_t109 = 0x80004005;
								}
								E008C38BA(_t92, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\embedded.cpp", 0x4c, _t109);
								_push(_a4);
								_push("Failed to create embedded process at path: %ls");
								L19:
								_push(_t109);
								E008FFB09();
							}
						} else {
							_push("Failed to allocate embedded command.");
							goto L2;
						}
					} else {
						_push("Failed to create embedded pipe.");
						goto L2;
					}
				} else {
					_push("Failed to create embedded pipe name and client token.");
					L2:
					_push(_t109);
					E008FFB09();
				}
				if(_v28.hThread != 0) {
					CloseHandle(_v28.hThread);
					_v28.hThread = _v28.hThread & 0x00000000;
				}
				if(_v28.hProcess != 0) {
					CloseHandle(_v28.hProcess);
					_v28.hProcess = _v28 & 0x00000000;
				}
				E008C287D(_v12);
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _v8 & 0x00000000;
				}
				E008D4CA8( &_v52);
				return _t109;
			}


























                                                            0x008ec96f
                                                            0x008ec983
                                                            0x008ec98d
                                                            0x008ec992
                                                            0x008ec995
                                                            0x008ec99c
                                                            0x008ec9a2
                                                            0x008ec9a5
                                                            0x008ec9a9
                                                            0x008ec9ac
                                                            0x008ec9ad
                                                            0x008ec9ae
                                                            0x008ec9b4
                                                            0x008ec9ba
                                                            0x008ec9c2
                                                            0x008ec9c8
                                                            0x008ec9dc
                                                            0x008ec9fa
                                                            0x008eca01
                                                            0x008eca03
                                                            0x008eca0c
                                                            0x008eca0d
                                                            0x008eca13
                                                            0x008eca16
                                                            0x008eca24
                                                            0x008eca2e
                                                            0x008eca30
                                                            0x008eca59
                                                            0x008eca5f
                                                            0x008eca61
                                                            0x008ecaa1
                                                            0x008ecaa7
                                                            0x008ecaab
                                                            0x008ecab7
                                                            0x008ecab9
                                                            0x008ecabb
                                                            0x008ecadc
                                                            0x008ecade
                                                            0x008ecae0
                                                            0x008ecaf9
                                                            0x008ecafb
                                                            0x008ecafd
                                                            0x008ecaff
                                                            0x008ecb02
                                                            0x00000000
                                                            0x008ecb02
                                                            0x008ecae2
                                                            0x008ecae2
                                                            0x00000000
                                                            0x008ecae2
                                                            0x008ecabd
                                                            0x008ecabd
                                                            0x00000000
                                                            0x008ecabd
                                                            0x008eca63
                                                            0x008eca69
                                                            0x008eca6b
                                                            0x008eca6d
                                                            0x008eca72
                                                            0x008eca78
                                                            0x008eca78
                                                            0x008eca7a
                                                            0x008eca7c
                                                            0x008eca7c
                                                            0x008eca89
                                                            0x008eca8e
                                                            0x008eca91
                                                            0x008ecb07
                                                            0x008ecb07
                                                            0x008ecb08
                                                            0x008ecb0d
                                                            0x008eca32
                                                            0x008eca32
                                                            0x00000000
                                                            0x008eca32
                                                            0x008eca05
                                                            0x008eca05
                                                            0x00000000
                                                            0x008eca05
                                                            0x008ec9de
                                                            0x008ec9de
                                                            0x008ec9e3
                                                            0x008ec9e3
                                                            0x008ec9e4
                                                            0x008ec9ea
                                                            0x008ecb1a
                                                            0x008ecb1f
                                                            0x008ecb21
                                                            0x008ecb21
                                                            0x008ecb29
                                                            0x008ecb2e
                                                            0x008ecb30
                                                            0x008ecb30
                                                            0x008ecb37
                                                            0x008ecb40
                                                            0x008ecb45
                                                            0x008ecb47
                                                            0x008ecb47
                                                            0x008ecb4f
                                                            0x008ecb5a

                                                            APIs
                                                            • GetCurrentProcessId.KERNEL32(747161D0,00000000,00000000), ref: 008EC97B
                                                              • Part of subcall function 008D4D1A: UuidCreate.RPCRT4(?), ref: 008D4D4D
                                                            • CreateProcessW.KERNEL32 ref: 008ECA59
                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 008ECA63
                                                            • GetProcessId.KERNEL32(008E219D,?,?,00000000,?,?,?,?), ref: 008ECA9B
                                                              • Part of subcall function 008D545D: lstrlenW.KERNEL32(?,?,00000000,?,0090A500,?,00000000,?,008C457C,?,0090A500), ref: 008D547E
                                                              • Part of subcall function 008D545D: GetCurrentProcessId.KERNEL32(?,008C457C,?,0090A500), ref: 008D5489
                                                              • Part of subcall function 008D545D: SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,008C457C,?,0090A500), ref: 008D54C0
                                                              • Part of subcall function 008D545D: ConnectNamedPipe.KERNEL32(?,00000000,?,008C457C,?,0090A500), ref: 008D54D5
                                                              • Part of subcall function 008D545D: GetLastError.KERNEL32(?,008C457C,?,0090A500), ref: 008D54DF
                                                              • Part of subcall function 008D545D: Sleep.KERNEL32(00000064,?,008C457C,?,0090A500), ref: 008D5514
                                                              • Part of subcall function 008D545D: SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,008C457C,?,0090A500), ref: 008D5537
                                                              • Part of subcall function 008D545D: WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,008C457C,?,0090A500), ref: 008D5552
                                                              • Part of subcall function 008D545D: WriteFile.KERNEL32(?,008C457C,0090A500,00000000,00000000,?,008C457C,?,0090A500), ref: 008D556D
                                                              • Part of subcall function 008D545D: WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,008C457C,?,0090A500), ref: 008D5588
                                                              • Part of subcall function 009002EC: WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,008C4F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?), ref: 009002F8
                                                              • Part of subcall function 009002EC: GetLastError.KERNEL32(?,008C4F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00900306
                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,008EC8CF,?,?,?,?,?,00000000,?,?,?,?), ref: 008ECB1F
                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,008EC8CF,?,?,?,?,?,00000000,?,?,?,?), ref: 008ECB2E
                                                            • CloseHandle.KERNEL32(00000000,?,?,000000FF,00000000,?,008EC8CF,?,?,?,?,?,00000000,?,?,?), ref: 008ECB45
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\embedded.cpp, xrefs: 008ECA84
                                                            • Failed to create embedded pipe., xrefs: 008ECA05
                                                            • Failed to process messages from embedded message., xrefs: 008ECAE2
                                                            • burn.embedded, xrefs: 008ECA16
                                                            • Failed to wait for embedded process to connect to pipe., xrefs: 008ECABD
                                                            • Failed to create embedded process at path: %ls, xrefs: 008ECA91
                                                            • Failed to wait for embedded executable: %ls, xrefs: 008ECB02
                                                            • Failed to allocate embedded command., xrefs: 008ECA32
                                                            • @Mqt, xrefs: 008ECA63
                                                            • Failed to create embedded pipe name and client token., xrefs: 008EC9DE
                                                            • %ls -%ls %ls %ls %u, xrefs: 008ECA1E
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Handle$Process$CloseErrorFileLastNamedPipeWrite$CreateCurrentState$ConnectObjectSingleSleepUuidWaitlstrlen
                                                            • String ID: %ls -%ls %ls %ls %u$@Mqt$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$c:\agent\_work\66\s\src\burn\engine\embedded.cpp
                                                            • API String ID: 875070380-3351275494
                                                            • Opcode ID: bbd32c0395ff00b248f74be907805188836f507fbe82a4b0721a40ddbc553a18
                                                            • Instruction ID: 61cbe174404f843b97efcb314b7cff7908853e41f33a5b323c866340fa1e157c
                                                            • Opcode Fuzzy Hash: bbd32c0395ff00b248f74be907805188836f507fbe82a4b0721a40ddbc553a18
                                                            • Instruction Fuzzy Hash: AC515E72D4026DBBDF11EEA5DC02FEE7BB8FB45714F100126FA00F6291D6749A419B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CF1BA Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 182registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E008CF1BA(void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				short* _v16;
				char _v20;
				char _v24;
				void* __ebx;
				signed int _t54;
				signed int _t57;
				void* _t67;
				void* _t68;
				void* _t69;
				signed int _t72;
				signed short _t77;
				intOrPtr _t78;
				signed int _t79;

				_t78 = _a4;
				_v8 = 0;
				_v12 = 0;
				_v16 = L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce";
				_v20 = 0;
				_v24 = 0;
				_push(E008D3D0C( *((intOrPtr*)(_t78 + 8))));
				_push(E008D3D0C(_a16));
				_push(E008D43C4(_a12));
				E008C563D(2, 0x20000173,  *((intOrPtr*)(_t78 + 0x50)));
				E00903349(_t67,  &_v20,  &_v24);
				if(_v20 < 5) {
					_v16 = L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
				}
				_t68 = _a8;
				if(_t68 == 0) {
					L8:
					if(_a12 == 1) {
						goto L10;
					} else {
						goto L9;
					}
				} else {
					_t79 = E00900D39(_t68, L"Resume", _a12);
					if(_t79 >= 0) {
						if(_a12 != 3) {
							goto L8;
						} else {
							_t79 = E00900D39(_t68, L"Installed", 1);
							if(_t79 >= 0) {
								L9:
								if(_a16 == 0) {
									L19:
									_t79 = E00900823( *((intOrPtr*)(_t78 + 0x4c)), _v16, 0x20006,  &_v8);
									if(_t79 == 0x80070002 || _t79 == 0x80070003) {
										_t79 = 0;
										goto L29;
									} else {
										_t57 = RegDeleteValueW(_v8,  *(_t78 + 0x10));
										_t35 = _t57 - 2; // -2
										asm("sbb ecx, ecx");
										_t77 =  ~_t35 & _t57;
										if(_t77 == 0) {
											L29:
											if(_t68 != 0) {
												_t54 = RegDeleteValueW(_t68, L"BundleResumeCommandLine");
												_t36 = _t54 - 2; // -2
												asm("sbb ecx, ecx");
												_t72 =  ~_t36 & _t54;
												if(_t72 != 0) {
													if(_t72 > 0) {
														_t79 = _t72 & 0x0000ffff | 0x80070000;
													} else {
														_t79 = _t72;
													}
													if(_t79 >= 0) {
														_t79 = 0x80004005;
													}
													E008C38BA(_t54, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\registration.cpp", 0x4f1, _t79);
													_push("Failed to delete resume command line value.");
													goto L37;
												}
											}
										} else {
											if(_t77 > 0) {
												_t79 = _t77 & 0x0000ffff | 0x80070000;
											} else {
												_t79 = _t77;
											}
											if(_t79 >= 0) {
												_t79 = 0x80004005;
											}
											E008C38BA(_t57, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\registration.cpp", 0x4e7, _t79);
											_push("Failed to delete run key value.");
											goto L37;
										}
									}
								} else {
									L10:
									if( *((intOrPtr*)(_t78 + 8)) != 0) {
										goto L19;
									} else {
										_push(L"burn.runonce");
										_t79 = E008C2022( &_v12, L"\"%ls\" /%ls",  *((intOrPtr*)(_t78 + 0x54)));
										if(_t79 >= 0) {
											_t79 = E00900458( *((intOrPtr*)(_t78 + 0x4c)), _v16, 0x20006,  &_v8);
											if(_t79 >= 0) {
												_t79 = E00900D87(_t69, _v8,  *(_t78 + 0x10), _v12);
												if(_t79 >= 0) {
													_t79 = E00900D87(_t69, _t68, L"BundleResumeCommandLine",  *((intOrPtr*)(_t78 + 0x58)));
													if(_t79 < 0) {
														_push("Failed to write resume command line value.");
														goto L37;
													}
												} else {
													_push("Failed to write run key value.");
													goto L37;
												}
											} else {
												_push("Failed to create run key.");
												goto L37;
											}
										} else {
											_push("Failed to format resume command line for RunOnce.");
											goto L37;
										}
									}
								}
							} else {
								_push("Failed to write Installed value.");
								goto L37;
							}
						}
					} else {
						_push("Failed to write Resume value.");
						L37:
						_push(_t79);
						E008FFB09();
					}
				}
				if(_v12 != 0) {
					E008C2762(_v12);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t79;
			}


















                                                            0x008cf1c3
                                                            0x008cf1c8
                                                            0x008cf1cb
                                                            0x008cf1ce
                                                            0x008cf1d8
                                                            0x008cf1db
                                                            0x008cf1e3
                                                            0x008cf1ec
                                                            0x008cf1f5
                                                            0x008cf200
                                                            0x008cf210
                                                            0x008cf219
                                                            0x008cf21b
                                                            0x008cf21b
                                                            0x008cf222
                                                            0x008cf227
                                                            0x008cf26a
                                                            0x008cf26e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008cf229
                                                            0x008cf237
                                                            0x008cf23b
                                                            0x008cf24b
                                                            0x00000000
                                                            0x008cf24d
                                                            0x008cf25a
                                                            0x008cf25e
                                                            0x008cf270
                                                            0x008cf274
                                                            0x008cf311
                                                            0x008cf325
                                                            0x008cf32d
                                                            0x008cf37f
                                                            0x00000000
                                                            0x008cf337
                                                            0x008cf33d
                                                            0x008cf343
                                                            0x008cf348
                                                            0x008cf34a
                                                            0x008cf34c
                                                            0x008cf381
                                                            0x008cf383
                                                            0x008cf38b
                                                            0x008cf391
                                                            0x008cf396
                                                            0x008cf398
                                                            0x008cf39a
                                                            0x008cf39e
                                                            0x008cf3a7
                                                            0x008cf3a0
                                                            0x008cf3a0
                                                            0x008cf3a0
                                                            0x008cf3af
                                                            0x008cf3b1
                                                            0x008cf3b1
                                                            0x008cf3c1
                                                            0x008cf3c6
                                                            0x00000000
                                                            0x008cf3c6
                                                            0x008cf39a
                                                            0x008cf34e
                                                            0x008cf350
                                                            0x008cf359
                                                            0x008cf352
                                                            0x008cf352
                                                            0x008cf352
                                                            0x008cf361
                                                            0x008cf363
                                                            0x008cf363
                                                            0x008cf373
                                                            0x008cf378
                                                            0x00000000
                                                            0x008cf378
                                                            0x008cf34c
                                                            0x008cf27a
                                                            0x008cf27a
                                                            0x008cf27e
                                                            0x00000000
                                                            0x008cf284
                                                            0x008cf284
                                                            0x008cf29a
                                                            0x008cf2a1
                                                            0x008cf2c1
                                                            0x008cf2c5
                                                            0x008cf2df
                                                            0x008cf2e3
                                                            0x008cf2fd
                                                            0x008cf301
                                                            0x008cf307
                                                            0x00000000
                                                            0x008cf307
                                                            0x008cf2e5
                                                            0x008cf2e5
                                                            0x00000000
                                                            0x008cf2e5
                                                            0x008cf2c7
                                                            0x008cf2c7
                                                            0x00000000
                                                            0x008cf2c7
                                                            0x008cf2a3
                                                            0x008cf2a3
                                                            0x00000000
                                                            0x008cf2a3
                                                            0x008cf2a1
                                                            0x008cf27e
                                                            0x008cf260
                                                            0x008cf260
                                                            0x00000000
                                                            0x008cf260
                                                            0x008cf25e
                                                            0x008cf23d
                                                            0x008cf23d
                                                            0x008cf3cb
                                                            0x008cf3cb
                                                            0x008cf3cc
                                                            0x008cf3d2
                                                            0x008cf23b
                                                            0x008cf3d7
                                                            0x008cf3dc
                                                            0x008cf3dc
                                                            0x008cf3e5
                                                            0x008cf3ea
                                                            0x008cf3ea
                                                            0x008cf3f6

                                                            APIs
                                                              • Part of subcall function 00903349: GetVersionExW.KERNEL32(?,?,?,00000000), ref: 00903398
                                                            • RegCloseKey.ADVAPI32(00000000,?,0090FF38,00020006,00000000,?,00000000,00000000,00000000,?,00000000,00000001,00000000,00000000), ref: 008CF3EA
                                                              • Part of subcall function 00900D39: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,008CF237,0090FF38,Resume,00000005,?,00000000,00000000,00000000), ref: 00900D4E
                                                            Strings
                                                            • Resume, xrefs: 008CF22C
                                                            • "%ls" /%ls, xrefs: 008CF28F
                                                            • Failed to write run key value., xrefs: 008CF2E5
                                                            • c:\agent\_work\66\s\src\burn\engine\registration.cpp, xrefs: 008CF36E, 008CF3BC
                                                            • Failed to write Installed value., xrefs: 008CF260
                                                            • Failed to delete resume command line value., xrefs: 008CF3C6
                                                            • Failed to format resume command line for RunOnce., xrefs: 008CF2A3
                                                            • Failed to write Resume value., xrefs: 008CF23D
                                                            • Installed, xrefs: 008CF24F
                                                            • Failed to create run key., xrefs: 008CF2C7
                                                            • Failed to delete run key value., xrefs: 008CF378
                                                            • burn.runonce, xrefs: 008CF284
                                                            • BundleResumeCommandLine, xrefs: 008CF2F2, 008CF385
                                                            • Failed to write resume command line value., xrefs: 008CF307
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseValueVersion
                                                            • String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$burn.runonce$c:\agent\_work\66\s\src\burn\engine\registration.cpp
                                                            • API String ID: 2348918689-1350441746
                                                            • Opcode ID: 1c4f1690fd433f7aa179ece21645c99ceb6147fb480886765ca4f616fc7eac66
                                                            • Instruction ID: dba98bacefea032693aa2115c0b96695209b8c92c9b16381f61b17c3f58bc398
                                                            • Opcode Fuzzy Hash: 1c4f1690fd433f7aa179ece21645c99ceb6147fb480886765ca4f616fc7eac66
                                                            • Instruction Fuzzy Hash: 2151E831A4036ABBEF215AB4CC06FAE7676FF40718F15013DBA01F6292D7B5D9809791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CEC76 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 172COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 57%
                                                            			E008CEC76(signed int _a4, intOrPtr* _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _v20;
				intOrPtr* _t44;
				signed int _t48;
				signed int _t68;
				intOrPtr _t70;
				signed int _t74;
				void* _t75;
				signed int _t77;
				signed int _t78;
				intOrPtr* _t79;
				intOrPtr* _t83;
				signed int _t85;
				signed int _t88;

				_t74 = 0;
				_v20 = 0;
				_t85 = 0;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				if(E00903183(_a4, L"SoftwareTag",  &_v20) >= 0) {
					_t44 = _v20;
					_t84 =  &_v16;
					_push( &_v16);
					_push(_t44);
					if( *((intOrPtr*)( *_t44 + 0x20))() >= 0) {
						_t77 = _v16;
						if(_t77 == 0) {
							L22:
							_t88 = _t74;
							 *_a12 = _t77;
							 *_a8 = _t85;
							_t85 = _t74;
						} else {
							_t85 = E008C39DF(_t77 << 4, 1);
							if(_t85 != 0) {
								_t77 = _v16;
								_a4 = 0;
								if(_t77 == 0) {
									goto L22;
								} else {
									_t13 = _t85 + 8; // 0x8
									_t75 = _t13;
									while(1) {
										_t88 = E009030E2(_t77, _v20,  &_v8, 0);
										if(_t88 < 0) {
											break;
										}
										_t16 = _t75 - 8; // 0x0
										_t88 = E00902B5D(_v8, L"Filename", _t16);
										if(_t88 < 0) {
											_push("Failed to get @Filename.");
											goto L2;
										} else {
											_t18 = _t75 - 4; // 0x4
											_t88 = E00902B5D(_v8, L"Regid", _t18);
											if(_t88 < 0) {
												_push("Failed to get @Regid.");
												goto L2;
											} else {
												_t88 = E00902B5D(_v8, L"Path", _t75);
												if(_t88 < 0) {
													_push("Failed to get @Path.");
													goto L2;
												} else {
													_t88 = E00902D56(_v8,  &_v12);
													if(_t88 < 0) {
														_push("Failed to get SoftwareTag text.");
														goto L2;
													} else {
														_t24 = _t75 + 4; // 0xc
														_t88 = E008C252E(_t84, _t24, _v12, 0, 0xfde9);
														if(_t88 < 0) {
															_push("Failed to convert SoftwareTag text to UTF-8");
															goto L2;
														} else {
															_t68 = _v12;
															if(_t68 != 0) {
																__imp__#6(_t68);
																_v12 = _v12 & 0x00000000;
															}
															_t83 = _v8;
															if(_t83 != 0) {
																 *((intOrPtr*)( *_t83 + 8))(_t83);
																_v8 = _v8 & 0x00000000;
															}
															_t75 = _t75 + 0x10;
															_t77 = _v16;
															_t70 = _a4 + 1;
															_a4 = _t70;
															if(_t70 < _t77) {
																continue;
															} else {
																_t74 = 0;
																goto L22;
															}
														}
													}
												}
											}
										}
										goto L23;
									}
									_push("Failed to get next node.");
									goto L2;
								}
							} else {
								_t88 = 0x8007000e;
								E008C38BA(_t55, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\registration.cpp", 0x41c, 0x8007000e);
								_push("Failed to allocate memory for software tag structs.");
								goto L2;
							}
						}
					} else {
						_push("Failed to get software tag count.");
						goto L2;
					}
				} else {
					_push("Failed to select software tag nodes.");
					L2:
					_push(_t88);
					E008FFB09();
				}
				L23:
				_t48 = _v12;
				if(_t48 != 0) {
					__imp__#6(_t48);
				}
				_t78 = _v8;
				if(_t78 != 0) {
					 *((intOrPtr*)( *_t78 + 8))(_t78);
				}
				_t79 = _v20;
				if(_t79 != 0) {
					 *((intOrPtr*)( *_t79 + 8))(_t79);
				}
				if(_t85 != 0) {
					E008C3AA4(_t85);
				}
				return _t88;
			}



















                                                            0x008cec82
                                                            0x008cec8d
                                                            0x008cec90
                                                            0x008cec92
                                                            0x008cec95
                                                            0x008cec98
                                                            0x008ceca4
                                                            0x008cecb8
                                                            0x008cecbb
                                                            0x008cecbe
                                                            0x008cecbf
                                                            0x008cecc9
                                                            0x008cecd2
                                                            0x008cecd7
                                                            0x008cedee
                                                            0x008cedf1
                                                            0x008cedf3
                                                            0x008cedf8
                                                            0x008cedfa
                                                            0x008cecdd
                                                            0x008cece8
                                                            0x008cecec
                                                            0x008ced0a
                                                            0x008ced0d
                                                            0x008ced12
                                                            0x00000000
                                                            0x008ced18
                                                            0x008ced18
                                                            0x008ced18
                                                            0x008ced1b
                                                            0x008ced29
                                                            0x008ced2d
                                                            0x00000000
                                                            0x00000000
                                                            0x008ced33
                                                            0x008ced44
                                                            0x008ced48
                                                            0x008cee5f
                                                            0x00000000
                                                            0x008ced4e
                                                            0x008ced4e
                                                            0x008ced5f
                                                            0x008ced63
                                                            0x008cee55
                                                            0x00000000
                                                            0x008ced69
                                                            0x008ced77
                                                            0x008ced7b
                                                            0x008cee4b
                                                            0x00000000
                                                            0x008ced81
                                                            0x008ced8d
                                                            0x008ced91
                                                            0x008cee41
                                                            0x00000000
                                                            0x008ced97
                                                            0x008ceda1
                                                            0x008cedaa
                                                            0x008cedae
                                                            0x008cee37
                                                            0x00000000
                                                            0x008cedb4
                                                            0x008cedb4
                                                            0x008cedb9
                                                            0x008cedbc
                                                            0x008cedc2
                                                            0x008cedc2
                                                            0x008cedc6
                                                            0x008cedcb
                                                            0x008cedd0
                                                            0x008cedd3
                                                            0x008cedd3
                                                            0x008cedda
                                                            0x008ceddd
                                                            0x008cede0
                                                            0x008cede1
                                                            0x008cede6
                                                            0x00000000
                                                            0x008cedec
                                                            0x008cedec
                                                            0x00000000
                                                            0x008cedec
                                                            0x008cede6
                                                            0x008cedae
                                                            0x008ced91
                                                            0x008ced7b
                                                            0x008ced63
                                                            0x00000000
                                                            0x008ced48
                                                            0x008cee69
                                                            0x00000000
                                                            0x008cee69
                                                            0x008cecee
                                                            0x008cecee
                                                            0x008cecfe
                                                            0x008ced03
                                                            0x00000000
                                                            0x008ced03
                                                            0x008cecec
                                                            0x008ceccb
                                                            0x008ceccb
                                                            0x00000000
                                                            0x008ceccb
                                                            0x008ceca6
                                                            0x008ceca6
                                                            0x008cecab
                                                            0x008cecab
                                                            0x008cecac
                                                            0x008cecb2
                                                            0x008cedfc
                                                            0x008cedfc
                                                            0x008cee01
                                                            0x008cee04
                                                            0x008cee04
                                                            0x008cee0a
                                                            0x008cee0f
                                                            0x008cee14
                                                            0x008cee14
                                                            0x008cee17
                                                            0x008cee1c
                                                            0x008cee21
                                                            0x008cee21
                                                            0x008cee26
                                                            0x008cee29
                                                            0x008cee29
                                                            0x008cee34

                                                            APIs
                                                            • SysFreeString.OLEAUT32(?), ref: 008CEE04
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • SysFreeString.OLEAUT32(?), ref: 008CEDBC
                                                            Strings
                                                            • Filename, xrefs: 008CED37
                                                            • SoftwareTag, xrefs: 008CEC85
                                                            • c:\agent\_work\66\s\src\burn\engine\registration.cpp, xrefs: 008CECF9
                                                            • Failed to select software tag nodes., xrefs: 008CECA6
                                                            • Failed to get @Filename., xrefs: 008CEE5F
                                                            • Failed to get @Path., xrefs: 008CEE4B
                                                            • Failed to get @Regid., xrefs: 008CEE55
                                                            • Regid, xrefs: 008CED52
                                                            • Failed to allocate memory for software tag structs., xrefs: 008CED03
                                                            • Failed to convert SoftwareTag text to UTF-8, xrefs: 008CEE37
                                                            • Failed to get next node., xrefs: 008CEE69
                                                            • Path, xrefs: 008CED6A
                                                            • Failed to get software tag count., xrefs: 008CECCB
                                                            • Failed to get SoftwareTag text., xrefs: 008CEE41
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeHeapString$AllocateProcess
                                                            • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$c:\agent\_work\66\s\src\burn\engine\registration.cpp
                                                            • API String ID: 336948655-3163406687
                                                            • Opcode ID: d42275810098a6fcf3d568ba808cbb257cc41edbeafb5acfc20801ca12b5e1bd
                                                            • Instruction ID: 7caafe1c7761559ef4945d5eea68fdcc8afac4cafddf8637088728a6d5a10789
                                                            • Opcode Fuzzy Hash: d42275810098a6fcf3d568ba808cbb257cc41edbeafb5acfc20801ca12b5e1bd
                                                            • Instruction Fuzzy Hash: 95517E31A0132AEFCB119F98C895FAEB7B8FF84754B10416DB906EB290C671DE409B90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008EC45E Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 271COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E008EC45E(intOrPtr __ecx, void* __eflags, signed int _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24) {
				signed int _v8;
				intOrPtr _t121;
				intOrPtr _t176;
				intOrPtr* _t190;
				intOrPtr* _t197;
				intOrPtr _t198;
				intOrPtr _t203;
				signed int _t206;
				intOrPtr _t207;
				intOrPtr _t208;
				signed int _t209;
				signed int _t210;
				signed int _t212;
				void* _t214;
				void* _t220;
				signed int _t223;
				intOrPtr* _t224;
				void* _t225;

				_t193 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t190 = _a24;
				_t121 = E008C39DF( *(_t190 + 0x80) << 3, 1);
				_t212 = _a4;
				 *((intOrPtr*)(_t212 + 0x7c)) = _t121;
				if(_t121 != 0) {
					_t206 = 0;
					 *(_t212 + 0x80) =  *(_t190 + 0x80);
					_a4 = 0;
					if( *(_t190 + 0x80) <= 0) {
						L16:
						 *(_t212 + 0x14) =  *(_t212 + 0x14) & 0x00000000;
						 *((intOrPtr*)(_t212 + 0xa8)) = 1;
						 *((intOrPtr*)(_t212 + 0x8c)) =  *((intOrPtr*)(_t190 + 0x8c));
						 *((intOrPtr*)(_t212 + 0x40)) =  *((intOrPtr*)(_t190 + 0x40));
						 *((intOrPtr*)(_t212 + 0x44)) =  *((intOrPtr*)(_t190 + 0x44));
						 *((intOrPtr*)(_t212 + 0x28)) =  *((intOrPtr*)(_t190 + 0x28));
						 *((intOrPtr*)(_t212 + 0x2c)) =  *((intOrPtr*)(_t190 + 0x2c));
						 *((intOrPtr*)(_t212 + 0x30)) =  *((intOrPtr*)(_t190 + 0x30));
						 *((intOrPtr*)(_t212 + 0x34)) =  *((intOrPtr*)(_t190 + 0x34));
						 *((intOrPtr*)(_t212 + 0x1c)) =  *((intOrPtr*)(_t190 + 0x1c));
						if(E008C229E(_t212,  *_t190, 0) >= 0) {
							_t97 = _t212 + 0x24; // 0x124
							if(E008C229E(_t97,  *((intOrPtr*)(_t190 + 0x24)), 0) >= 0) {
								 *((intOrPtr*)(_t212 + 0xb0)) =  *((intOrPtr*)(_t190 + 0xb0));
								if(E008D7D20(_t193,  &_v8,  *_a8,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(_a8 + 8)),  *((intOrPtr*)(_a8 + 0x1c)), 1, _a16, _a20, _a12,  *((intOrPtr*)(_t135 + 0xc))) >= 0) {
									_t109 = _t212 + 0x94; // 0x194
									if(E008C229E(_t109, _v8, 0) >= 0) {
										_t112 = _t212 + 0x98; // 0x198
										_t220 = E008C229E(_t112, _v8, 0);
										if(_t220 >= 0) {
											_t114 = _t212 + 0x9c; // 0x19c
											 *((intOrPtr*)(_t212 + 0xac)) = 1;
											_t220 = E008C229E(_t114, _v8, 0);
											if(_t220 >= 0) {
												 *((intOrPtr*)(_t212 + 0x18)) = 1;
											} else {
												_push("Failed to copy uninstall arguments for passthrough bundle package");
												goto L23;
											}
										} else {
											_push("Failed to copy related arguments for passthrough bundle package");
											goto L23;
										}
									} else {
										_push("Failed to copy install arguments for passthrough bundle package");
										goto L23;
									}
								} else {
									_push("Failed to recreate command-line arguments.");
									goto L23;
								}
							} else {
								_push("Failed to copy cache id for passthrough pseudo bundle.");
								goto L23;
							}
						} else {
							_push("Failed to copy key for passthrough pseudo bundle.");
							goto L23;
						}
					} else {
						while(1) {
							_t223 = _t206 << 3;
							_a24 =  *((intOrPtr*)(_t190 + 0x7c)) + _t223;
							 *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c)))) = E008C39DF(0x58, 1);
							_t150 =  *((intOrPtr*)(_t212 + 0x7c));
							_t207 =  *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c))));
							if(_t207 == 0) {
								break;
							}
							_t197 = _a24;
							 *((intOrPtr*)(_t207 + 4)) =  *((intOrPtr*)( *_t197 + 4));
							_t198 =  *_t197;
							_t208 =  *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c))));
							 *((intOrPtr*)(_t208 + 0x10)) =  *((intOrPtr*)(_t198 + 0x10));
							 *((intOrPtr*)(_t208 + 0x14)) =  *((intOrPtr*)(_t198 + 0x14));
							_t220 = E008C229E( *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c)))),  *((intOrPtr*)( *_a24)), 0);
							if(_t220 < 0) {
								_push("Failed to copy key for passthrough pseudo bundle payload.");
								goto L23;
							} else {
								_t220 = E008C229E( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x18,  *((intOrPtr*)( *_a24 + 0x18)), 0);
								if(_t220 < 0) {
									_push("Failed to copy filename for passthrough pseudo bundle.");
									goto L23;
								} else {
									_t220 = E008C229E( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x38,  *((intOrPtr*)( *_a24 + 0x38)), 0);
									if(_t220 < 0) {
										_push("Failed to copy local source path for passthrough pseudo bundle.");
										goto L23;
									} else {
										_t224 = _a24;
										_t173 =  *_t224;
										if( *((intOrPtr*)( *_t224 + 0x40)) == 0) {
											L12:
											_t174 =  *_t224;
											if( *((intOrPtr*)( *_t224 + 0x30)) == 0) {
												L15:
												_t209 = _a4;
												_t193 =  *((intOrPtr*)(_t212 + 0x7c));
												 *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + 4 + _t209 * 8)) =  *((intOrPtr*)(_t224 + 4));
												_t206 = _t209 + 1;
												_a4 = _t206;
												if(_t206 <  *(_t190 + 0x80)) {
													continue;
												} else {
													goto L16;
												}
											} else {
												_t176 = E008C39DF( *((intOrPtr*)(_t174 + 0x34)), 0);
												_t210 = _a4;
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x30)) = _t176;
												_t177 =  *((intOrPtr*)(_t212 + 0x7c));
												_t203 =  *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8));
												if( *((intOrPtr*)(_t203 + 0x30)) == 0) {
													_t214 = 0x8007000e;
													_t220 = 0x8007000e;
													E008C38BA(_t177, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0xcc, 0x8007000e);
													_push("Failed to allocate memory for pseudo bundle payload hash.");
													goto L2;
												} else {
													 *((intOrPtr*)(_t203 + 0x34)) =  *((intOrPtr*)( *_t224 + 0x34));
													E008C3C78( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x34)),  *((intOrPtr*)( *_t224 + 0x30)),  *((intOrPtr*)( *_t224 + 0x34)));
													_t225 = _t225 + 0x10;
													goto L15;
												}
											}
										} else {
											_t220 = E008C229E( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x40,  *((intOrPtr*)(_t173 + 0x40)), 0);
											if(_t220 < 0) {
												_push("Failed to copy download source for passthrough pseudo bundle.");
												L23:
												_push(_t220);
												goto L3;
											} else {
												_t224 = _a24;
												goto L12;
											}
										}
									}
								}
							}
							goto L36;
						}
						_t214 = 0x8007000e;
						_t220 = 0x8007000e;
						E008C38BA(_t150, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0xb6, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L2;
					}
				} else {
					_t214 = 0x8007000e;
					_t220 = 0x8007000e;
					E008C38BA(_t121, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pseudobundle.cpp", 0xae, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of passthrough bundle.");
					L2:
					_push(_t214);
					L3:
					E008FFB09();
				}
				L36:
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				return _t220;
			}





















                                                            0x008ec45e
                                                            0x008ec461
                                                            0x008ec462
                                                            0x008ec467
                                                            0x008ec478
                                                            0x008ec47d
                                                            0x008ec480
                                                            0x008ec485
                                                            0x008ec4b6
                                                            0x008ec4b8
                                                            0x008ec4be
                                                            0x008ec4c7
                                                            0x008ec61e
                                                            0x008ec61e
                                                            0x008ec622
                                                            0x008ec632
                                                            0x008ec63b
                                                            0x008ec641
                                                            0x008ec647
                                                            0x008ec64d
                                                            0x008ec653
                                                            0x008ec659
                                                            0x008ec661
                                                            0x008ec670
                                                            0x008ec6e0
                                                            0x008ec6ed
                                                            0x008ec6fc
                                                            0x008ec72b
                                                            0x008ec736
                                                            0x008ec74a
                                                            0x008ec75a
                                                            0x008ec766
                                                            0x008ec76a
                                                            0x008ec77a
                                                            0x008ec780
                                                            0x008ec790
                                                            0x008ec794
                                                            0x008ec7a0
                                                            0x008ec796
                                                            0x008ec796
                                                            0x00000000
                                                            0x008ec796
                                                            0x008ec76c
                                                            0x008ec76c
                                                            0x00000000
                                                            0x008ec76c
                                                            0x008ec74c
                                                            0x008ec74c
                                                            0x00000000
                                                            0x008ec74c
                                                            0x008ec72d
                                                            0x008ec72d
                                                            0x00000000
                                                            0x008ec72d
                                                            0x008ec6ef
                                                            0x008ec6ef
                                                            0x00000000
                                                            0x008ec6ef
                                                            0x008ec672
                                                            0x008ec672
                                                            0x00000000
                                                            0x008ec672
                                                            0x008ec4cd
                                                            0x008ec4cd
                                                            0x008ec4d2
                                                            0x008ec4db
                                                            0x008ec4e6
                                                            0x008ec4e9
                                                            0x008ec4ec
                                                            0x008ec4f1
                                                            0x00000000
                                                            0x00000000
                                                            0x008ec4f7
                                                            0x008ec501
                                                            0x008ec507
                                                            0x008ec509
                                                            0x008ec50f
                                                            0x008ec515
                                                            0x008ec52a
                                                            0x008ec52e
                                                            0x008ec6af
                                                            0x00000000
                                                            0x008ec534
                                                            0x008ec550
                                                            0x008ec554
                                                            0x008ec6a8
                                                            0x00000000
                                                            0x008ec55a
                                                            0x008ec576
                                                            0x008ec57a
                                                            0x008ec6a1
                                                            0x00000000
                                                            0x008ec580
                                                            0x008ec580
                                                            0x008ec583
                                                            0x008ec589
                                                            0x008ec5af
                                                            0x008ec5af
                                                            0x008ec5b5
                                                            0x008ec601
                                                            0x008ec601
                                                            0x008ec604
                                                            0x008ec60a
                                                            0x008ec60e
                                                            0x008ec60f
                                                            0x008ec618
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008ec5b7
                                                            0x008ec5bc
                                                            0x008ec5c4
                                                            0x008ec5ca
                                                            0x008ec5cd
                                                            0x008ec5d0
                                                            0x008ec5d7
                                                            0x008ec680
                                                            0x008ec690
                                                            0x008ec692
                                                            0x008ec697
                                                            0x00000000
                                                            0x008ec5dd
                                                            0x008ec5e2
                                                            0x008ec5f9
                                                            0x008ec5fe
                                                            0x00000000
                                                            0x008ec5fe
                                                            0x008ec5d7
                                                            0x008ec58b
                                                            0x008ec5a2
                                                            0x008ec5a6
                                                            0x008ec679
                                                            0x008ec6b4
                                                            0x008ec6b4
                                                            0x00000000
                                                            0x008ec5ac
                                                            0x008ec5ac
                                                            0x00000000
                                                            0x008ec5ac
                                                            0x008ec5a6
                                                            0x008ec589
                                                            0x008ec57a
                                                            0x008ec554
                                                            0x00000000
                                                            0x008ec52e
                                                            0x008ec6ba
                                                            0x008ec6ca
                                                            0x008ec6cc
                                                            0x008ec6d1
                                                            0x00000000
                                                            0x008ec6d1
                                                            0x008ec487
                                                            0x008ec487
                                                            0x008ec497
                                                            0x008ec499
                                                            0x008ec49e
                                                            0x008ec4a3
                                                            0x008ec4a3
                                                            0x008ec4a4
                                                            0x008ec4a4
                                                            0x008ec4aa
                                                            0x008ec7a7
                                                            0x008ec7ab
                                                            0x008ec7b0
                                                            0x008ec7b0
                                                            0x008ec7bb

                                                            Strings
                                                            • Failed to copy cache id for passthrough pseudo bundle., xrefs: 008EC6EF
                                                            • Failed to copy download source for passthrough pseudo bundle., xrefs: 008EC679
                                                            • Failed to copy install arguments for passthrough bundle package, xrefs: 008EC74C
                                                            • Failed to copy filename for passthrough pseudo bundle., xrefs: 008EC6A8
                                                            • Failed to recreate command-line arguments., xrefs: 008EC72D
                                                            • Failed to copy key for passthrough pseudo bundle payload., xrefs: 008EC6AF
                                                            • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 008EC6D1
                                                            • c:\agent\_work\66\s\src\burn\engine\pseudobundle.cpp, xrefs: 008EC492, 008EC68B, 008EC6C5
                                                            • Failed to copy related arguments for passthrough bundle package, xrefs: 008EC76C
                                                            • Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 008EC49E
                                                            • Failed to copy local source path for passthrough pseudo bundle., xrefs: 008EC6A1
                                                            • Failed to copy key for passthrough pseudo bundle., xrefs: 008EC672
                                                            • Failed to copy uninstall arguments for passthrough bundle package, xrefs: 008EC796
                                                            • Failed to allocate memory for pseudo bundle payload hash., xrefs: 008EC697
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateProcess
                                                            • String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$c:\agent\_work\66\s\src\burn\engine\pseudobundle.cpp
                                                            • API String ID: 1357844191-1911474293
                                                            • Opcode ID: 2bf2fe9e4ca1edfb5888be677794ad7e8b43f1b495c42d01d395a34a3064f30a
                                                            • Instruction ID: a1566cbfca7cc03bf6bd68481bb030aa2f862706c13c27c4be0de0fb59c8a7cb
                                                            • Opcode Fuzzy Hash: 2bf2fe9e4ca1edfb5888be677794ad7e8b43f1b495c42d01d395a34a3064f30a
                                                            • Instruction Fuzzy Hash: C1B16871A0065AEFDB21DF69C881F96BBA1FB49314F108169FD14EB3A1D731E852DB80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CB1D7 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 24%
                                                            			E008CB1D7(intOrPtr _a4) {
				void* _t35;
				intOrPtr* _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				signed int _t52;
				intOrPtr _t55;
				signed short _t56;
				intOrPtr* _t58;
				signed short _t59;
				signed short _t60;
				signed short _t61;
				signed short _t67;

				_t56 = 0;
				_t58 = GetModuleHandleW(0);
				if(_t58 != 0) {
					if(0x5a4d ==  *_t58) {
						_t48 =  *((intOrPtr*)(_t58 + 0x3c));
						if( *((intOrPtr*)(_t48 + _t58)) == 0x4550) {
							_t5 = _t58 + 0x18; // 0x18
							_t44 = _t5 + ( *(_t48 + _t58 + 0x14) & 0x0000ffff) + _t48;
							if(E008EF8C3(_t44, ".wixburn", 8) == 0) {
								L17:
								if( *((intOrPtr*)(_t44 + 0x10)) >= 0x34) {
									_t46 =  *((intOrPtr*)(_t44 + 0xc)) + _t58;
									if( *((intOrPtr*)(_t46 + 4)) == 2) {
										_t55 = _a4;
										_t49 = _t56;
										while(1) {
											_t26 =  *((intOrPtr*)(_t55 + _t49 * 4));
											if( *((intOrPtr*)(_t55 + _t49 * 4)) !=  *((intOrPtr*)(_t46 + 8 + _t49 * 4))) {
												break;
											}
											_t49 = _t49 + 1;
											if(_t49 != 4) {
												continue;
											} else {
											}
											goto L29;
										}
										_t59 = 0x8007000d;
										_t56 = 0x8007000d;
										E008C38BA(_t26, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x18a, 0x8007000d);
										_push("Bundle guid didn\'t match the guid in the PE Header in memory.");
										goto L28;
									} else {
										_t60 = 0x8007000d;
										_t56 = 0x8007000d;
										E008C38BA(_t25, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x184, 0x8007000d);
										_push( *((intOrPtr*)(_t46 + 4)));
										_push("Failed to read section info, unsupported version: %08x");
										goto L22;
									}
								} else {
									_t60 = 0x8007000d;
									_t56 = 0x8007000d;
									E008C38BA(_t25, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x17a, 0x8007000d);
									_push( *((intOrPtr*)(_t44 + 0x10)));
									_push("Failed to read section info, data to short: %u");
									L22:
									_push(_t60);
									E008FFB09();
								}
							} else {
								_t52 =  *( *((intOrPtr*)(_t58 + 0x3c)) + _t58 + 6) & 0x0000ffff;
								_t35 = 1;
								while(_t35 < _t52) {
									_t44 = _t44 + 0x28;
									_t35 = _t35 + 1;
									if( *_t44 != 0x7869772e ||  *((intOrPtr*)(_t44 + 4)) != 0x6e727562) {
										continue;
									} else {
										goto L17;
									}
									goto L29;
								}
								_t59 = 0x8007000d;
								_t56 = 0x8007000d;
								E008C38BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x16e, 0x8007000d);
								_push("Failed to find Burn section.");
								L28:
								_push(_t59);
								E008FFB09();
							}
							L29:
						} else {
							_t61 = 0x8007000d;
							_t56 = 0x8007000d;
							E008C38BA(0x5a4d, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x155, 0x8007000d);
							_push("Failed to find valid NT image header in buffer.");
							goto L9;
						}
					} else {
						_t61 = 0x8007000d;
						_t56 = 0x8007000d;
						E008C38BA(0x5a4d, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x14a, 0x8007000d);
						_push("Failed to find valid DOS image header in buffer.");
						L9:
						_push(_t61);
						goto L6;
					}
				} else {
					_t56 = GetLastError();
					if(_t56 > 0) {
						_t56 = _t56 & 0x0000ffff | 0x80070000;
						_t67 = _t56;
					}
					if(_t67 >= 0) {
						_t56 = 0x80004005;
					}
					E008C38BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\section.cpp", 0x140, _t56);
					_push("Failed to get module handle to process.");
					_push(_t56);
					L6:
					E008FFB09();
				}
				return _t56;
			}
















                                                            0x008cb1dc
                                                            0x008cb1e5
                                                            0x008cb1e9
                                                            0x008cb233
                                                            0x008cb254
                                                            0x008cb25e
                                                            0x008cb286
                                                            0x008cb28b
                                                            0x008cb29d
                                                            0x008cb2c3
                                                            0x008cb2c7
                                                            0x008cb30b
                                                            0x008cb311
                                                            0x008cb33d
                                                            0x008cb340
                                                            0x008cb342
                                                            0x008cb342
                                                            0x008cb349
                                                            0x00000000
                                                            0x00000000
                                                            0x008cb34b
                                                            0x008cb34f
                                                            0x00000000
                                                            0x00000000
                                                            0x008cb351
                                                            0x00000000
                                                            0x008cb34f
                                                            0x008cb353
                                                            0x008cb363
                                                            0x008cb365
                                                            0x008cb36a
                                                            0x00000000
                                                            0x008cb313
                                                            0x008cb313
                                                            0x008cb323
                                                            0x008cb325
                                                            0x008cb32a
                                                            0x008cb32d
                                                            0x00000000
                                                            0x008cb32d
                                                            0x008cb2c9
                                                            0x008cb2c9
                                                            0x008cb2d9
                                                            0x008cb2db
                                                            0x008cb2e0
                                                            0x008cb2e3
                                                            0x008cb332
                                                            0x008cb332
                                                            0x008cb333
                                                            0x008cb338
                                                            0x008cb29f
                                                            0x008cb2a2
                                                            0x008cb2a9
                                                            0x008cb2aa
                                                            0x008cb2ae
                                                            0x008cb2b1
                                                            0x008cb2b8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008cb2b8
                                                            0x008cb2ea
                                                            0x008cb2fa
                                                            0x008cb2fc
                                                            0x008cb301
                                                            0x008cb36f
                                                            0x008cb36f
                                                            0x008cb370
                                                            0x008cb376
                                                            0x008cb377
                                                            0x008cb260
                                                            0x008cb260
                                                            0x008cb270
                                                            0x008cb272
                                                            0x008cb277
                                                            0x00000000
                                                            0x008cb277
                                                            0x008cb235
                                                            0x008cb235
                                                            0x008cb245
                                                            0x008cb247
                                                            0x008cb24c
                                                            0x008cb251
                                                            0x008cb251
                                                            0x00000000
                                                            0x008cb251
                                                            0x008cb1eb
                                                            0x008cb1f1
                                                            0x008cb1f5
                                                            0x008cb1fa
                                                            0x008cb200
                                                            0x008cb200
                                                            0x008cb202
                                                            0x008cb204
                                                            0x008cb204
                                                            0x008cb214
                                                            0x008cb219
                                                            0x008cb21e
                                                            0x008cb21f
                                                            0x008cb21f
                                                            0x008cb225
                                                            0x008cb37d

                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,008CBACA,00000008,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB1DF
                                                            • GetLastError.KERNEL32(?,008CBACA,00000008,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 008CB1EB
                                                            • _memcmp.LIBVCRUNTIME ref: 008CB293
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorHandleLastModule_memcmp
                                                            • String ID: .wix$.wixburn$@Mqt$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$c:\agent\_work\66\s\src\burn\engine\section.cpp
                                                            • API String ID: 3888311042-506847095
                                                            • Opcode ID: a9aedbb6cad7f34e78618cb46469797a0e3d5e7cb2e62ea74ad5a50d3c427a8b
                                                            • Instruction ID: 07801fc92fae70aeea3a609b677f141fd8fb463f2e59073809753c8d20836462
                                                            • Opcode Fuzzy Hash: a9aedbb6cad7f34e78618cb46469797a0e3d5e7cb2e62ea74ad5a50d3c427a8b
                                                            • Instruction Fuzzy Hash: EE411D32280B16BBD72159559C43F6B2571FFD1B39F25802DFA02EF2C1D7B9C80282A6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D3AD7 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 54%
                                                            			E008D3AD7(void* __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				short _v528;
				short* _v532;
				int _v536;
				int _v540;
				char _v544;
				void* __ebx;
				void* __esi;
				signed int _t29;
				long _t39;
				intOrPtr _t56;
				void* _t63;
				void* _t64;
				signed int _t66;
				signed short _t69;
				signed int _t72;
				signed short _t78;

				_t64 = __edi;
				_t63 = __edx;
				_t29 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t29 ^ _t72;
				_t56 = _a4;
				E008EF600(__edi,  &_v528, 0, 0x208);
				_v544 = 0;
				_v532 = 0;
				_v540 = 0;
				_v536 = 0;
				if(GetTempPathW(0x104,  &_v528) != 0) {
					_t69 = E008C1CA7( &_v528, 0x104,  &_v540);
					if(_t69 >= 0) {
						_t39 = GetCurrentProcessId();
						__imp__ProcessIdToSessionId(_t39,  &_v544, _t64);
						if(_t39 == 0) {
							_t70 = _v540;
							L17:
							_t69 = E008C229E(_t56,  &_v528, _t70);
							if(_t69 >= 0) {
								L20:
								_pop(_t64);
								L21:
								if(_v532 != 0) {
									E008C2762(_v532);
								}
								return E008EDD1F(_t56, _v8 ^ _t72, _t63, _t64, _t69);
							}
							_push("Failed to copy temp folder.");
							L19:
							_push(_t69);
							E008FFB09();
							goto L20;
						}
						_t69 = E008C2022( &_v532, L"%u\\", _v544);
						if(_t69 >= 0) {
							_t69 = E008C1CA7(_v532, 0x7fffffff,  &_v536);
							if(_t69 >= 0) {
								_t70 = _v540;
								_t66 = _v540 - _v536;
								if(CompareStringW(0, 0,  &(( &_v528)[_t66]), _v536, _v532, _v536) == 2) {
									_t70 = _t66;
								}
								goto L17;
							}
							_push("Failed to get length of session id string.");
							goto L19;
						}
						_push("Failed to format session id as a string.");
						goto L19;
					}
					_push("Failed to get length of temp folder.");
					L6:
					_push(_t69);
					E008FFB09();
					goto L21;
				}
				_t69 = GetLastError();
				if(_t69 > 0) {
					_t69 = _t69 & 0x0000ffff | 0x80070000;
					_t78 = _t69;
				}
				if(_t78 >= 0) {
					_t69 = 0x80004005;
				}
				E008C38BA(_t54, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\logging.cpp", 0x28d, _t69);
				_push("Failed to get temp folder.");
				goto L6;
			}




















                                                            0x008d3ad7
                                                            0x008d3ad7
                                                            0x008d3ae0
                                                            0x008d3ae7
                                                            0x008d3aeb
                                                            0x008d3afe
                                                            0x008d3b06
                                                            0x008d3b12
                                                            0x008d3b18
                                                            0x008d3b1e
                                                            0x008d3b33
                                                            0x008d3b89
                                                            0x008d3b8d
                                                            0x008d3b9e
                                                            0x008d3ba5
                                                            0x008d3bad
                                                            0x008d3c3e
                                                            0x008d3c44
                                                            0x008d3c52
                                                            0x008d3c56
                                                            0x008d3c65
                                                            0x008d3c65
                                                            0x008d3c66
                                                            0x008d3c6d
                                                            0x008d3c75
                                                            0x008d3c75
                                                            0x008d3c89
                                                            0x008d3c89
                                                            0x008d3c58
                                                            0x008d3c5d
                                                            0x008d3c5d
                                                            0x008d3c5e
                                                            0x00000000
                                                            0x008d3c64
                                                            0x008d3bca
                                                            0x008d3bd1
                                                            0x008d3bf4
                                                            0x008d3bf8
                                                            0x008d3c07
                                                            0x008d3c1b
                                                            0x008d3c38
                                                            0x008d3c3a
                                                            0x008d3c3a
                                                            0x00000000
                                                            0x008d3c38
                                                            0x008d3bfa
                                                            0x00000000
                                                            0x008d3bfa
                                                            0x008d3bd3
                                                            0x00000000
                                                            0x008d3bd3
                                                            0x008d3b8f
                                                            0x008d3b68
                                                            0x008d3b68
                                                            0x008d3b69
                                                            0x00000000
                                                            0x008d3b6f
                                                            0x008d3b3b
                                                            0x008d3b3f
                                                            0x008d3b44
                                                            0x008d3b4a
                                                            0x008d3b4a
                                                            0x008d3b4c
                                                            0x008d3b4e
                                                            0x008d3b4e
                                                            0x008d3b5e
                                                            0x008d3b63
                                                            0x00000000

                                                            APIs
                                                            • GetTempPathW.KERNEL32(00000104,?,?,00000000,crypt32.dll), ref: 008D3B2B
                                                            • GetLastError.KERNEL32(?,00000000,crypt32.dll), ref: 008D3B35
                                                            • GetCurrentProcessId.KERNEL32(?,?,?,00000104,?,?,00000000,crypt32.dll), ref: 008D3B9E
                                                            • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,crypt32.dll), ref: 008D3BA5
                                                            • CompareStringW.KERNEL32(00000000,00000000,?,?,?,?,?,7FFFFFFF,?,?,?,?,?,00000000,crypt32.dll), ref: 008D3C2F
                                                            Strings
                                                            • Failed to get length of temp folder., xrefs: 008D3B8F
                                                            • Failed to get length of session id string., xrefs: 008D3BFA
                                                            • c:\agent\_work\66\s\src\burn\engine\logging.cpp, xrefs: 008D3B59
                                                            • Failed to get temp folder., xrefs: 008D3B63
                                                            • @Mqt, xrefs: 008D3B35
                                                            • %u\, xrefs: 008D3BBF
                                                            • Failed to format session id as a string., xrefs: 008D3BD3
                                                            • Failed to copy temp folder., xrefs: 008D3C58
                                                            • crypt32.dll, xrefs: 008D3AEA
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Process$CompareCurrentErrorLastPathSessionStringTemp
                                                            • String ID: %u\$@Mqt$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$c:\agent\_work\66\s\src\burn\engine\logging.cpp$crypt32.dll
                                                            • API String ID: 2407829081-1306830583
                                                            • Opcode ID: 3663f5287060d1ee0b782d30733d50ae9e0e0f307e3ff2e8ef6ff77178bc328f
                                                            • Instruction ID: 8e69604a375fe8417a6eb78ec6ef744232fc69983128108a2d274d5c17b2c42e
                                                            • Opcode Fuzzy Hash: 3663f5287060d1ee0b782d30733d50ae9e0e0f307e3ff2e8ef6ff77178bc328f
                                                            • Instruction Fuzzy Hash: CE419072E9523DABCB219B649C49FD97778FF20724F1042A6F918F7241D6709F808B92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FF58A Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 76libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 85%
                                                            			E008FF58A() {
				_Unknown_base(*)()* _t2;
				_Unknown_base(*)()* _t5;
				signed short _t6;
				signed short _t11;
				signed short _t21;

				_t11 = E008C38BD(L"AdvApi32.dll", 0x92b5b8);
				if(_t11 < 0) {
					_t2 =  *0x92b5ac; // 0x745b2af0
				} else {
					 *0x92b5a8 = GetProcAddress( *0x92b5b8, "SystemFunction040");
					_t2 = GetProcAddress( *0x92b5b8, "SystemFunction041");
					 *0x92b5ac = _t2;
				}
				if( *0x92b5a8 == 0 || _t2 == 0) {
					_t11 = E008C38BD(L"Crypt32.dll", 0x92b5bc);
					if(_t11 >= 0) {
						_t5 = GetProcAddress( *0x92b5bc, "CryptProtectMemory");
						 *0x92b5b0 = _t5;
						if( *0x92b5a8 != 0 || _t5 != 0) {
							_t6 = GetProcAddress( *0x92b5bc, "CryptUnprotectMemory");
							__eflags =  *0x92b5ac;
							 *0x92b5b4 = _t6;
							if( *0x92b5ac != 0) {
								goto L21;
							} else {
								__eflags = _t6;
								if(_t6 != 0) {
									goto L21;
								} else {
									_t11 = GetLastError();
									__eflags = _t11;
									if(__eflags > 0) {
										_t11 = _t11 & 0x0000ffff | 0x80070000;
										__eflags = _t11;
									}
									if(__eflags >= 0) {
										_t11 = 0x80004005;
									}
									_push(_t11);
									_push(0x2d);
									goto L13;
								}
							}
						} else {
							_t11 = GetLastError();
							if(_t11 > 0) {
								_t11 = _t11 & 0x0000ffff | 0x80070000;
								_t21 = _t11;
							}
							if(_t21 >= 0) {
								_t11 = 0x80004005;
							}
							_push(_t11);
							_push(0x28);
							L13:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\cryputil.cpp");
							E008C38BA(_t7);
						}
					}
				} else {
					L21:
					 *0x92b5c0 = 1;
				}
				return _t11;
			}








                                                            0x008ff5a1
                                                            0x008ff5a5
                                                            0x008ff5cd
                                                            0x008ff5a7
                                                            0x008ff5bf
                                                            0x008ff5c4
                                                            0x008ff5c6
                                                            0x008ff5c6
                                                            0x008ff5d9
                                                            0x008ff5f2
                                                            0x008ff5f6
                                                            0x008ff607
                                                            0x008ff610
                                                            0x008ff615
                                                            0x008ff653
                                                            0x008ff655
                                                            0x008ff65c
                                                            0x008ff661
                                                            0x00000000
                                                            0x008ff663
                                                            0x008ff663
                                                            0x008ff665
                                                            0x00000000
                                                            0x008ff667
                                                            0x008ff66d
                                                            0x008ff66f
                                                            0x008ff671
                                                            0x008ff676
                                                            0x008ff67c
                                                            0x008ff67c
                                                            0x008ff67e
                                                            0x008ff680
                                                            0x008ff680
                                                            0x008ff685
                                                            0x008ff686
                                                            0x00000000
                                                            0x008ff686
                                                            0x008ff665
                                                            0x008ff61b
                                                            0x008ff621
                                                            0x008ff625
                                                            0x008ff62a
                                                            0x008ff630
                                                            0x008ff630
                                                            0x008ff632
                                                            0x008ff634
                                                            0x008ff634
                                                            0x008ff639
                                                            0x008ff63a
                                                            0x008ff63c
                                                            0x008ff63c
                                                            0x008ff641
                                                            0x008ff641
                                                            0x008ff615
                                                            0x008ff68a
                                                            0x008ff68a
                                                            0x008ff68a
                                                            0x008ff68a
                                                            0x008ff698

                                                            APIs
                                                            • GetProcAddress.KERNEL32(SystemFunction040,AdvApi32.dll), ref: 008FF5B2
                                                            • GetProcAddress.KERNEL32(SystemFunction041), ref: 008FF5C4
                                                            • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 008FF607
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 008FF61B
                                                            • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 008FF653
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 008FF667
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$ErrorLast
                                                            • String ID: @Mqt$AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$c:\agent\_work\66\s\src\libs\dutil\cryputil.cpp
                                                            • API String ID: 4214558900-1655854694
                                                            • Opcode ID: 0035006366f9ac335b6c7511ef6a3c6102f2da7689d8ac0d233c0f3a60bd7fbe
                                                            • Instruction ID: 225e6cef71aa281ab9e62efd3854c17ca57b1262f808767b923758c9c4940699
                                                            • Opcode Fuzzy Hash: 0035006366f9ac335b6c7511ef6a3c6102f2da7689d8ac0d233c0f3a60bd7fbe
                                                            • Instruction Fuzzy Hash: BE21833295563A6AC3315B74AC16F262A90FF60758F020139FF00FA265EB789C02EEC0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CA249 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 140registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E008CA249(intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				int* _v12;
				int* _v16;
				int _v20;
				void* _t35;
				signed short _t46;
				signed short _t47;
				intOrPtr _t54;
				signed int _t58;
				void* _t63;
				signed short _t65;
				void* _t67;

				_t54 = _a4;
				_t58 =  *(_t54 + 0x24);
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				if(E008C7303(_a8,  *((intOrPtr*)(_t54 + 0x1c)),  &_v8, 0) >= 0) {
					asm("sbb edi, edi");
					_t65 = E00900823( *((intOrPtr*)(_t54 + 0x18)), _v8, ( ~_t58 & 0x00000100) + 1,  &_v16);
					__eflags = _t65;
					if(_t65 >= 0) {
						_t35 = 0;
						_t63 = 1;
						__eflags =  *(_t54 + 0x20);
						if( *(_t54 + 0x20) == 0) {
							L20:
							_t65 = E008C8274(_a8,  *((intOrPtr*)(_t54 + 4)), _t63, _t35, 0);
							__eflags = _t65;
							if(_t65 >= 0) {
								L25:
								E008C287D(_v8);
								E008C287D(_v12);
								if(_v16 != 0) {
									RegCloseKey(_v16);
								}
								return _t65;
							}
							_push("Failed to set variable.");
							L22:
							_push(_t65);
							E008FFB09();
							L23:
							if(_t65 < 0) {
								_push(_t65);
								E008FFFF0(2, "RegistrySearchExists failed: ID \'%ls\', HRESULT 0x%x", _v8);
							}
							goto L25;
						}
						_t65 = E008C7303(_a8,  *(_t54 + 0x20),  &_v12, 0);
						__eflags = _t65;
						if(_t65 >= 0) {
							_t46 = RegQueryValueExW(_v16, _v12, 0,  &_v20, 0, 0);
							_t65 = _t46;
							_t47 = _t46;
							__eflags = _t47;
							if(_t47 == 0) {
								L19:
								_t35 = 0;
								__eflags = 0;
								goto L20;
							}
							__eflags = _t47 == 0;
							if(_t47 == 0) {
								_push(_v12);
								E008FFFF0(2, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v8);
								_t67 = _t67 + 0x10;
								L18:
								_t63 = 0;
								__eflags = 0;
								goto L19;
							}
							_t35 = 0;
							__eflags = _t65;
							if(__eflags == 0) {
								goto L20;
							}
							if(__eflags > 0) {
								_t65 = _t65 & 0x0000ffff | 0x80070000;
								__eflags = _t65;
							}
							if(__eflags >= 0) {
								_t65 = 0x80004005;
							}
							E008C38BA(_t35, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\search.cpp", 0x322, _t65);
							_push("Failed to query registry key value.");
							goto L22;
						}
						_push("Failed to format value string.");
						goto L22;
					}
					_push(_v8);
					__eflags = _t65 - 0x80070002;
					if(_t65 != 0x80070002) {
						_push("Failed to open registry key. Key = \'%ls\'");
						_push(_t65);
						E008FFB09();
						_t67 = _t67 + 0xc;
						goto L23;
					}
					_push("Registry key not found. Key = \'%ls\'");
					_push(2);
					E008FFFF0();
					_t67 = _t67 + 0xc;
					goto L18;
				}
				_push("Failed to format key string.");
				goto L22;
			}















                                                            0x008ca250
                                                            0x008ca258
                                                            0x008ca25b
                                                            0x008ca25e
                                                            0x008ca261
                                                            0x008ca264
                                                            0x008ca27a
                                                            0x008ca28c
                                                            0x008ca2a1
                                                            0x008ca2a3
                                                            0x008ca2a5
                                                            0x008ca2db
                                                            0x008ca2dd
                                                            0x008ca2de
                                                            0x008ca2e1
                                                            0x008ca373
                                                            0x008ca382
                                                            0x008ca384
                                                            0x008ca386
                                                            0x008ca3ac
                                                            0x008ca3af
                                                            0x008ca3b7
                                                            0x008ca3c0
                                                            0x008ca3c5
                                                            0x008ca3c5
                                                            0x008ca3d1
                                                            0x008ca3d1
                                                            0x008ca388
                                                            0x008ca38d
                                                            0x008ca38d
                                                            0x008ca38e
                                                            0x008ca395
                                                            0x008ca397
                                                            0x008ca399
                                                            0x008ca3a4
                                                            0x008ca3a9
                                                            0x00000000
                                                            0x008ca397
                                                            0x008ca2f7
                                                            0x008ca2f9
                                                            0x008ca2fb
                                                            0x008ca316
                                                            0x008ca31c
                                                            0x008ca31e
                                                            0x008ca31e
                                                            0x008ca321
                                                            0x008ca371
                                                            0x008ca371
                                                            0x008ca371
                                                            0x00000000
                                                            0x008ca371
                                                            0x008ca324
                                                            0x008ca327
                                                            0x008ca35a
                                                            0x008ca367
                                                            0x008ca36c
                                                            0x008ca36f
                                                            0x008ca36f
                                                            0x008ca36f
                                                            0x00000000
                                                            0x008ca36f
                                                            0x008ca329
                                                            0x008ca32b
                                                            0x008ca32d
                                                            0x00000000
                                                            0x00000000
                                                            0x008ca32f
                                                            0x008ca334
                                                            0x008ca33a
                                                            0x008ca33a
                                                            0x008ca33c
                                                            0x008ca33e
                                                            0x008ca33e
                                                            0x008ca34e
                                                            0x008ca353
                                                            0x00000000
                                                            0x008ca353
                                                            0x008ca2fd
                                                            0x00000000
                                                            0x008ca2fd
                                                            0x008ca2a7
                                                            0x008ca2aa
                                                            0x008ca2b0
                                                            0x008ca2c6
                                                            0x008ca2cb
                                                            0x008ca2cc
                                                            0x008ca2d1
                                                            0x00000000
                                                            0x008ca2d1
                                                            0x008ca2b2
                                                            0x008ca2b7
                                                            0x008ca2b9
                                                            0x008ca2be
                                                            0x00000000
                                                            0x008ca2be
                                                            0x008ca27c
                                                            0x00000000

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 008CA271
                                                            • RegCloseKey.ADVAPI32(00000000,00000100,00000000,000002C0,?,00000001,00000000,00000000,?,00000000,?,000002C0,000002C0,?,00000000,00000000), ref: 008CA3C5
                                                            Strings
                                                            • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 008CA39D
                                                            • Failed to set variable., xrefs: 008CA388
                                                            • Failed to format key string., xrefs: 008CA27C
                                                            • Failed to query registry key value., xrefs: 008CA353
                                                            • Failed to format value string., xrefs: 008CA2FD
                                                            • Failed to open registry key. Key = '%ls', xrefs: 008CA2C6
                                                            • Registry key not found. Key = '%ls', xrefs: 008CA2B2
                                                            • c:\agent\_work\66\s\src\burn\engine\search.cpp, xrefs: 008CA349
                                                            • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 008CA360
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseOpen@16
                                                            • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$c:\agent\_work\66\s\src\burn\engine\search.cpp
                                                            • API String ID: 1561904661-635686934
                                                            • Opcode ID: b55c3a0f62f93caa2cbac9b3420be59500d522320ea283332df3867e5d737a26
                                                            • Instruction ID: c5df9eb2e6ee073723487a0b319fde744d2cc3162220920b1977b4db9af7aa2a
                                                            • Opcode Fuzzy Hash: b55c3a0f62f93caa2cbac9b3420be59500d522320ea283332df3867e5d737a26
                                                            • Instruction Fuzzy Hash: 7C41D072D0016DBBCB166BB8CC12FAE7A79FF44718F104269F904E6292D671DE10A692
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F8C92 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008F8C92(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x92a708) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E008F5CE8(_t46);
							E008F880C( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E008F5CE8(_t47);
							E008F890A( *((intOrPtr*)(_t74 + 0x88)));
						}
						E008F5CE8( *((intOrPtr*)(_t74 + 0x7c)));
						E008F5CE8( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E008F5CE8( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E008F5CE8( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E008F5CE8( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E008F5CE8( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E008F8E05( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x92a128) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E008F5CE8(_t31);
							E008F5CE8( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0x2e6461
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E008F5CE8(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E008F5CE8(_t74);
			}















                                                            0x008f8c9a
                                                            0x008f8c9e
                                                            0x008f8ca6
                                                            0x008f8caf
                                                            0x008f8cb4
                                                            0x008f8cbb
                                                            0x008f8cc3
                                                            0x008f8ccb
                                                            0x008f8cd6
                                                            0x008f8cdc
                                                            0x008f8cdd
                                                            0x008f8ce5
                                                            0x008f8ced
                                                            0x008f8cf8
                                                            0x008f8cfe
                                                            0x008f8d02
                                                            0x008f8d0d
                                                            0x008f8d13
                                                            0x008f8cb4
                                                            0x008f8d14
                                                            0x008f8d1c
                                                            0x008f8d2f
                                                            0x008f8d42
                                                            0x008f8d50
                                                            0x008f8d5b
                                                            0x008f8d60
                                                            0x008f8d69
                                                            0x008f8d71
                                                            0x008f8d72
                                                            0x008f8d78
                                                            0x008f8d7b
                                                            0x008f8d7e
                                                            0x008f8d85
                                                            0x008f8d87
                                                            0x008f8d8b
                                                            0x008f8d93
                                                            0x008f8d9a
                                                            0x008f8da0
                                                            0x008f8da1
                                                            0x008f8da1
                                                            0x008f8da8
                                                            0x008f8daa
                                                            0x008f8daa
                                                            0x008f8daf
                                                            0x008f8db7
                                                            0x008f8dbc
                                                            0x008f8dbd
                                                            0x008f8dbd
                                                            0x008f8dc0
                                                            0x008f8dc3
                                                            0x008f8dc6
                                                            0x008f8dc9
                                                            0x008f8dc9
                                                            0x008f8ddb

                                                            APIs
                                                            • ___free_lconv_mon.LIBCMT ref: 008F8CD6
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F8829
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F883B
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F884D
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F885F
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F8871
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F8883
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F8895
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F88A7
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F88B9
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F88CB
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F88DD
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F88EF
                                                              • Part of subcall function 008F880C: _free.LIBCMT ref: 008F8901
                                                            • _free.LIBCMT ref: 008F8CCB
                                                              • Part of subcall function 008F5CE8: HeapFree.KERNEL32(00000000,00000000,?,008F89A1,?,00000000,?,00000000,?,008F89C8,?,00000007,?,?,008F8E2A,?), ref: 008F5CFE
                                                              • Part of subcall function 008F5CE8: GetLastError.KERNEL32(?,?,008F89A1,?,00000000,?,00000000,?,008F89C8,?,00000007,?,?,008F8E2A,?,?), ref: 008F5D10
                                                            • _free.LIBCMT ref: 008F8CED
                                                            • _free.LIBCMT ref: 008F8D02
                                                            • _free.LIBCMT ref: 008F8D0D
                                                            • _free.LIBCMT ref: 008F8D2F
                                                            • _free.LIBCMT ref: 008F8D42
                                                            • _free.LIBCMT ref: 008F8D50
                                                            • _free.LIBCMT ref: 008F8D5B
                                                            • _free.LIBCMT ref: 008F8D93
                                                            • _free.LIBCMT ref: 008F8D9A
                                                            • _free.LIBCMT ref: 008F8DB7
                                                            • _free.LIBCMT ref: 008F8DCF
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                            • String ID:
                                                            • API String ID: 161543041-0
                                                            • Opcode ID: 08b30d42353d59247f59da6b4531560b565c96b44c6dd50f3ee01ae8193cf53b
                                                            • Instruction ID: aae4abcd0a07503f8d54f1071e27b5a855b2df6ac7efafe3bfbc18544aa54b81
                                                            • Opcode Fuzzy Hash: 08b30d42353d59247f59da6b4531560b565c96b44c6dd50f3ee01ae8193cf53b
                                                            • Instruction Fuzzy Hash: D3313632600B0CDFEB61AA78D945B7AB3E9FF10310F21442AE65AD7191DF35AD80CB21
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D2C15 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 298COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 89%
                                                            			E008D2C15(signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, int _a24) {
				int _v8;
				char _v12;
				int _v16;
				char _v20;
				intOrPtr* _v24;
				void* __edi;
				int _t107;
				signed int* _t108;
				signed int _t109;
				signed int _t110;
				signed int _t118;
				signed int _t125;
				short* _t126;
				signed int _t130;
				signed int _t131;
				signed int _t138;
				intOrPtr* _t146;
				signed int _t148;
				signed int _t151;
				signed int _t153;
				signed int _t157;
				signed int _t159;
				signed int _t160;
				signed int _t163;
				signed int _t164;
				intOrPtr _t165;
				signed int _t166;
				void* _t167;

				_t146 = _a4;
				_t163 = _a8;
				_v8 = 0;
				 *((intOrPtr*)(_t146 + 0x10)) = 1;
				_t164 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				if( *((intOrPtr*)(_t163 + 0xc)) != 0) {
					L2:
					_t107 = 1;
					L3:
					 *((intOrPtr*)(_t146 + 0x18)) = _t107;
					 *((intOrPtr*)(_t146 + 0x1c)) = 0;
					_t12 = _t163 + 0x40; // 0x6c0065
					_t108 =  *_t12;
					if(_t108 != 0) {
						__eflags =  *_t108;
						if( *_t108 == 0) {
							goto L7;
						}
						goto L6;
					} else {
						_t13 = _t163 + 0x10; // 0x6c0064
						_t108 =  *_t13;
						L6:
						_v8 = _t108;
						L7:
						if( *_t146 != 3) {
							__eflags =  *(_t163 + 0x2c);
							if(__eflags != 0) {
								L44:
								_a24 = 1;
								L45:
								_t64 = _t163 + 0x54; // 0x6c44746c
								_t109 = E00903B71(_t163, __eflags,  *_t64, 0);
								__eflags = _t109;
								if(_t109 == 0) {
									L48:
									 *(_t146 + 0x14) =  *(_t146 + 0x14) | 0x00000003;
									L51:
									 *(_t146 + 0x14) =  *(_t146 + 0x14) | 0x00000004;
									_t148 = 0;
									 *((intOrPtr*)(_t146 + 0x38)) = 1;
									_a16 = 0;
									__eflags =  *(_t163 + 0xb8);
									if( *(_t163 + 0xb8) <= 0) {
										L61:
										_t110 = _v8;
										__eflags = _t110;
										if(_t110 == 0) {
											L68:
											if(_v12 != 0) {
												E00904DA3(_t163, _v12);
											}
											if(_v20 != 0) {
												E009088C5(_v20, _v16);
											}
											return _t164;
										}
										__eflags =  *(_t163 + 0x40);
										if( *(_t163 + 0x40) != 0) {
											L64:
											__eflags = E008E7A93(_t148, _t163, _t110);
											if(__eflags != 0) {
												goto L68;
											}
											_t100 = _t163 + 0x10; // 0x6c0064
											_t164 = E008D0EBF(__eflags, _t146, 1, _v8,  *_t100);
											__eflags = _t164;
											if(_t164 >= 0) {
												goto L68;
											}
											_push("Failed to add registration action for self dependent.");
											L67:
											_push(_t164);
											E008FFB09();
											goto L68;
										}
										__eflags = _a24;
										if(_a24 != 0) {
											goto L68;
										}
										goto L64;
									}
									_t157 = 0;
									__eflags = 0;
									_a20 = 0;
									do {
										_t75 = _t163 + 0xb4; // 0x74757070
										_t118 =  *_t75 + _t157;
										_a12 = _t118;
										__eflags =  *_t118 - 5;
										if( *_t118 != 5) {
											goto L60;
										}
										_a4 = _a4 & 0x00000000;
										__eflags =  *(_t118 + 0xa0);
										if( *(_t118 + 0xa0) <= 0) {
											goto L60;
										}
										_t151 = 0;
										__eflags = 0;
										_a8 = 0;
										do {
											_v24 =  *((intOrPtr*)(_t118 + 0x9c)) + _t151;
											__eflags = E008E7A93(_t151, _t163,  *( *((intOrPtr*)(_t118 + 0x9c)) + _t151));
											if(__eflags != 0) {
												goto L58;
											}
											_t164 = E008D0EBF(__eflags, _t146, 1,  *_v24,  *((intOrPtr*)(_a12 + 0x18)));
											__eflags = _t164;
											if(_t164 < 0) {
												_push("Failed to add registration action for dependent related bundle.");
												goto L67;
											}
											L58:
											_t118 = _a12;
											_t159 = _a4 + 1;
											_t151 = _a8 + 0x10;
											_a4 = _t159;
											_a8 = _t151;
											__eflags = _t159 -  *(_t118 + 0xa0);
										} while (_t159 <  *(_t118 + 0xa0));
										_t148 = _a16;
										_t157 = _a20;
										L60:
										_t148 = _t148 + 1;
										_t157 = _t157 + 0xf8;
										_a16 = _t148;
										_a20 = _t157;
										_t96 = _t163 + 0xb8; // 0x632e6c69
										__eflags = _t148 -  *_t96;
									} while (_t148 <  *_t96);
									goto L61;
								}
								__eflags =  *_t146 - 7;
								if( *_t146 != 7) {
									goto L51;
								}
								_t125 = E008D97D7();
								__eflags = _t125;
								if(_t125 != 0) {
									__eflags =  *_t146 - 7;
									if( *_t146 == 7) {
										_t67 = _t146 + 0x14;
										 *_t67 =  *(_t146 + 0x14) | 0x00000002;
										__eflags =  *_t67;
									}
									goto L51;
								}
								goto L48;
							}
							_a24 = 0;
							__eflags =  *(_t163 + 0x34);
							if(__eflags == 0) {
								goto L45;
							}
							goto L44;
						}
						_t15 = _t163 + 0xbc; // 0x7070
						_t126 =  *_t15;
						_t165 = 2;
						if(_t126 == 0) {
							L11:
							_t18 = _t163 + 0xbc; // 0x7070
							_push( *_t18);
							_t19 = _t163 + 0x44; // 0x320033
							E008C563D(_t165, 0xa00000d1,  *_t19);
							_t167 = _t167 + 0x10;
							L12:
							_t164 = E00904C78( &_v12, 5, 1);
							if(_t164 >= 0) {
								_t130 = _v8;
								__eflags = _t130;
								if(_t130 == 0) {
									L20:
									__eflags = _a16 - 2;
									if(_a16 == 2) {
										goto L68;
									}
									_t131 = _a20;
									_t166 = 0;
									__eflags = _t131;
									if(_t131 == 0) {
										L26:
										_t153 = _t166;
										_a12 = _t153;
										__eflags =  *(_t163 + 0xb8) - _t166;
										if( *(_t163 + 0xb8) <= _t166) {
											L35:
											_t54 = _t163 + 0x44; // 0x320033
											_t55 = _t163 + 0x4c; // 0x44746553
											_t164 = E00908705(_t153,  *_t55,  *_t54, _t166, _v12,  &_v20,  &_v16);
											__eflags = _t164 - 0x80070002;
											if(_t164 != 0x80070002) {
												__eflags = _t164;
												if(_t164 < 0) {
													_push("Failed to check for remaining dependents during planning.");
													goto L67;
												}
												__eflags = _v16;
												if(_v16 != 0) {
													 *((intOrPtr*)(_t146 + 0x1c)) = 1;
													 *_a24 =  *_a24 & 0x00000000;
													E008C563D(2, 0xa00000d2, _v16);
												}
												goto L68;
											}
											_t164 = 0;
											goto L68;
										}
										_t160 = _t166;
										_a16 = _t166;
										do {
											_t32 = _t163 + 0xb4; // 0x74757070
											_t138 =  *_t32 + _t160;
											_a20 = _t138;
											__eflags =  *_t138 - 5;
											if( *_t138 != 5) {
												goto L34;
											}
											_a4 = _t166;
											__eflags =  *((intOrPtr*)(_t138 + 0xa0)) - _t166;
											if( *((intOrPtr*)(_t138 + 0xa0)) <= _t166) {
												goto L34;
											}
											_t161 = _t166;
											_a8 = _t166;
											while(1) {
												_t164 = E008E79DE(_t153, _v12,  *((intOrPtr*)( *((intOrPtr*)(_t138 + 0x9c)) + _t161)));
												__eflags = _t164;
												if(_t164 < 0) {
													break;
												}
												_t138 = _a20;
												_t153 = _a4 + 1;
												_t161 = _a8 + 0x10;
												_a4 = _t153;
												_a8 = _a8 + 0x10;
												__eflags = _t153 -  *((intOrPtr*)(_t138 + 0xa0));
												if(_t153 <  *((intOrPtr*)(_t138 + 0xa0))) {
													continue;
												}
												_t153 = _a12;
												_t166 = 0;
												__eflags = 0;
												_t160 = _a16;
												goto L34;
											}
											_push("Failed to add dependent bundle provider key to ignore dependents.");
											goto L67;
											L34:
											_t153 = _t153 + 1;
											_t160 = _t160 + 0xf8;
											_a12 = _t153;
											_a16 = _t160;
											_t50 = _t163 + 0xb8; // 0x632e6c69
											__eflags = _t153 -  *_t50;
										} while (_t153 <  *_t50);
										goto L35;
									}
									__eflags =  *_t131;
									if( *_t131 == 0) {
										goto L26;
									}
									_t164 = E008E79DE(0, _v12, _t131);
									__eflags = _t164;
									if(_t164 >= 0) {
										_t166 = 0;
										__eflags = 0;
										goto L26;
									}
									_push("Failed to add dependents ignored from command-line.");
									goto L67;
								}
								__eflags = E008E7A93(0, _t163, _t130);
								if(__eflags == 0) {
									goto L20;
								}
								_t22 = _t163 + 0x10; // 0x6c0064
								_t164 = E008D0EBF(__eflags, _t146, 2, _v8,  *_t22);
								__eflags = _t164;
								if(_t164 >= 0) {
									_t164 = E008E79DE(0, _v12, _v8);
									__eflags = _t164;
									if(_t164 >= 0) {
										goto L20;
									}
									_push("Failed to add self-dependent to ignore dependents.");
									goto L67;
								}
								_push("Failed to allocate registration action.");
								goto L67;
							}
							_push("Failed to create the string dictionary.");
							goto L67;
						}
						_t16 = _t163 + 0x10; // 0x6c0064
						if(CompareStringW(0, 1,  *_t16, 0xffffffff, _t126, 0xffffffff) != _t165) {
							goto L11;
						}
						 *((intOrPtr*)(_t146 + 0x38)) = _t165;
						goto L12;
					}
				}
				_t107 = 0;
				if(_a12 != 4) {
					goto L3;
				}
				goto L2;
			}































                                                            0x008d2c1c
                                                            0x008d2c23
                                                            0x008d2c29
                                                            0x008d2c2c
                                                            0x008d2c2f
                                                            0x008d2c31
                                                            0x008d2c34
                                                            0x008d2c37
                                                            0x008d2c3d
                                                            0x008d2c47
                                                            0x008d2c47
                                                            0x008d2c49
                                                            0x008d2c49
                                                            0x008d2c4c
                                                            0x008d2c4f
                                                            0x008d2c4f
                                                            0x008d2c54
                                                            0x008d2c5b
                                                            0x008d2c5e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2c56
                                                            0x008d2c56
                                                            0x008d2c56
                                                            0x008d2c60
                                                            0x008d2c60
                                                            0x008d2c63
                                                            0x008d2c66
                                                            0x008d2e33
                                                            0x008d2e36
                                                            0x008d2e40
                                                            0x008d2e40
                                                            0x008d2e43
                                                            0x008d2e44
                                                            0x008d2e47
                                                            0x008d2e4c
                                                            0x008d2e4e
                                                            0x008d2e5e
                                                            0x008d2e5e
                                                            0x008d2e6d
                                                            0x008d2e6d
                                                            0x008d2e71
                                                            0x008d2e73
                                                            0x008d2e7a
                                                            0x008d2e7d
                                                            0x008d2e83
                                                            0x008d2f1e
                                                            0x008d2f1e
                                                            0x008d2f21
                                                            0x008d2f23
                                                            0x008d2f5d
                                                            0x008d2f61
                                                            0x008d2f66
                                                            0x008d2f66
                                                            0x008d2f6f
                                                            0x008d2f77
                                                            0x008d2f77
                                                            0x008d2f82
                                                            0x008d2f82
                                                            0x008d2f25
                                                            0x008d2f29
                                                            0x008d2f31
                                                            0x008d2f38
                                                            0x008d2f3a
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2f3c
                                                            0x008d2f4a
                                                            0x008d2f4c
                                                            0x008d2f4e
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2f50
                                                            0x008d2f55
                                                            0x008d2f55
                                                            0x008d2f56
                                                            0x00000000
                                                            0x008d2f5c
                                                            0x008d2f2b
                                                            0x008d2f2f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2f2f
                                                            0x008d2e89
                                                            0x008d2e89
                                                            0x008d2e8b
                                                            0x008d2e8e
                                                            0x008d2e8e
                                                            0x008d2e94
                                                            0x008d2e96
                                                            0x008d2e99
                                                            0x008d2e9c
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2e9e
                                                            0x008d2ea2
                                                            0x008d2ea9
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2eab
                                                            0x008d2eab
                                                            0x008d2ead
                                                            0x008d2eb0
                                                            0x008d2eb8
                                                            0x008d2ec3
                                                            0x008d2ec5
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2eda
                                                            0x008d2edc
                                                            0x008d2ede
                                                            0x008d2f85
                                                            0x00000000
                                                            0x008d2f85
                                                            0x008d2ee4
                                                            0x008d2ee7
                                                            0x008d2eea
                                                            0x008d2eee
                                                            0x008d2ef1
                                                            0x008d2ef4
                                                            0x008d2ef7
                                                            0x008d2ef7
                                                            0x008d2eff
                                                            0x008d2f02
                                                            0x008d2f05
                                                            0x008d2f05
                                                            0x008d2f06
                                                            0x008d2f0c
                                                            0x008d2f0f
                                                            0x008d2f12
                                                            0x008d2f12
                                                            0x008d2f12
                                                            0x00000000
                                                            0x008d2e8e
                                                            0x008d2e50
                                                            0x008d2e53
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2e55
                                                            0x008d2e5a
                                                            0x008d2e5c
                                                            0x008d2e64
                                                            0x008d2e67
                                                            0x008d2e69
                                                            0x008d2e69
                                                            0x008d2e69
                                                            0x008d2e69
                                                            0x00000000
                                                            0x008d2e67
                                                            0x00000000
                                                            0x008d2e5c
                                                            0x008d2e38
                                                            0x008d2e3b
                                                            0x008d2e3e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2e3e
                                                            0x008d2c6c
                                                            0x008d2c6c
                                                            0x008d2c74
                                                            0x008d2c77
                                                            0x008d2c92
                                                            0x008d2c92
                                                            0x008d2c92
                                                            0x008d2c98
                                                            0x008d2ca1
                                                            0x008d2ca6
                                                            0x008d2ca9
                                                            0x008d2cb6
                                                            0x008d2cba
                                                            0x008d2cc6
                                                            0x008d2cc9
                                                            0x008d2ccb
                                                            0x008d2d11
                                                            0x008d2d11
                                                            0x008d2d15
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2d1b
                                                            0x008d2d1e
                                                            0x008d2d20
                                                            0x008d2d22
                                                            0x008d2d44
                                                            0x008d2d44
                                                            0x008d2d46
                                                            0x008d2d49
                                                            0x008d2d4f
                                                            0x008d2dc5
                                                            0x008d2dd1
                                                            0x008d2dd4
                                                            0x008d2ddc
                                                            0x008d2dde
                                                            0x008d2de4
                                                            0x008d2df7
                                                            0x008d2df9
                                                            0x008d2e29
                                                            0x00000000
                                                            0x008d2e29
                                                            0x008d2dfb
                                                            0x008d2dff
                                                            0x008d2e10
                                                            0x008d2e19
                                                            0x008d2e1c
                                                            0x008d2e21
                                                            0x00000000
                                                            0x008d2dff
                                                            0x008d2de6
                                                            0x00000000
                                                            0x008d2de6
                                                            0x008d2d51
                                                            0x008d2d53
                                                            0x008d2d56
                                                            0x008d2d56
                                                            0x008d2d5c
                                                            0x008d2d5e
                                                            0x008d2d61
                                                            0x008d2d64
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2d66
                                                            0x008d2d69
                                                            0x008d2d6f
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2d71
                                                            0x008d2d73
                                                            0x008d2d76
                                                            0x008d2d87
                                                            0x008d2d89
                                                            0x008d2d8b
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2d90
                                                            0x008d2d93
                                                            0x008d2d97
                                                            0x008d2d9a
                                                            0x008d2d9d
                                                            0x008d2da0
                                                            0x008d2da6
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2da8
                                                            0x008d2dab
                                                            0x008d2dab
                                                            0x008d2dad
                                                            0x00000000
                                                            0x008d2dad
                                                            0x008d2ded
                                                            0x00000000
                                                            0x008d2db0
                                                            0x008d2db0
                                                            0x008d2db1
                                                            0x008d2db7
                                                            0x008d2dba
                                                            0x008d2dbd
                                                            0x008d2dbd
                                                            0x008d2dbd
                                                            0x00000000
                                                            0x008d2d56
                                                            0x008d2d24
                                                            0x008d2d27
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2d32
                                                            0x008d2d34
                                                            0x008d2d36
                                                            0x008d2d42
                                                            0x008d2d42
                                                            0x00000000
                                                            0x008d2d42
                                                            0x008d2d38
                                                            0x00000000
                                                            0x008d2d38
                                                            0x008d2cd4
                                                            0x008d2cd6
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2cd8
                                                            0x008d2ce6
                                                            0x008d2ce8
                                                            0x008d2cea
                                                            0x008d2d01
                                                            0x008d2d03
                                                            0x008d2d05
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2d07
                                                            0x00000000
                                                            0x008d2d07
                                                            0x008d2cec
                                                            0x00000000
                                                            0x008d2cec
                                                            0x008d2cbc
                                                            0x00000000
                                                            0x008d2cbc
                                                            0x008d2c7e
                                                            0x008d2c8b
                                                            0x00000000
                                                            0x00000000
                                                            0x008d2c8d
                                                            0x00000000
                                                            0x008d2c8d
                                                            0x008d2c54
                                                            0x008d2c43
                                                            0x008d2c45
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,00007070,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 008D2C83
                                                            Strings
                                                            • Failed to add registration action for dependent related bundle., xrefs: 008D2F85
                                                            • Failed to add dependents ignored from command-line., xrefs: 008D2D38
                                                            • Failed to allocate registration action., xrefs: 008D2CEC
                                                            • Failed to check for remaining dependents during planning., xrefs: 008D2E29
                                                            • Failed to add dependent bundle provider key to ignore dependents., xrefs: 008D2DED
                                                            • wininet.dll, xrefs: 008D2ED0
                                                            • Failed to create the string dictionary., xrefs: 008D2CBC
                                                            • Failed to add self-dependent to ignore dependents., xrefs: 008D2D07
                                                            • Failed to add registration action for self dependent., xrefs: 008D2F50
                                                            • crypt32.dll, xrefs: 008D2CCE, 008D2DC8, 008D2EBD, 008D2F32
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                            • API String ID: 1825529933-1705955799
                                                            • Opcode ID: cc014dd3c3ce4134bdc8f33b0ef86f8df43829664b61718c0847f1bfa15dcb4a
                                                            • Instruction ID: b2528a63f6edaa619c6505929b205ef0547f35c8088335e5e9ec4f135f906a20
                                                            • Opcode Fuzzy Hash: cc014dd3c3ce4134bdc8f33b0ef86f8df43829664b61718c0847f1bfa15dcb4a
                                                            • Instruction Fuzzy Hash: B0B17C70A0421AEFCF259F68C841BAE7BB5FF64310F10866AF914EA351DB30D951DB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C3171 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 88%
                                                            			E008C3171(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed short _t57;
				signed short _t67;
				signed int _t69;
				long _t74;
				long _t75;
				WCHAR* _t76;
				signed short _t78;
				signed short _t89;

				_t74 = 0;
				_v12 = _v12 & 0;
				_t76 = 0;
				_v16 = 0;
				_v8 = 0;
				if((_a12 & 0x00000001) == 0) {
					L24:
					__eflags = _a12 & 0x00000002;
					if((_a12 & 0x00000002) == 0) {
						_t41 =  &_v8;
						 *_t41 = _v8 & 0x00000000;
						__eflags =  *_t41;
						_v12 = _t76;
						goto L52;
					} else {
						_a12 = _a12 & 0x00000000;
						__eflags = _t76;
						if(_t76 == 0) {
							_t76 = _a8;
						}
						__eflags = _t74 - 0x40;
						if(_t74 <= 0x40) {
							_t74 = 0x40;
						}
						_t78 = E008C1FE0( &_v12, _t74);
						__eflags = _t78;
						if(_t78 >= 0) {
							_t57 = GetFullPathNameW(_t76, _t74, _v12,  &_a12);
							__eflags = _t57;
							if(_t57 != 0) {
								__eflags = _t74 - _t57;
								if(_t74 >= _t57) {
									L48:
									__eflags = _t57 - 0x104;
									if(_t57 <= 0x104) {
										L50:
										_t76 = _v12;
										L52:
										__eflags = _t76;
										if(_t76 == 0) {
											_t76 = _a8;
										}
										_t78 = E008C229E(_a4, _t76, 0);
									} else {
										_t78 = E008C367D( &_v12);
										__eflags = _t78;
										if(_t78 >= 0) {
											goto L50;
										}
									}
								} else {
									_t75 = _t57;
									__eflags = _t57 - 0x104;
									if(_t57 >= 0x104) {
										_t35 = _t57 + 7; // 0x7
										_t75 = _t35;
									}
									_t78 = E008C1FE0( &_v12, _t75);
									__eflags = _t78;
									if(_t78 >= 0) {
										_t57 = GetFullPathNameW(_t76, _t75, _v12,  &_a12);
										__eflags = _t57;
										if(_t57 != 0) {
											__eflags = _t75 - _t57;
											if(_t75 >= _t57) {
												goto L48;
											} else {
												_t63 = 0x8007007a;
												_push(0x8007007a);
												_t78 = 0x8007007a;
												_push(0x149);
												goto L8;
											}
										} else {
											_t78 = GetLastError();
											__eflags = _t78;
											if(__eflags > 0) {
												_t78 = _t78 & 0x0000ffff | 0x80070000;
												__eflags = _t78;
											}
											if(__eflags >= 0) {
												_t78 = 0x80004005;
											}
											_push(_t78);
											_push(0x144);
											goto L8;
										}
									}
								}
							} else {
								_t78 = GetLastError();
								__eflags = _t78;
								if(__eflags > 0) {
									_t78 = _t78 & 0x0000ffff | 0x80070000;
									__eflags = _t78;
								}
								if(__eflags >= 0) {
									_t78 = 0x80004005;
								}
								_push(_t78);
								_push(0x139);
								goto L8;
							}
						}
					}
				} else {
					_v16 = 0x40;
					_t78 = E008C1FE0( &_v8, 0x40);
					if(_t78 >= 0) {
						_t67 = ExpandEnvironmentStringsW(_a8, _v8, _v16);
						if(_t67 != 0) {
							_t74 = _v16;
							__eflags = _t74 - _t67;
							if(_t74 >= _t67) {
								L19:
								__eflags = _t67 - 0x104;
								if(_t67 <= 0x104) {
									L23:
									_t76 = _v8;
									goto L24;
								} else {
									_t69 = E008C367D( &_v8);
									_t21 = _t69 + 0x7ff8ffa9; // 0x7ff8ffa9
									asm("sbb esi, esi");
									_t78 =  ~_t21 & _t69;
									__eflags = _t78;
									if(_t78 >= 0) {
										_t78 = E008C2847(_v8,  &_v16);
										__eflags = _t78;
										if(_t78 >= 0) {
											_t74 = _v16;
											goto L23;
										}
									}
								}
							} else {
								_v16 = _t67;
								_t78 = E008C1FE0( &_v8, _t67);
								__eflags = _t78;
								if(_t78 >= 0) {
									_t67 = ExpandEnvironmentStringsW(_a8, _v8, _v16);
									__eflags = _t67;
									if(_t67 != 0) {
										_t74 = _v16;
										__eflags = _t74 - _t67;
										if(_t74 >= _t67) {
											goto L19;
										} else {
											_t63 = 0x8007007a;
											_push(0x8007007a);
											_t78 = 0x8007007a;
											_push(0x118);
											goto L8;
										}
									} else {
										_t78 = GetLastError();
										__eflags = _t78;
										if(__eflags > 0) {
											_t78 = _t78 & 0x0000ffff | 0x80070000;
											__eflags = _t78;
										}
										if(__eflags >= 0) {
											_t78 = 0x80004005;
										}
										_push(_t78);
										_push(0x113);
										goto L8;
									}
								}
							}
						} else {
							_t78 = GetLastError();
							if(_t78 > 0) {
								_t78 = _t78 & 0x0000ffff | 0x80070000;
								_t89 = _t78;
							}
							if(_t89 >= 0) {
								_t78 = 0x80004005;
							}
							_push(_t78);
							_push(0x108);
							L8:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\pathutil.cpp");
							E008C38BA(_t63);
						}
					}
				}
				if(_v12 != 0) {
					E008C2762(_v12);
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				return _t78;
			}














                                                            0x008c3178
                                                            0x008c317a
                                                            0x008c317f
                                                            0x008c3181
                                                            0x008c3188
                                                            0x008c318b
                                                            0x008c329c
                                                            0x008c329c
                                                            0x008c32a0
                                                            0x008c339a
                                                            0x008c339a
                                                            0x008c339a
                                                            0x008c339e
                                                            0x00000000
                                                            0x008c32a6
                                                            0x008c32a6
                                                            0x008c32aa
                                                            0x008c32ac
                                                            0x008c32ae
                                                            0x008c32ae
                                                            0x008c32b1
                                                            0x008c32b4
                                                            0x008c32b8
                                                            0x008c32b8
                                                            0x008c32c3
                                                            0x008c32c5
                                                            0x008c32c7
                                                            0x008c32d6
                                                            0x008c32dc
                                                            0x008c32de
                                                            0x008c3309
                                                            0x008c330b
                                                            0x008c337f
                                                            0x008c337f
                                                            0x008c3384
                                                            0x008c3395
                                                            0x008c3395
                                                            0x008c33a1
                                                            0x008c33a1
                                                            0x008c33a3
                                                            0x008c33a5
                                                            0x008c33a5
                                                            0x008c33b3
                                                            0x008c3386
                                                            0x008c338f
                                                            0x008c3391
                                                            0x008c3393
                                                            0x00000000
                                                            0x00000000
                                                            0x008c3393
                                                            0x008c330d
                                                            0x008c330d
                                                            0x008c330f
                                                            0x008c3314
                                                            0x008c3316
                                                            0x008c3316
                                                            0x008c3316
                                                            0x008c3323
                                                            0x008c3325
                                                            0x008c3327
                                                            0x008c3336
                                                            0x008c333c
                                                            0x008c333e
                                                            0x008c3369
                                                            0x008c336b
                                                            0x00000000
                                                            0x008c336d
                                                            0x008c336d
                                                            0x008c3372
                                                            0x008c3373
                                                            0x008c3375
                                                            0x00000000
                                                            0x008c3375
                                                            0x008c3340
                                                            0x008c3346
                                                            0x008c3348
                                                            0x008c334a
                                                            0x008c334f
                                                            0x008c3355
                                                            0x008c3355
                                                            0x008c3357
                                                            0x008c3359
                                                            0x008c3359
                                                            0x008c335e
                                                            0x008c335f
                                                            0x00000000
                                                            0x008c335f
                                                            0x008c333e
                                                            0x008c3327
                                                            0x008c32e0
                                                            0x008c32e6
                                                            0x008c32e8
                                                            0x008c32ea
                                                            0x008c32ef
                                                            0x008c32f5
                                                            0x008c32f5
                                                            0x008c32f7
                                                            0x008c32f9
                                                            0x008c32f9
                                                            0x008c32fe
                                                            0x008c32ff
                                                            0x00000000
                                                            0x008c32ff
                                                            0x008c32de
                                                            0x008c32c7
                                                            0x008c3191
                                                            0x008c3196
                                                            0x008c31a3
                                                            0x008c31a7
                                                            0x008c31bc
                                                            0x008c31c0
                                                            0x008c31f5
                                                            0x008c31f8
                                                            0x008c31fa
                                                            0x008c325e
                                                            0x008c325e
                                                            0x008c3263
                                                            0x008c3299
                                                            0x008c3299
                                                            0x00000000
                                                            0x008c3265
                                                            0x008c3269
                                                            0x008c326e
                                                            0x008c3276
                                                            0x008c3278
                                                            0x008c3278
                                                            0x008c327a
                                                            0x008c328c
                                                            0x008c328e
                                                            0x008c3290
                                                            0x008c3296
                                                            0x00000000
                                                            0x008c3296
                                                            0x008c3290
                                                            0x008c327a
                                                            0x008c31fc
                                                            0x008c31fd
                                                            0x008c3209
                                                            0x008c320b
                                                            0x008c320d
                                                            0x008c321c
                                                            0x008c321e
                                                            0x008c3220
                                                            0x008c3248
                                                            0x008c324b
                                                            0x008c324d
                                                            0x00000000
                                                            0x008c324f
                                                            0x008c324f
                                                            0x008c3254
                                                            0x008c3255
                                                            0x008c3257
                                                            0x00000000
                                                            0x008c3257
                                                            0x008c3222
                                                            0x008c3228
                                                            0x008c322a
                                                            0x008c322c
                                                            0x008c3231
                                                            0x008c3237
                                                            0x008c3237
                                                            0x008c3239
                                                            0x008c323b
                                                            0x008c323b
                                                            0x008c3240
                                                            0x008c3241
                                                            0x00000000
                                                            0x008c3241
                                                            0x008c3220
                                                            0x008c320d
                                                            0x008c31c2
                                                            0x008c31c8
                                                            0x008c31cc
                                                            0x008c31d1
                                                            0x008c31d7
                                                            0x008c31d7
                                                            0x008c31d9
                                                            0x008c31db
                                                            0x008c31db
                                                            0x008c31e0
                                                            0x008c31e1
                                                            0x008c31e6
                                                            0x008c31e6
                                                            0x008c31eb
                                                            0x008c31eb
                                                            0x008c31c0
                                                            0x008c31a7
                                                            0x008c33b9
                                                            0x008c33be
                                                            0x008c33be
                                                            0x008c33c7
                                                            0x008c33cc
                                                            0x008c33cc
                                                            0x008c33d7

                                                            APIs
                                                            • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000040,00000000,00000000), ref: 008C31BC
                                                            • GetLastError.KERNEL32 ref: 008C31C2
                                                            • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000000), ref: 008C321C
                                                            • GetLastError.KERNEL32 ref: 008C3222
                                                            • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008C32D6
                                                            • GetLastError.KERNEL32 ref: 008C32E0
                                                            • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 008C3336
                                                            • GetLastError.KERNEL32 ref: 008C3340
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
                                                            • String ID: @$@Mqt$c:\agent\_work\66\s\src\libs\dutil\pathutil.cpp
                                                            • API String ID: 1547313835-3106089199
                                                            • Opcode ID: e5ef2a167732ad953b5c1ebfb7fc98b00a0ca3d0b220d1e274a97e90390e8031
                                                            • Instruction ID: 89f5f89d19915c644b3ddf46ab339c19e981e3bcb7b212d551217db02dcdeb0c
                                                            • Opcode Fuzzy Hash: e5ef2a167732ad953b5c1ebfb7fc98b00a0ca3d0b220d1e274a97e90390e8031
                                                            • Instruction Fuzzy Hash: FF618272D00269BBDB219AE49844F9EBA74FB00755F158169EE00FB250E735DF019BE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E13A0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 82synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 60%
                                                            			E008E13A0(void* __ebx, intOrPtr _a4) {
				signed short _t29;
				void* _t35;
				intOrPtr _t40;
				signed short _t41;
				signed short _t47;

				_t35 = __ebx;
				_t40 = _a4;
				_t41 = 0;
				if( *(_t40 + 0x20) != 0) {
					 *((intOrPtr*)(_t40 + 0x2c)) = 5;
					if(SetEvent( *(_t40 + 0x24)) != 0) {
						_t29 = WaitForSingleObject( *(_t40 + 0x20), 0xffffffff);
						__eflags = _t29;
						if(_t29 != 0) {
							_t41 = GetLastError();
							__eflags = _t41;
							if(__eflags > 0) {
								_t41 = _t41 & 0x0000ffff | 0x80070000;
								__eflags = _t41;
							}
							if(__eflags >= 0) {
								_t41 = 0x80004005;
							}
							E008C38BA(_t30, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x10b, _t41);
							_push("Failed to wait for thread to terminate.");
							goto L13;
						}
					} else {
						_t41 = GetLastError();
						if(_t41 > 0) {
							_t41 = _t41 & 0x0000ffff | 0x80070000;
							_t47 = _t41;
						}
						if(_t47 >= 0) {
							_t41 = 0x80004005;
						}
						E008C38BA(_t33, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cabextract.cpp", 0x105, _t41);
						_push("Failed to set begin operation event.");
						L13:
						_push(_t41);
						E008FFB09();
					}
				}
				_push(_t35);
				if( *(_t40 + 0x20) != 0) {
					CloseHandle( *(_t40 + 0x20));
					 *(_t40 + 0x20) =  *(_t40 + 0x20) & 0x00000000;
				}
				if( *(_t40 + 0x24) != 0) {
					CloseHandle( *(_t40 + 0x24));
					 *(_t40 + 0x24) =  *(_t40 + 0x24) & 0x00000000;
				}
				if( *(_t40 + 0x28) != 0) {
					CloseHandle( *(_t40 + 0x28));
					 *(_t40 + 0x28) =  *(_t40 + 0x28) & 0x00000000;
				}
				if( *((intOrPtr*)(_t40 + 0x4c)) != 0) {
					E008C3AA4( *((intOrPtr*)(_t40 + 0x4c)));
				}
				if( *((intOrPtr*)(_t40 + 0x1c)) != 0) {
					E008C2762( *((intOrPtr*)(_t40 + 0x1c)));
				}
				return _t41;
			}








                                                            0x008e13a0
                                                            0x008e13a5
                                                            0x008e13a8
                                                            0x008e13ad
                                                            0x008e13b6
                                                            0x008e13c5
                                                            0x008e1401
                                                            0x008e1407
                                                            0x008e1409
                                                            0x008e1411
                                                            0x008e1413
                                                            0x008e1415
                                                            0x008e141a
                                                            0x008e1420
                                                            0x008e1420
                                                            0x008e1422
                                                            0x008e1424
                                                            0x008e1424
                                                            0x008e1434
                                                            0x008e1439
                                                            0x00000000
                                                            0x008e1439
                                                            0x008e13c7
                                                            0x008e13cd
                                                            0x008e13d1
                                                            0x008e13d6
                                                            0x008e13dc
                                                            0x008e13dc
                                                            0x008e13de
                                                            0x008e13e0
                                                            0x008e13e0
                                                            0x008e13f0
                                                            0x008e13f5
                                                            0x008e143e
                                                            0x008e143e
                                                            0x008e143f
                                                            0x008e1445
                                                            0x008e13c5
                                                            0x008e144a
                                                            0x008e1451
                                                            0x008e1456
                                                            0x008e1458
                                                            0x008e1458
                                                            0x008e1460
                                                            0x008e1465
                                                            0x008e1467
                                                            0x008e1467
                                                            0x008e146f
                                                            0x008e1474
                                                            0x008e1476
                                                            0x008e1476
                                                            0x008e147f
                                                            0x008e1484
                                                            0x008e1484
                                                            0x008e148d
                                                            0x008e1492
                                                            0x008e1492
                                                            0x008e149c

                                                            APIs
                                                            • SetEvent.KERNEL32(0090A478,?,00000000,?,008CC198,?,008C53FA,00000000,?,008D7740,?,008C56AA,008C54B6,008C54B6,00000000,?), ref: 008E13BD
                                                            • GetLastError.KERNEL32(?,008CC198,?,008C53FA,00000000,?,008D7740,?,008C56AA,008C54B6,008C54B6,00000000,?,008C54C6,FFF9E89D,008C54C6), ref: 008E13C7
                                                            • WaitForSingleObject.KERNEL32(0090A488,000000FF,?,008CC198,?,008C53FA,00000000,?,008D7740,?,008C56AA,008C54B6,008C54B6,00000000,?,008C54C6), ref: 008E1401
                                                            • GetLastError.KERNEL32(?,008CC198,?,008C53FA,00000000,?,008D7740,?,008C56AA,008C54B6,008C54B6,00000000,?,008C54C6,FFF9E89D,008C54C6), ref: 008E140B
                                                            • CloseHandle.KERNEL32(00000000,008C54C6,?,00000000,?,008CC198,?,008C53FA,00000000,?,008D7740,?,008C56AA,008C54B6,008C54B6,00000000), ref: 008E1456
                                                            • CloseHandle.KERNEL32(00000000,008C54C6,?,00000000,?,008CC198,?,008C53FA,00000000,?,008D7740,?,008C56AA,008C54B6,008C54B6,00000000), ref: 008E1465
                                                            • CloseHandle.KERNEL32(00000000,008C54C6,?,00000000,?,008CC198,?,008C53FA,00000000,?,008D7740,?,008C56AA,008C54B6,008C54B6,00000000), ref: 008E1474
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                            • String ID: @Mqt$Failed to set begin operation event.$Failed to wait for thread to terminate.$c:\agent\_work\66\s\src\burn\engine\cabextract.cpp
                                                            • API String ID: 1206859064-2192833479
                                                            • Opcode ID: 9c9fcd002fcc611319361fc2e9c7041666a6093615b6334f19c57585738ab9d1
                                                            • Instruction ID: 213cd36aed00de5f29b2eb8a9aa7257fe9551b840d7b4e37a21f3da3e94c9edc
                                                            • Opcode Fuzzy Hash: 9c9fcd002fcc611319361fc2e9c7041666a6093615b6334f19c57585738ab9d1
                                                            • Instruction Fuzzy Hash: 7C214933600A26BBDB215B26DC0DB46B6B1FF05729F004224F908E2ED0D379E890DAD9
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D6955 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 54%
                                                            			E008D6955(void* __ecx, void* _a4, signed int* _a8, intOrPtr* _a12) {
				void* _v8;
				void* _t12;
				signed int _t17;
				void* _t18;
				signed int* _t28;
				signed short _t32;
				signed short _t39;

				_v8 = _v8 | 0xffffffff;
				_t28 = _a8;
				 *_t28 =  *_t28 | 0xffffffff;
				_t12 = GetCurrentProcess();
				if(DuplicateHandle(GetCurrentProcess(), _a4, _t12,  &_v8, 0, 1, 2) != 0) {
					_push(_v8);
					_t15 = _a12;
					_push(L"burn.filehandle.attached");
					_t32 = E008C2064(_a12, L"%ls -%ls=%u",  *_t15);
					if(_t32 >= 0) {
						_t17 = _v8;
						 *_t28 = _t17;
						_t18 = _t17 | 0xffffffff;
						_v8 = _t18;
					} else {
						_push("Failed to append the file handle to the command line.");
						goto L6;
					}
				} else {
					_t32 = GetLastError();
					if(_t32 > 0) {
						_t32 = _t32 & 0x0000ffff | 0x80070000;
						_t39 = _t32;
					}
					if(_t39 >= 0) {
						_t32 = 0x80004005;
					}
					E008C38BA(_t22, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\core.cpp", 0x3dd, _t32);
					_push("Failed to duplicate file handle for attached container.");
					L6:
					_push(_t32);
					E008FFB09();
					_t18 = _v8;
				}
				if(_t18 != 0xffffffff) {
					CloseHandle(_t18);
				}
				return _t32;
			}










                                                            0x008d6959
                                                            0x008d6968
                                                            0x008d6971
                                                            0x008d6975
                                                            0x008d6986
                                                            0x008d69c8
                                                            0x008d69cb
                                                            0x008d69ce
                                                            0x008d69e0
                                                            0x008d69e7
                                                            0x008d69f0
                                                            0x008d69f3
                                                            0x008d69f5
                                                            0x008d69f8
                                                            0x008d69e9
                                                            0x008d69e9
                                                            0x00000000
                                                            0x008d69e9
                                                            0x008d6988
                                                            0x008d698e
                                                            0x008d6992
                                                            0x008d6997
                                                            0x008d699d
                                                            0x008d699d
                                                            0x008d699f
                                                            0x008d69a1
                                                            0x008d69a1
                                                            0x008d69b1
                                                            0x008d69b6
                                                            0x008d69bb
                                                            0x008d69bb
                                                            0x008d69bc
                                                            0x008d69c1
                                                            0x008d69c5
                                                            0x008d69fe
                                                            0x008d6a01
                                                            0x008d6a01
                                                            0x008d6a0c

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,?,00000000,?,?,008C4E52,?,?), ref: 008D6975
                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?,008C4E52,?,?), ref: 008D697B
                                                            • DuplicateHandle.KERNEL32(00000000,?,?,008C4E52,?,?), ref: 008D697E
                                                            • GetLastError.KERNEL32(?,?,008C4E52,?,?), ref: 008D6988
                                                            • CloseHandle.KERNEL32(000000FF,?,008C4E52,?,?), ref: 008D6A01
                                                            Strings
                                                            • Failed to append the file handle to the command line., xrefs: 008D69E9
                                                            • %ls -%ls=%u, xrefs: 008D69D5
                                                            • c:\agent\_work\66\s\src\burn\engine\core.cpp, xrefs: 008D69AC
                                                            • burn.filehandle.attached, xrefs: 008D69CE
                                                            • @Mqt, xrefs: 008D6988
                                                            • Failed to duplicate file handle for attached container., xrefs: 008D69B6
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                            • String ID: %ls -%ls=%u$@Mqt$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$c:\agent\_work\66\s\src\burn\engine\core.cpp
                                                            • API String ID: 4224961946-1599763772
                                                            • Opcode ID: ef9d6dac5d97bd604e027312721b60bf693151c98d0a4322762522549755672d
                                                            • Instruction ID: 5acde20dd1397b4b62638c9132988e20302d0043c5498b5fef72bc88a928b214
                                                            • Opcode Fuzzy Hash: ef9d6dac5d97bd604e027312721b60bf693151c98d0a4322762522549755672d
                                                            • Instruction Fuzzy Hash: 82118772A4522AFBCB109BA88D05E8ABF68EF45730F114312F951F72D0E6749D1196D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D4177 Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E008D4177(void* __ecx, void* __edx) {
				void* __edi;
				void* _t1;
				int _t6;
				void* _t15;
				signed short _t17;
				signed short _t22;

				_t1 = E008FFDEF(__ecx, __edx, 0, 0, L"Setup", L"_Failed", L"txt", 0, 0, 0);
				if(_t1 < 0) {
					_t15 = OpenEventLogW(0, L"Application");
					if(_t15 != 0) {
						ReportEventW(_t15, 1, 1, 1, 0, 1, 0, 0x912c44, 0);
						_t6 = CloseEventLog(_t15);
					} else {
						_t17 = GetLastError();
						if(_t17 > 0) {
							_t17 = _t17 & 0x0000ffff | 0x80070000;
							_t22 = _t17;
						}
						if(_t22 >= 0) {
							_t17 = 0x80004005;
						}
						E008C38BA(_t7, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\logging.cpp", 0xb1, _t17);
						_push("Failed to open Application event log");
						_push(_t17);
						_t6 = E008FFB09();
					}
					return _t6;
				}
				return _t1;
			}









                                                            0x008d418d
                                                            0x008d4194
                                                            0x008d41a3
                                                            0x008d41a7
                                                            0x008d41f6
                                                            0x008d41fd
                                                            0x008d41a9
                                                            0x008d41af
                                                            0x008d41b3
                                                            0x008d41b8
                                                            0x008d41be
                                                            0x008d41be
                                                            0x008d41c0
                                                            0x008d41c2
                                                            0x008d41c2
                                                            0x008d41d2
                                                            0x008d41d7
                                                            0x008d41dc
                                                            0x008d41dd
                                                            0x008d41e3
                                                            0x00000000
                                                            0x008d4203
                                                            0x008d4205

                                                            APIs
                                                              • Part of subcall function 008FFDEF: EnterCriticalSection.KERNEL32(0092B5D4,00000000,?,?,?,008D4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008C5537,?), ref: 008FFDFF
                                                              • Part of subcall function 008FFDEF: LeaveCriticalSection.KERNEL32(0092B5D4,?,?,`{,?,008D4192,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008C5537,?), ref: 008FFF46
                                                            • OpenEventLogW.ADVAPI32(00000000,Application), ref: 008D419D
                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 008D41A9
                                                            • ReportEventW.ADVAPI32(00000000,00000001,00000001,00000001,00000000,00000001,00000000,00912C44,00000000), ref: 008D41F6
                                                            • CloseEventLog.ADVAPI32(00000000), ref: 008D41FD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Event$CriticalSection$CloseEnterErrorLastLeaveOpenReport
                                                            • String ID: @Mqt$Application$Failed to open Application event log$Setup$_Failed$c:\agent\_work\66\s\src\burn\engine\logging.cpp$txt
                                                            • API String ID: 1844635321-3212701823
                                                            • Opcode ID: 744d4cbcfe58491759e51390e18645eb10517364adb039dd7fe44c0f3d88a0b3
                                                            • Instruction ID: c3d19824b6fbab987d73ac3a2b3f7a4c5bea51077a35db0424d6349d37688ea7
                                                            • Opcode Fuzzy Hash: 744d4cbcfe58491759e51390e18645eb10517364adb039dd7fe44c0f3d88a0b3
                                                            • Instruction Fuzzy Hash: C4F0D136B5533A3E92313326AC09DBB1E7CEEC3F397010229FE00F5281E654888181F2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C1173 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 52libraryloadermemoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E008C1173(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				long _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				intOrPtr _t21;
				void* _t22;
				signed int _t23;

				_t23 = 0;
				_v8 = 0;
				__imp__HeapSetInformation(0, 1, 0, 0, _t18, _t22, _t14, __ecx);
				_t15 = GetModuleHandleW(L"kernel32");
				_t9 = GetProcAddress(_t15, "SetDefaultDllDirectories");
				if(_t9 == 0) {
					L3:
					_t10 = GetProcAddress(_t15, "SetDllDirectoryW");
					if(_t10 == 0) {
						L5:
						_t11 = GetLastError();
					} else {
						_t11 =  *_t10(0x90a534);
						if(_t11 == 0) {
							goto L5;
						}
					}
					if(_a8 > _t23) {
						_t21 = _a4;
						do {
							_t11 = E008C38BD( *((intOrPtr*)(_t21 + _t23 * 4)),  &_v8);
							_t23 = _t23 + 1;
						} while (_t23 < _a8);
					}
				} else {
					_t11 =  *_t9(0x800);
					if(_t11 == 0) {
						GetLastError();
						goto L3;
					}
				}
				return _t11;
			}













                                                            0x008c117a
                                                            0x008c1181
                                                            0x008c1184
                                                            0x008c1195
                                                            0x008c119d
                                                            0x008c11ab
                                                            0x008c11ba
                                                            0x008c11c0
                                                            0x008c11c8
                                                            0x008c11d5
                                                            0x008c11d5
                                                            0x008c11ca
                                                            0x008c11cf
                                                            0x008c11d3
                                                            0x00000000
                                                            0x00000000
                                                            0x008c11d3
                                                            0x008c11da
                                                            0x008c11dc
                                                            0x008c11df
                                                            0x008c11e6
                                                            0x008c11eb
                                                            0x008c11ec
                                                            0x008c11df
                                                            0x008c11ad
                                                            0x008c11b2
                                                            0x008c11b6
                                                            0x008c11b8
                                                            0x00000000
                                                            0x008c11b8
                                                            0x008c11b6
                                                            0x008c11f5

                                                            APIs
                                                            • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,008C111A,cabinet.dll,00000009,?,?,00000000), ref: 008C1184
                                                            • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,008C111A,cabinet.dll,00000009,?,?,00000000), ref: 008C118F
                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008C119D
                                                            • GetLastError.KERNEL32(?,?,?,?,?,008C111A,cabinet.dll,00000009,?,?,00000000), ref: 008C11B8
                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 008C11C0
                                                            • GetLastError.KERNEL32(?,?,?,?,?,008C111A,cabinet.dll,00000009,?,?,00000000), ref: 008C11D5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressErrorLastProc$HandleHeapInformationModule
                                                            • String ID: @Mqt$SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                            • API String ID: 3104334766-3151743093
                                                            • Opcode ID: f2365ecae81cc07bf497496ffd735baafb602835d6a9f8efdc55dbdc2d48cde6
                                                            • Instruction ID: 5a2452f98a84dda080e67690e356102d506011f30b73da72bc84caa16995b110
                                                            • Opcode Fuzzy Hash: f2365ecae81cc07bf497496ffd735baafb602835d6a9f8efdc55dbdc2d48cde6
                                                            • Instruction Fuzzy Hash: 8A01D43120031ABFDB116BA69C49E6F3B7CFF827657045016FA05E2041E674DA459BF2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00905253 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 195filememoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 64%
                                                            			E00905253(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, signed short _a24, WCHAR* _a28, signed short _a32, signed short _a36, signed int _a40, signed int _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56) {
				signed int _v8;
				signed short _v12;
				signed int _v16;
				char _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				void* _v28;
				struct _SECURITY_ATTRIBUTES* _v32;
				signed short _v36;
				void* _t67;
				signed short _t68;
				signed short _t69;
				void* _t70;
				void* _t71;
				signed short _t82;
				signed short _t87;
				signed short _t92;
				signed short _t93;
				signed short _t96;
				signed short _t97;
				signed short _t98;
				signed short _t103;

				_v12 = 1;
				_t96 = 0;
				_v24 = 0;
				_t92 = 0;
				_v20 = 0;
				_t98 = 0;
				_v8 = 0;
				_v16 = 0;
				_v36 = 0;
				_v32 = 0;
				_t67 = CreateFileW(_a20, 0xc0000000, 4, 0, 4, 0x80, 0);
				_v28 = _t67;
				if(_t67 != 0xffffffff) {
					_t68 = VirtualAlloc(0, 0x10000, 0x3000, 4);
					_v24 = _t68;
					__eflags = _t68;
					if(_t68 != 0) {
						_t69 = _a36;
						_t93 = _a32;
						_a20 = _t69;
						_a36 = _t93;
						while(1) {
							__eflags = _t93;
							if(_t93 != 0) {
								goto L17;
							}
							__eflags = _t69;
							if(_t69 != 0) {
								goto L17;
							}
							_t93 = _a24;
							_t69 = _a28;
							L20:
							_t98 = E009051CF(_t93, _a40, _a44, _t93, _t69,  &_v20);
							__eflags = _t98;
							if(_t98 < 0) {
								L38:
								__eflags = _t92;
								if(_t92 != 0) {
									 *0x92a994(_t92);
								}
								__eflags = _t96;
								if(_t96 != 0) {
									 *0x92a994(_t96);
								}
								L42:
								if(_v20 != 0) {
									E008C2762(_v20);
								}
								_t70 = _v24;
								if(_t70 != 0) {
									VirtualFree(_t70, 0, 0x8000);
								}
								_t71 = _v28;
								if(_t71 != 0xffffffff) {
									CloseHandle(_t71);
								}
								return _t98;
							}
							__eflags = _t96;
							if(_t96 != 0) {
								 *0x92a994(_t96);
								_t22 =  &_v8;
								 *_t22 = _v8 & 0x00000000;
								__eflags =  *_t22;
							}
							__eflags = _t92;
							if(_t92 != 0) {
								 *0x92a994(_t92);
								_t24 =  &_v16;
								 *_t24 = _v16 & 0x00000000;
								__eflags =  *_t24;
							}
							_t82 = E009056B4(_a4, _a8, L"GET", _v20, _a12, _a16, _a56,  &_v8,  &_v16,  &_v12);
							_t92 = _v16;
							_t98 = _t82;
							__eflags = _t98;
							if(_t98 < 0) {
								L37:
								_t96 = _v8;
								goto L38;
							} else {
								_t94 = _a36;
								_t83 = _a20;
								__eflags = _t94;
								if(_t94 != 0) {
									L30:
									_t97 = _v12;
									L31:
									__eflags = _t97;
									if(_t97 == 0) {
										_a40 = _a40 & _t97;
										_t46 =  &_a44;
										 *_t46 = _a44 & _t97;
										__eflags =  *_t46;
									}
									_t98 = E00905B40(_t94, _t92, _v28,  &_a40, _a48, _t94, _t83, _v24, 0x10000, _a52);
									__eflags = _t98;
									if(_t98 < 0) {
										goto L37;
									} else {
										__eflags = _t97;
										_t96 = _v8;
										if(_t97 == 0) {
											goto L38;
										}
										_t69 = _a20;
										_t93 = _a36;
										continue;
									}
								}
								__eflags = _t83;
								if(_t83 != 0) {
									goto L30;
								}
								_t87 = E009081BD(_t94, _t92,  &_v36);
								__eflags = _t87;
								if(_t87 < 0) {
									_t94 = _a24;
									_t97 = 0;
									_t83 = _a28;
									_a36 = _a24;
									_a20 = _a28;
									_v12 = 0;
									goto L31;
								}
								_t94 = _v36;
								_t83 = _v32;
								_a36 = _v36;
								_a20 = _v32;
								goto L30;
							}
							L17:
							__eflags = _a44 - _t69;
							if(__eflags > 0) {
								goto L38;
							}
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _a40 - _t93;
							if(_a40 >= _t93) {
								goto L38;
							}
							goto L20;
						}
					}
					_t98 = GetLastError();
					__eflags = _t98;
					if(__eflags > 0) {
						_t98 = _t98 & 0x0000ffff | 0x80070000;
						__eflags = _t98;
					}
					if(__eflags >= 0) {
						_t98 = 0x80004005;
					}
					_push(_t98);
					_push(0x126);
					L6:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp");
					E008C38BA(_t90);
					goto L42;
				}
				_t98 = GetLastError();
				if(_t98 > 0) {
					_t98 = _t98 & 0x0000ffff | 0x80070000;
					_t103 = _t98;
				}
				if(_t103 >= 0) {
					_t98 = 0x80004005;
				}
				_push(_t98);
				_push(0x121);
				goto L6;
			}
























                                                            0x0090525d
                                                            0x00905278
                                                            0x0090527a
                                                            0x0090527d
                                                            0x0090527f
                                                            0x00905282
                                                            0x00905284
                                                            0x00905287
                                                            0x0090528a
                                                            0x0090528d
                                                            0x00905290
                                                            0x00905296
                                                            0x0090529c
                                                            0x009052df
                                                            0x009052e5
                                                            0x009052e8
                                                            0x009052ea
                                                            0x00905312
                                                            0x00905315
                                                            0x00905318
                                                            0x0090531b
                                                            0x0090531e
                                                            0x0090531e
                                                            0x00905320
                                                            0x00000000
                                                            0x00000000
                                                            0x00905322
                                                            0x00905324
                                                            0x00000000
                                                            0x00000000
                                                            0x00905326
                                                            0x00905329
                                                            0x00905342
                                                            0x00905353
                                                            0x00905355
                                                            0x00905357
                                                            0x0090542c
                                                            0x0090542c
                                                            0x0090542e
                                                            0x00905431
                                                            0x00905431
                                                            0x00905437
                                                            0x00905439
                                                            0x0090543c
                                                            0x0090543c
                                                            0x00905442
                                                            0x00905446
                                                            0x0090544b
                                                            0x0090544b
                                                            0x00905450
                                                            0x00905455
                                                            0x0090545f
                                                            0x0090545f
                                                            0x00905465
                                                            0x0090546b
                                                            0x0090546e
                                                            0x0090546e
                                                            0x0090547a
                                                            0x0090547a
                                                            0x0090535d
                                                            0x0090535f
                                                            0x00905362
                                                            0x00905368
                                                            0x00905368
                                                            0x00905368
                                                            0x00905368
                                                            0x0090536c
                                                            0x0090536e
                                                            0x00905371
                                                            0x00905377
                                                            0x00905377
                                                            0x00905377
                                                            0x00905377
                                                            0x0090539e
                                                            0x009053a3
                                                            0x009053a6
                                                            0x009053a8
                                                            0x009053aa
                                                            0x00905429
                                                            0x00905429
                                                            0x00000000
                                                            0x009053ac
                                                            0x009053ac
                                                            0x009053af
                                                            0x009053b2
                                                            0x009053b4
                                                            0x009053d4
                                                            0x009053d4
                                                            0x009053d7
                                                            0x009053d7
                                                            0x009053d9
                                                            0x009053db
                                                            0x009053de
                                                            0x009053de
                                                            0x009053de
                                                            0x009053de
                                                            0x009053fe
                                                            0x00905400
                                                            0x00905402
                                                            0x00000000
                                                            0x00905404
                                                            0x00905404
                                                            0x00905406
                                                            0x00905409
                                                            0x00000000
                                                            0x00000000
                                                            0x0090540b
                                                            0x0090540e
                                                            0x00000000
                                                            0x0090540e
                                                            0x00905402
                                                            0x009053b6
                                                            0x009053b8
                                                            0x00000000
                                                            0x00000000
                                                            0x009053bf
                                                            0x009053c4
                                                            0x009053c6
                                                            0x00905416
                                                            0x00905419
                                                            0x0090541b
                                                            0x0090541e
                                                            0x00905421
                                                            0x00905424
                                                            0x00000000
                                                            0x00905424
                                                            0x009053c8
                                                            0x009053cb
                                                            0x009053ce
                                                            0x009053d1
                                                            0x00000000
                                                            0x009053d1
                                                            0x0090532e
                                                            0x0090532e
                                                            0x00905331
                                                            0x00000000
                                                            0x00000000
                                                            0x00905337
                                                            0x00000000
                                                            0x00000000
                                                            0x00905339
                                                            0x0090533c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x0090533c
                                                            0x0090531e
                                                            0x009052f2
                                                            0x009052f4
                                                            0x009052f6
                                                            0x009052fb
                                                            0x00905301
                                                            0x00905301
                                                            0x00905303
                                                            0x00905305
                                                            0x00905305
                                                            0x0090530a
                                                            0x0090530b
                                                            0x009052c2
                                                            0x009052c2
                                                            0x009052c7
                                                            0x00000000
                                                            0x009052c7
                                                            0x009052a4
                                                            0x009052a8
                                                            0x009052ad
                                                            0x009052b3
                                                            0x009052b3
                                                            0x009052b5
                                                            0x009052b7
                                                            0x009052b7
                                                            0x009052bc
                                                            0x009052bd
                                                            0x00000000

                                                            APIs
                                                            • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,00000410,000000FF,?,00000000,00000000), ref: 00905290
                                                            • GetLastError.KERNEL32 ref: 0090529E
                                                            • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 009052DF
                                                            • GetLastError.KERNEL32 ref: 009052EC
                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0090545F
                                                            • CloseHandle.KERNEL32(?), ref: 0090546E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                            • String ID: @Mqt$GET$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 2028584396-886008980
                                                            • Opcode ID: 5ac2cba915bca8a9c478b223e8a9d63fd42acf81e29ec80560f3ba754324d4ec
                                                            • Instruction ID: f2d14d12c890196e266eb082ea7a6c2321141f20040dd2dbe77d7c8d69e9cd63
                                                            • Opcode Fuzzy Hash: 5ac2cba915bca8a9c478b223e8a9d63fd42acf81e29ec80560f3ba754324d4ec
                                                            • Instruction Fuzzy Hash: 85615976A00A1AEFDB21CFA4C844BEF7BB9AF48751F124119FD14A6290D7B4DD409F90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D0BE7 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 84%
                                                            			E008D0BE7(void* __ecx, void* __eflags, signed int _a4, intOrPtr* _a8, signed short* _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				void* _t76;
				intOrPtr _t78;
				signed int _t79;
				intOrPtr* _t82;
				signed int _t83;
				intOrPtr* _t87;
				intOrPtr* _t96;
				signed short _t101;
				intOrPtr* _t108;
				int* _t111;
				signed int _t112;
				void* _t113;
				intOrPtr _t121;
				signed short _t126;
				signed int _t128;
				signed int _t129;
				intOrPtr* _t131;
				signed int _t132;
				intOrPtr* _t133;

				_t113 = __ecx;
				_t112 = _a4;
				_t131 = _a8;
				_t126 = 0;
				_v8 = _v8 & 0;
				_t76 = E008D0FB3(_t112,  *_t131, _a12);
				_t135 = _t76;
				if(_t76 == 0) {
					_t78 =  *0x92aa34; // 0x0
					_t79 = _t78 + 1;
					_a4 = _t79;
					 *0x92aa34 = _t79;
					if(E008D1028(_t113, _t135, _t112,  &_v8) >= 0) {
						_t82 = _v8;
						_t114 = _a4;
						_t123 = 1;
						 *_t82 = 1;
						 *((intOrPtr*)(_t82 + 8)) = _a4;
						_t83 =  *((intOrPtr*)(_t131 + 0x60));
						_v12 = _t83;
						__eflags = _t83 - 1;
						if(__eflags != 0) {
							L8:
							_t126 = E008D1028(_t114, __eflags, _t112,  &_v8);
							__eflags = _t126;
							if(_t126 < 0) {
								goto L2;
							} else {
								_t87 = _v8;
								 *_t87 = 3;
								 *((intOrPtr*)(_t87 + 8)) = _t131;
								_t89 =  *((intOrPtr*)(_t112 + 0x50)) - 1;
								__eflags = _v12 - 1;
								_a4 =  *((intOrPtr*)(_t112 + 0x50)) - 1;
								if(__eflags != 0) {
									L12:
									_t128 = 0;
									_v12 = 0;
									__eflags =  *(_t131 + 0x80);
									if(__eflags > 0) {
										while(1) {
											_v16 =  *((intOrPtr*)(_t131 + 0x7c));
											_t126 = E008D106F(_t123, __eflags, _t112, _t131, _t89,  *((intOrPtr*)( *((intOrPtr*)(_t131 + 0x7c)) + _t128 * 8)),  *((intOrPtr*)( *((intOrPtr*)(_t131 + 0x7c)) + 4 + _t128 * 8)), 0);
											__eflags = _t126;
											if(_t126 < 0) {
												break;
											}
											_t132 = _a4 * 0x28;
											_t129 = _v12;
											 *((intOrPtr*)(_t132 +  *((intOrPtr*)(_t112 + 0x4c)) + 0xc)) =  *((intOrPtr*)(_t132 +  *((intOrPtr*)(_t112 + 0x4c)) + 0xc)) + 1;
											_t114 =  *((intOrPtr*)(_v16 + _t129 * 8));
											_t123 =  *((intOrPtr*)(_t112 + 0x4c));
											 *((intOrPtr*)(_t132 +  *((intOrPtr*)(_t112 + 0x4c)) + 0x10)) =  *((intOrPtr*)(_t132 +  *((intOrPtr*)(_t112 + 0x4c)) + 0x10)) +  *((intOrPtr*)( *((intOrPtr*)(_v16 + _t129 * 8)) + 0x10));
											asm("adc [esi+edx+0x14], eax");
											_t128 = _t129 + 1;
											_t131 = _a8;
											_v12 = _t128;
											__eflags = _t128 -  *(_t131 + 0x80);
											if(__eflags < 0) {
												_t89 = _a4;
												continue;
											} else {
												goto L13;
											}
											goto L28;
										}
										_push("Failed to append payload cache action.");
										goto L3;
									} else {
										L13:
										_t126 = E008D1028(_t114, __eflags, _t112,  &_v8);
										__eflags = _t126;
										if(__eflags >= 0) {
											_t96 = _v8;
											 *_t96 = 4;
											 *((intOrPtr*)(_t96 + 8)) = _t131;
											 *((intOrPtr*)(_a4 * 0x28 +  *((intOrPtr*)(_t112 + 0x4c)) + 0x18)) =  *((intOrPtr*)(_t112 + 0x50)) - 1;
											_t126 = E008D1028(_a4 * 0x28, __eflags, _t112,  &_v8);
											__eflags = _t126;
											if(_t126 < 0) {
												goto L14;
											} else {
												_t133 = _v8;
												 *_t133 = 6;
												_t101 = CreateEventW(0, 1, 0, 0);
												 *(_t133 + 8) = _t101;
												__eflags = _t101;
												if(_t101 != 0) {
													 *_a12 = _t101;
													_t121 = _a8;
													 *((intOrPtr*)(_t112 + 0x34)) =  *((intOrPtr*)(_t112 + 0x34)) + 1;
													__eflags =  *((intOrPtr*)(_t121 + 0x44)) - 2;
													_t74 =  *((intOrPtr*)(_t121 + 0x44)) != 2;
													__eflags = _t74;
													 *(_t121 + 0x54) = 0 | _t74;
												} else {
													_t126 = GetLastError();
													__eflags = _t126;
													if(__eflags > 0) {
														_t126 = _t126 & 0x0000ffff | 0x80070000;
														__eflags = _t126;
													}
													if(__eflags >= 0) {
														_t126 = 0x80004005;
													}
													E008C38BA(_t104, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\plan.cpp", 0x852, _t126);
													_push("Failed to create syncpoint event.");
													goto L3;
												}
											}
										} else {
											L14:
											_push("Failed to append cache action.");
											goto L3;
										}
									}
								} else {
									_t126 = E008D13F0(_t114, __eflags, _t112,  &_v8);
									__eflags = _t126;
									if(_t126 < 0) {
										goto L6;
									} else {
										_t108 = _v8;
										 *_t108 = 5;
										 *((intOrPtr*)(_t108 + 8)) = _t131;
										_t89 = _a4;
										goto L12;
									}
								}
							}
						} else {
							_t126 = E008D13F0(_t114, __eflags, _t112,  &_v8);
							__eflags = _t126;
							if(__eflags >= 0) {
								_t111 = _v8;
								_t114 = _a4;
								 *_t111 = 1;
								_t111[2] = _a4;
								goto L8;
							} else {
								L6:
								_push("Failed to append rollback cache action.");
								goto L3;
							}
						}
					} else {
						L2:
						_push("Failed to append package start action.");
						L3:
						_push(_t126);
						E008FFB09();
					}
				}
				L28:
				return _t126;
			}

























                                                            0x008d0be7
                                                            0x008d0bee
                                                            0x008d0bf2
                                                            0x008d0bf9
                                                            0x008d0bfd
                                                            0x008d0c01
                                                            0x008d0c06
                                                            0x008d0c08
                                                            0x008d0c0e
                                                            0x008d0c13
                                                            0x008d0c14
                                                            0x008d0c17
                                                            0x008d0c2a
                                                            0x008d0c3e
                                                            0x008d0c43
                                                            0x008d0c46
                                                            0x008d0c47
                                                            0x008d0c49
                                                            0x008d0c4c
                                                            0x008d0c4f
                                                            0x008d0c52
                                                            0x008d0c54
                                                            0x008d0c7c
                                                            0x008d0c86
                                                            0x008d0c88
                                                            0x008d0c8a
                                                            0x00000000
                                                            0x008d0c8c
                                                            0x008d0c8c
                                                            0x008d0c8f
                                                            0x008d0c95
                                                            0x008d0c9b
                                                            0x008d0c9c
                                                            0x008d0ca0
                                                            0x008d0ca3
                                                            0x008d0cc4
                                                            0x008d0cc4
                                                            0x008d0cc6
                                                            0x008d0cc9
                                                            0x008d0ccf
                                                            0x008d0cee
                                                            0x008d0cf3
                                                            0x008d0d05
                                                            0x008d0d07
                                                            0x008d0d09
                                                            0x00000000
                                                            0x00000000
                                                            0x008d0d0b
                                                            0x008d0d12
                                                            0x008d0d18
                                                            0x008d0d1c
                                                            0x008d0d1f
                                                            0x008d0d25
                                                            0x008d0d2c
                                                            0x008d0d30
                                                            0x008d0d31
                                                            0x008d0d34
                                                            0x008d0d37
                                                            0x008d0d3d
                                                            0x008d0ceb
                                                            0x00000000
                                                            0x008d0d3f
                                                            0x00000000
                                                            0x008d0d3f
                                                            0x00000000
                                                            0x008d0d3d
                                                            0x008d0d41
                                                            0x00000000
                                                            0x008d0cd1
                                                            0x008d0cd1
                                                            0x008d0cdb
                                                            0x008d0cdd
                                                            0x008d0cdf
                                                            0x008d0d4b
                                                            0x008d0d52
                                                            0x008d0d58
                                                            0x008d0d62
                                                            0x008d0d70
                                                            0x008d0d72
                                                            0x008d0d74
                                                            0x00000000
                                                            0x008d0d7a
                                                            0x008d0d7a
                                                            0x008d0d84
                                                            0x008d0d8a
                                                            0x008d0d90
                                                            0x008d0d93
                                                            0x008d0d95
                                                            0x008d0dd2
                                                            0x008d0dd6
                                                            0x008d0dd9
                                                            0x008d0ddc
                                                            0x008d0de0
                                                            0x008d0de0
                                                            0x008d0de3
                                                            0x008d0d97
                                                            0x008d0d9d
                                                            0x008d0d9f
                                                            0x008d0da1
                                                            0x008d0da6
                                                            0x008d0dac
                                                            0x008d0dac
                                                            0x008d0dae
                                                            0x008d0db0
                                                            0x008d0db0
                                                            0x008d0dc0
                                                            0x008d0dc5
                                                            0x00000000
                                                            0x008d0dc5
                                                            0x008d0d95
                                                            0x008d0ce1
                                                            0x008d0ce1
                                                            0x008d0ce1
                                                            0x00000000
                                                            0x008d0ce1
                                                            0x008d0cdf
                                                            0x008d0ca5
                                                            0x008d0caf
                                                            0x008d0cb1
                                                            0x008d0cb3
                                                            0x00000000
                                                            0x008d0cb5
                                                            0x008d0cb5
                                                            0x008d0cb8
                                                            0x008d0cbe
                                                            0x008d0cc1
                                                            0x00000000
                                                            0x008d0cc1
                                                            0x008d0cb3
                                                            0x008d0ca3
                                                            0x008d0c56
                                                            0x008d0c60
                                                            0x008d0c62
                                                            0x008d0c64
                                                            0x008d0c6d
                                                            0x008d0c70
                                                            0x008d0c73
                                                            0x008d0c79
                                                            0x00000000
                                                            0x008d0c66
                                                            0x008d0c66
                                                            0x008d0c66
                                                            0x00000000
                                                            0x008d0c66
                                                            0x008d0c64
                                                            0x008d0c2c
                                                            0x008d0c2c
                                                            0x008d0c2c
                                                            0x008d0c31
                                                            0x008d0c31
                                                            0x008d0c32
                                                            0x008d0c38
                                                            0x008d0c2a
                                                            0x008d0de6
                                                            0x008d0dec

                                                            APIs
                                                              • Part of subcall function 008D0FB3: CompareStringW.KERNEL32(00000000,00000000,feclient.dll,000000FF,00000000,000000FF,00000000,00000000,?,?,008D0C06,?,00000000,?,00000000,00000000), ref: 008D0FE2
                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,00000000,?,00000000,00000001,?,?,00000000,?,00000000), ref: 008D0D8A
                                                            • GetLastError.KERNEL32 ref: 008D0D97
                                                            Strings
                                                            • Failed to create syncpoint event., xrefs: 008D0DC5
                                                            • c:\agent\_work\66\s\src\burn\engine\plan.cpp, xrefs: 008D0DBB
                                                            • Failed to append rollback cache action., xrefs: 008D0C66
                                                            • Failed to append payload cache action., xrefs: 008D0D41
                                                            • @Mqt, xrefs: 008D0D97
                                                            • Failed to append package start action., xrefs: 008D0C2C
                                                            • Failed to append cache action., xrefs: 008D0CE1
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareCreateErrorEventLastString
                                                            • String ID: @Mqt$Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$c:\agent\_work\66\s\src\burn\engine\plan.cpp
                                                            • API String ID: 801187047-4234984586
                                                            • Opcode ID: 195a1c6f3dca6e55a942c49f41fbe8a442bac1c0938f62379a3c6741c7e440b2
                                                            • Instruction ID: 1c525316c17f9bf94a489bc6212de2c97dc84c5e5e87d201a87a3f7adf85d7ac
                                                            • Opcode Fuzzy Hash: 195a1c6f3dca6e55a942c49f41fbe8a442bac1c0938f62379a3c6741c7e440b2
                                                            • Instruction Fuzzy Hash: 00616A75510609AFCB05DF58C980AAEBBFAFF84314F21825AE805DB351EB31EA41DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F08B0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 82%
                                                            			E008F08B0(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t50;
				signed int _t57;
				intOrPtr _t58;
				void* _t59;
				intOrPtr* _t60;
				intOrPtr _t62;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr _t76;
				signed int _t79;
				char _t81;
				intOrPtr _t84;
				intOrPtr _t91;
				intOrPtr _t94;
				intOrPtr* _t96;
				void* _t100;
				void* _t102;
				void* _t110;

				_t87 = __edx;
				_t76 = _a8;
				_push(__edi);
				_v5 = 0;
				_t94 = _t76 + 0x10;
				_v16 = 1;
				_v20 = _t94;
				_v12 =  *(_t76 + 8) ^  *0x92a008;
				E008F0870(_t76, __edx, __edi, _t94,  *(_t76 + 8) ^  *0x92a008, _t94);
				E008F0CA7(_a12);
				_t50 = _a4;
				_t102 = _t100 - 0x1c + 0xc;
				_t91 =  *((intOrPtr*)(_t76 + 0xc));
				if(( *(_t50 + 4) & 0x00000066) != 0) {
					__eflags = _t91 - 0xfffffffe;
					if(_t91 != 0xfffffffe) {
						_t87 = 0xfffffffe;
						E008F0C90(_t76, 0xfffffffe, _t94, 0x92a008);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t50;
					_v28 = _a12;
					 *((intOrPtr*)(_t76 - 4)) =  &_v32;
					if(_t91 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t79 = _v12;
							_t20 = _t91 + 2; // 0x3
							_t57 = _t91 + _t20 * 2;
							_t76 =  *((intOrPtr*)(_t79 + _t57 * 4));
							_t58 = _t79 + _t57 * 4;
							_t80 =  *((intOrPtr*)(_t58 + 4));
							_v24 = _t58;
							if( *((intOrPtr*)(_t58 + 4)) == 0) {
								_t81 = _v5;
								goto L8;
							} else {
								_t87 = _t94;
								_t59 = E008F0C40(_t80, _t94);
								_t81 = 1;
								_v5 = 1;
								_t110 = _t59;
								if(_t110 < 0) {
									_v16 = 0;
									L14:
									E008F0870(_t76, _t87, _t91, _t94, _v12, _t94);
									goto L15;
								} else {
									if(_t110 > 0) {
										_t60 = _a4;
										__eflags =  *_t60 - 0xe06d7363;
										if( *_t60 == 0xe06d7363) {
											__eflags =  *0x920c30;
											if(__eflags != 0) {
												_t72 = E00909370(__eflags, 0x920c30);
												_t102 = _t102 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t96 =  *0x920c30; // 0x8f11fc
													 *0x90a3e0(_a4, 1);
													 *_t96();
													_t94 = _v20;
													_t102 = _t102 + 8;
												}
												_t60 = _a4;
											}
										}
										_t88 = _t60;
										E008F0C74(_t60, _a8, _t60);
										_t62 = _a8;
										__eflags =  *((intOrPtr*)(_t62 + 0xc)) - _t91;
										if( *((intOrPtr*)(_t62 + 0xc)) != _t91) {
											_t88 = _t91;
											E008F0C90(_t62, _t91, _t94, 0x92a008);
											_t62 = _a8;
										}
										 *((intOrPtr*)(_t62 + 0xc)) = _t76;
										E008F0870(_t76, _t88, _t91, _t94, _v12, _t94);
										_t84 =  *((intOrPtr*)(_v24 + 8));
										E008F0C58();
										asm("int3");
										E008F1062();
										E008F1007();
										__eflags = E008F0D6E();
										if(__eflags != 0) {
											_t67 = E008F0D20(_t84, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E008F0DAA();
												goto L25;
											}
										} else {
											L25:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L8;
									}
								}
							}
							goto L29;
							L8:
							_t91 = _t76;
						} while (_t76 != 0xfffffffe);
						if(_t81 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L29:
			}




























                                                            0x008f08b0
                                                            0x008f08b7
                                                            0x008f08bb
                                                            0x008f08bc
                                                            0x008f08c3
                                                            0x008f08ce
                                                            0x008f08d5
                                                            0x008f08d8
                                                            0x008f08db
                                                            0x008f08e3
                                                            0x008f08e8
                                                            0x008f08eb
                                                            0x008f08ee
                                                            0x008f08f5
                                                            0x008f0956
                                                            0x008f0959
                                                            0x008f0961
                                                            0x008f0968
                                                            0x00000000
                                                            0x008f0968
                                                            0x00000000
                                                            0x008f08f7
                                                            0x008f08f7
                                                            0x008f08fd
                                                            0x008f0903
                                                            0x008f0909
                                                            0x008f0979
                                                            0x008f0982
                                                            0x008f090b
                                                            0x008f0910
                                                            0x008f0910
                                                            0x008f0913
                                                            0x008f0916
                                                            0x008f0919
                                                            0x008f091c
                                                            0x008f091f
                                                            0x008f0922
                                                            0x008f0927
                                                            0x008f093d
                                                            0x00000000
                                                            0x008f0929
                                                            0x008f0929
                                                            0x008f092b
                                                            0x008f0930
                                                            0x008f0932
                                                            0x008f0935
                                                            0x008f0937
                                                            0x008f094d
                                                            0x008f096d
                                                            0x008f0971
                                                            0x00000000
                                                            0x008f0939
                                                            0x008f0939
                                                            0x008f0983
                                                            0x008f0986
                                                            0x008f098c
                                                            0x008f098e
                                                            0x008f0995
                                                            0x008f099c
                                                            0x008f09a1
                                                            0x008f09a4
                                                            0x008f09a6
                                                            0x008f09a8
                                                            0x008f09b5
                                                            0x008f09bb
                                                            0x008f09bd
                                                            0x008f09c0
                                                            0x008f09c0
                                                            0x008f09c3
                                                            0x008f09c3
                                                            0x008f0995
                                                            0x008f09c9
                                                            0x008f09cb
                                                            0x008f09d0
                                                            0x008f09d3
                                                            0x008f09d6
                                                            0x008f09de
                                                            0x008f09e2
                                                            0x008f09e7
                                                            0x008f09e7
                                                            0x008f09ee
                                                            0x008f09f1
                                                            0x008f09fe
                                                            0x008f0a01
                                                            0x008f0a06
                                                            0x008f0a07
                                                            0x008f0a0c
                                                            0x008f0a16
                                                            0x008f0a18
                                                            0x008f0a1d
                                                            0x008f0a22
                                                            0x008f0a24
                                                            0x008f0a2f
                                                            0x008f0a26
                                                            0x008f0a26
                                                            0x00000000
                                                            0x008f0a26
                                                            0x008f0a1a
                                                            0x008f0a1a
                                                            0x008f0a1a
                                                            0x008f0a1c
                                                            0x008f0a1c
                                                            0x008f093b
                                                            0x00000000
                                                            0x008f093b
                                                            0x008f0939
                                                            0x008f0937
                                                            0x00000000
                                                            0x008f0940
                                                            0x008f0940
                                                            0x008f0942
                                                            0x008f0949
                                                            0x00000000
                                                            0x008f094b
                                                            0x00000000
                                                            0x008f0949
                                                            0x008f0909
                                                            0x00000000

                                                            APIs
                                                            • _ValidateLocalCookies.LIBCMT ref: 008F08DB
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 008F08E3
                                                            • _ValidateLocalCookies.LIBCMT ref: 008F0971
                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 008F099C
                                                            • _ValidateLocalCookies.LIBCMT ref: 008F09F1
                                                            • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 008F0A0C
                                                            • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 008F0A11
                                                            • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 008F0A26
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                            • String ID: csm
                                                            • API String ID: 3202733602-1018135373
                                                            • Opcode ID: 50b723dbb06620253103c12ecd401a410054e4201c8587cc6058581d12600e66
                                                            • Instruction ID: e30be1fa863ce7b208850dcc7446998dd6d540d8eb82d72f2ad2c148ca61e505
                                                            • Opcode Fuzzy Hash: 50b723dbb06620253103c12ecd401a410054e4201c8587cc6058581d12600e66
                                                            • Instruction Fuzzy Hash: C9417C34A1020D9FDB10EF78C851ABEBBA4FF41324F148255EA54EB293E7719915CF92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D8D91 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 54%
                                                            			E008D8D91(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v40;
				char _v72;
				char _v104;
				char _v108;
				char _v136;
				signed int _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				void* _t23;
				signed short _t29;
				signed short _t31;
				void* _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				intOrPtr* _t45;
				signed short _t50;
				signed int _t52;
				void* _t56;

				_t56 = __eflags;
				_t43 = __edx;
				_t40 = __ecx;
				_t18 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t18 ^ _t52;
				_t44 = _a4;
				E008EF600(_t44,  &_v136, 0, 0x80);
				_v140 = _v140 & 0x00000000;
				_t23 = E008D8B36(_t40, _t56, 0x1a, 0x1f01ff,  &_v136);
				_t39 = 4;
				if(_t23 >= 0) {
					__eflags = E008D8B36(_t40, __eflags, 0x16, 0x1f01ff,  &_v104);
					if(__eflags >= 0) {
						__eflags = E008D8B36(_t40, __eflags, 1, 0xa0000000,  &_v72);
						if(__eflags >= 0) {
							_t29 = E008D8B36(_t40, __eflags, 0x1b, 0xa0000000,  &_v40);
							__eflags = _t29;
							if(_t29 >= 0) {
								_t31 =  &_v136;
								__imp__SetEntriesInAclW(_t39, _t31, 0,  &_v140);
								_t50 = _t31;
								__eflags = _t50;
								if(__eflags == 0) {
									_t50 = E00904E42(_t40, _t44, 1, 0x80000005, _v108, 0, _v140, 0, 3, 0x7d0);
									__eflags = _t50;
									if(_t50 < 0) {
										_push(_t44);
										_push("Failed to secure cache path: %ls");
										goto L16;
									}
								} else {
									if(__eflags > 0) {
										_t50 = _t50 & 0x0000ffff | 0x80070000;
										__eflags = _t50;
									}
									if(__eflags >= 0) {
										_t50 = 0x80004005;
									}
									E008C38BA(_t31, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x63f, _t50);
									_push(_t44);
									_push("Failed to create ACL to secure cache path: %ls");
									goto L16;
								}
							} else {
								_push(_t44);
								_push("Failed to allocate access for Users group to path: %ls");
								goto L16;
							}
						} else {
							_push(_t44);
							_push("Failed to allocate access for Everyone group to path: %ls");
							goto L16;
						}
					} else {
						_push(_t44);
						_push("Failed to allocate access for SYSTEM group to path: %ls");
						goto L16;
					}
				} else {
					_push(_t44);
					_push("Failed to allocate access for Administrators group to path: %ls");
					L16:
					_push(_t50);
					E008FFB09();
				}
				if(_v140 != 0) {
					LocalFree(_v140);
				}
				_t45 =  &_v108;
				do {
					if( *_t45 != 0) {
						E008C3AA4( *_t45);
					}
					_t45 = _t45 + 0x20;
					_t39 = _t39 - 1;
				} while (_t39 != 0);
				return E008EDD1F(_t39, _v8 ^ _t52, _t43, _t45, _t50);
			}

























                                                            0x008d8d91
                                                            0x008d8d91
                                                            0x008d8d91
                                                            0x008d8d9a
                                                            0x008d8da1
                                                            0x008d8da7
                                                            0x008d8db8
                                                            0x008d8dbd
                                                            0x008d8dd5
                                                            0x008d8dde
                                                            0x008d8de1
                                                            0x008d8e00
                                                            0x008d8e02
                                                            0x008d8e21
                                                            0x008d8e23
                                                            0x008d8e3b
                                                            0x008d8e42
                                                            0x008d8e44
                                                            0x008d8e57
                                                            0x008d8e5f
                                                            0x008d8e65
                                                            0x008d8e67
                                                            0x008d8e69
                                                            0x008d8eb8
                                                            0x008d8eba
                                                            0x008d8ebc
                                                            0x008d8ebe
                                                            0x008d8ebf
                                                            0x00000000
                                                            0x008d8ebf
                                                            0x008d8e6b
                                                            0x008d8e6b
                                                            0x008d8e70
                                                            0x008d8e76
                                                            0x008d8e76
                                                            0x008d8e78
                                                            0x008d8e7a
                                                            0x008d8e7a
                                                            0x008d8e8a
                                                            0x008d8e8f
                                                            0x008d8e90
                                                            0x00000000
                                                            0x008d8e90
                                                            0x008d8e46
                                                            0x008d8e46
                                                            0x008d8e47
                                                            0x00000000
                                                            0x008d8e47
                                                            0x008d8e25
                                                            0x008d8e25
                                                            0x008d8e26
                                                            0x00000000
                                                            0x008d8e26
                                                            0x008d8e04
                                                            0x008d8e04
                                                            0x008d8e05
                                                            0x00000000
                                                            0x008d8e05
                                                            0x008d8de3
                                                            0x008d8de3
                                                            0x008d8de4
                                                            0x008d8ec4
                                                            0x008d8ec4
                                                            0x008d8ec5
                                                            0x008d8eca
                                                            0x008d8ed4
                                                            0x008d8edc
                                                            0x008d8edc
                                                            0x008d8ee2
                                                            0x008d8ee5
                                                            0x008d8ee8
                                                            0x008d8eec
                                                            0x008d8eec
                                                            0x008d8ef1
                                                            0x008d8ef4
                                                            0x008d8ef4
                                                            0x008d8f09

                                                            APIs
                                                            • LocalFree.KERNEL32(00000000,?,00000001,80000005,?,00000000,00000000,00000000,00000003,000007D0), ref: 008D8EDC
                                                            Strings
                                                            • Failed to secure cache path: %ls, xrefs: 008D8EBF
                                                            • Failed to allocate access for Everyone group to path: %ls, xrefs: 008D8E26
                                                            • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 008D8E05
                                                            • Failed to allocate access for Users group to path: %ls, xrefs: 008D8E47
                                                            • Failed to create ACL to secure cache path: %ls, xrefs: 008D8E90
                                                            • Failed to allocate access for Administrators group to path: %ls, xrefs: 008D8DE4
                                                            • c:\agent\_work\66\s\src\burn\engine\cache.cpp, xrefs: 008D8E85
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeLocal
                                                            • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$c:\agent\_work\66\s\src\burn\engine\cache.cpp
                                                            • API String ID: 2826327444-3220527011
                                                            • Opcode ID: 1e48ffc9cc303c6d16b7407bfa4873b55822fc47b733963cf1fc0d8542449448
                                                            • Instruction ID: 9a81c9eacc87ab53d00e6251ee7b25ffae1f731a0742f100d72f25952713c178
                                                            • Opcode Fuzzy Hash: 1e48ffc9cc303c6d16b7407bfa4873b55822fc47b733963cf1fc0d8542449448
                                                            • Instruction Fuzzy Hash: 6531C672E4022EFBDB319A548C02FEE7768FB81B14F514266BA04FA2C1DE709D449B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D48B9 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 116fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 55%
                                                            			E008D48B9(void* _a4, signed int* _a8) {
				long _v8;
				signed int _v12;
				signed int _v16;
				void* _t26;
				int _t30;
				long _t31;
				void* _t34;
				signed short _t35;
				void* _t42;
				signed int _t43;
				signed int* _t47;
				signed short _t49;

				_v16 = _v16 & 0;
				_v12 = _v12 & 0;
				_v8 = _v8 & 0;
				_t42 = 0;
				do {
					_push(0);
					_push( &_v8);
					_t26 = 8;
					_t30 = ReadFile(_a4,  &_v16 + _t42, _t26 - _t42, ??, ??);
					_t47 = _a8;
					if(_t30 != 0) {
						goto L8;
					} else {
						_t49 = GetLastError();
						if(_t49 != 0xea) {
							__eflags = _t49 - 0x6d;
							if(_t49 == 0x6d) {
								_t43 = 0;
								_t31 = 0;
								_v16 = 0;
								_v12 = 0;
								_t49 = 1;
								L10:
								 *_t47 = _t43;
								_t47[1] = _t31;
								if(_t31 != 0) {
									_t34 = E008C39DF(_t31, 0);
									_t47[3] = _t34;
									if(_t34 != 0) {
										_t35 = ReadFile(_a4, _t34, _t47[1],  &_v8, 0);
										__eflags = _t35;
										if(_t35 != 0) {
											_t47[2] = 1;
										} else {
											_t49 = GetLastError();
											__eflags = _t49;
											if(__eflags > 0) {
												_t49 = _t49 & 0x0000ffff | 0x80070000;
												__eflags = _t49;
											}
											if(__eflags >= 0) {
												_t49 = 0x80004005;
											}
											E008C38BA(_t36, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x327, _t49);
											_push("Failed to read data for message.");
											goto L14;
										}
									} else {
										_t49 = 0x8007000e;
										E008C38BA(_t34, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x323, 0x8007000e);
										_push("Failed to allocate data for message.");
										goto L14;
									}
								}
							} else {
								__eflags = _t49;
								if(__eflags > 0) {
									_t49 = _t49 & 0x0000ffff | 0x80070000;
									__eflags = _t49;
								}
								if(__eflags < 0) {
									E008C38BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x318, _t49);
									_push("Failed to read message from pipe.");
									L14:
									_push(_t49);
									E008FFB09();
								} else {
									goto L8;
								}
							}
						} else {
							_t49 = 0;
							goto L8;
						}
					}
					if(_t47[2] == 0 && _t47[3] != 0) {
						E008C3AA4(_t47[3]);
					}
					return _t49;
					L8:
					_t42 = _t42 + _v8;
				} while (_t42 < 8);
				_t31 = _v12;
				_t43 = _v16;
				goto L10;
			}















                                                            0x008d48c3
                                                            0x008d48c6
                                                            0x008d48c9
                                                            0x008d48cc
                                                            0x008d48cf
                                                            0x008d48cf
                                                            0x008d48d4
                                                            0x008d48d7
                                                            0x008d48e4
                                                            0x008d48ea
                                                            0x008d48ef
                                                            0x00000000
                                                            0x008d48f1
                                                            0x008d48f7
                                                            0x008d48ff
                                                            0x008d4905
                                                            0x008d4908
                                                            0x008d4980
                                                            0x008d4982
                                                            0x008d4986
                                                            0x008d4989
                                                            0x008d498c
                                                            0x008d4929
                                                            0x008d4929
                                                            0x008d492b
                                                            0x008d4930
                                                            0x008d4939
                                                            0x008d493e
                                                            0x008d4943
                                                            0x008d499c
                                                            0x008d49a2
                                                            0x008d49a4
                                                            0x008d49db
                                                            0x008d49a6
                                                            0x008d49ac
                                                            0x008d49ae
                                                            0x008d49b0
                                                            0x008d49b5
                                                            0x008d49bb
                                                            0x008d49bb
                                                            0x008d49bd
                                                            0x008d49bf
                                                            0x008d49bf
                                                            0x008d49cf
                                                            0x008d49d4
                                                            0x00000000
                                                            0x008d49d4
                                                            0x008d4945
                                                            0x008d4945
                                                            0x008d4955
                                                            0x008d495a
                                                            0x00000000
                                                            0x008d495a
                                                            0x008d4943
                                                            0x008d490a
                                                            0x008d490a
                                                            0x008d490c
                                                            0x008d4911
                                                            0x008d4917
                                                            0x008d4917
                                                            0x008d4919
                                                            0x008d496c
                                                            0x008d4971
                                                            0x008d4976
                                                            0x008d4976
                                                            0x008d4977
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008d4919
                                                            0x008d4901
                                                            0x008d4901
                                                            0x00000000
                                                            0x008d4901
                                                            0x008d48ff
                                                            0x008d49e6
                                                            0x008d49f1
                                                            0x008d49f1
                                                            0x008d49fc
                                                            0x008d491b
                                                            0x008d491b
                                                            0x008d491e
                                                            0x008d4923
                                                            0x008d4926
                                                            0x00000000

                                                            APIs
                                                            • ReadFile.KERNEL32(00000000,00000001,00000008,?,00000000,?,00000000,00000000,00000001,00000000,?,?,?,00000000,crypt32.dll,00000000), ref: 008D48E4
                                                            • GetLastError.KERNEL32 ref: 008D48F1
                                                            • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 008D499C
                                                            • GetLastError.KERNEL32 ref: 008D49A6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastRead
                                                            • String ID: @Mqt$Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$c:\agent\_work\66\s\src\burn\engine\pipe.cpp
                                                            • API String ID: 1948546556-2224230783
                                                            • Opcode ID: 2d312366b0d023c75d2c1ba20ac635d5d9ebf5abdda8b657d5791e6515057ee9
                                                            • Instruction ID: f9208f9938f584881a1263614983a3b9b8a2f37004fde61309a51e45cf063082
                                                            • Opcode Fuzzy Hash: 2d312366b0d023c75d2c1ba20ac635d5d9ebf5abdda8b657d5791e6515057ee9
                                                            • Instruction Fuzzy Hash: 79318232A5022EBBD7109A668C55BABFB68FF00765F11822AB941F6390D7749E4086D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CF3F9 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 108stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E008CF3F9(void* __ebx, intOrPtr _a4, void* _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				int _t46;
				intOrPtr _t49;
				intOrPtr* _t52;
				char _t54;
				intOrPtr* _t58;
				char _t59;

				_t58 = _a8;
				_t59 = 0;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(_t58 + 4)) <= 0) {
					L22:
					return _t59;
				}
				_t54 = 0;
				_a8 = 0;
				while(1) {
					_t52 =  *_t58 + _t54;
					_t9 = _t52 + 8; // 0x330074
					_t59 = E008C7303(_a4,  *_t9,  &_v16, 0);
					if(_t59 < 0) {
						break;
					}
					_t59 = E008C2E55(_t54, _v16, L"swidtag",  &_v8);
					if(_t59 < 0) {
						_push("Failed to allocate regid folder path.");
						L15:
						_push(_t59);
						E008FFB09();
						L16:
						if(_v12 != 0) {
							E008C2762(_v12);
						}
						if(_v8 != 0) {
							E008C2762(_v8);
						}
						if(_v16 != 0) {
							E008C2762(_v16);
						}
						goto L22;
					}
					_t59 = E008C2E55(_t54, _v8,  *_t52,  &_v12);
					if(_t59 < 0) {
						_push("Failed to allocate regid file path.");
						goto L15;
					}
					_t59 = E008C415F(_v8, 0);
					if(_t59 < 0) {
						_push(_v8);
						_push("Failed to create regid folder: %ls");
						L11:
						_push(_t59);
						E008FFB09();
						goto L16;
					}
					_t16 = _t52 + 0xc; // 0x2e0032
					_t46 = lstrlenA( *_t16);
					_t17 = _t52 + 0xc; // 0x2e0032
					_t59 = E009045C9(_t54, _v12, 0x80,  *_t17, _t46, 0);
					if(_t59 < 0) {
						_push(_v12);
						_push("Failed to write tag xml to file: %ls");
						goto L11;
					}
					_t49 = _v20 + 1;
					_t54 = _a8 + 0x10;
					_v20 = _t49;
					_t22 = _t58 + 4; // 0xf0680a79
					_push(0);
					_a8 = _t54;
					_pop(0);
					if(_t49 <  *_t22) {
						continue;
					}
					goto L16;
				}
				_push("Failed to format tag folder path.");
				goto L15;
			}













                                                            0x008cf403
                                                            0x008cf406
                                                            0x008cf408
                                                            0x008cf40b
                                                            0x008cf40e
                                                            0x008cf411
                                                            0x008cf417
                                                            0x008cf524
                                                            0x008cf528
                                                            0x008cf528
                                                            0x008cf41d
                                                            0x008cf41f
                                                            0x008cf423
                                                            0x008cf426
                                                            0x008cf42c
                                                            0x008cf437
                                                            0x008cf43b
                                                            0x00000000
                                                            0x00000000
                                                            0x008cf452
                                                            0x008cf456
                                                            0x008cf4e4
                                                            0x008cf4f0
                                                            0x008cf4f0
                                                            0x008cf4f1
                                                            0x008cf4f8
                                                            0x008cf4fd
                                                            0x008cf502
                                                            0x008cf502
                                                            0x008cf50b
                                                            0x008cf510
                                                            0x008cf510
                                                            0x008cf519
                                                            0x008cf51e
                                                            0x008cf51e
                                                            0x00000000
                                                            0x008cf519
                                                            0x008cf46a
                                                            0x008cf46e
                                                            0x008cf4dd
                                                            0x00000000
                                                            0x008cf4dd
                                                            0x008cf47a
                                                            0x008cf47e
                                                            0x008cf4ca
                                                            0x008cf4cd
                                                            0x008cf4d2
                                                            0x008cf4d2
                                                            0x008cf4d3
                                                            0x00000000
                                                            0x008cf4d8
                                                            0x008cf482
                                                            0x008cf485
                                                            0x008cf48c
                                                            0x008cf49c
                                                            0x008cf4a0
                                                            0x008cf4c0
                                                            0x008cf4c3
                                                            0x00000000
                                                            0x008cf4c3
                                                            0x008cf4a8
                                                            0x008cf4a9
                                                            0x008cf4ac
                                                            0x008cf4af
                                                            0x008cf4b2
                                                            0x008cf4b4
                                                            0x008cf4b7
                                                            0x008cf4b8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008cf4be
                                                            0x008cf4eb
                                                            0x00000000

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 008CF432
                                                              • Part of subcall function 008C415F: CreateDirectoryW.KERNEL32(?,840F01E8,00000000,00000000,?,008D9FBC,00000000,00000000,?,00000000,008C53FA,00000000,?,?,008CD567,?), ref: 008C416D
                                                              • Part of subcall function 008C415F: GetLastError.KERNEL32(?,008D9FBC,00000000,00000000,?,00000000,008C53FA,00000000,?,?,008CD567,?,00000000,00000000), ref: 008C417B
                                                            • lstrlenA.KERNEL32(002E0032,00000000,00000094,00000000,00000094,crypt32.dll,crypt32.dll,008D0458,swidtag,00000094,0090A500,00330074,008D0458,00000000,crypt32.dll,00000000), ref: 008CF485
                                                              • Part of subcall function 009045C9: CreateFileW.KERNEL32(002E0032,40000000,00000001,00000000,00000002,00000080,00000000,008D0458,00000000,?,008CF49C,0090A500,00000080,002E0032,00000000), ref: 009045E1
                                                              • Part of subcall function 009045C9: GetLastError.KERNEL32(?,008CF49C,0090A500,00000080,002E0032,00000000,?,008D0458,crypt32.dll,00000094,?,?,?,?,?,00000000), ref: 009045EE
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CreateErrorLast$DirectoryFileOpen@16lstrlen
                                                            • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to format tag folder path.$Failed to write tag xml to file: %ls$crypt32.dll$swidtag
                                                            • API String ID: 904508749-2959304021
                                                            • Opcode ID: 4215fa0264d060effd11b13069cfaccfb4ed3692307fee5a84ecf08179b2456c
                                                            • Instruction ID: 61b21a929d060122164c174e2887c7f7ed0fd75e09395930d672ef5985f2db3d
                                                            • Opcode Fuzzy Hash: 4215fa0264d060effd11b13069cfaccfb4ed3692307fee5a84ecf08179b2456c
                                                            • Instruction Fuzzy Hash: 9E31BF31D00219BBDB15AFA8CC41F9EBBB6FF04710F10817AFA14EA252D770DA409B94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D5053 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 66%
                                                            			E008D5053(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				void* __ebx;
				long _t26;
				char* _t32;
				void* _t43;
				intOrPtr* _t46;
				void* _t47;

				_t26 = GetCurrentProcessId();
				_t46 = _a8;
				_push(_t26);
				_v12 = 0;
				_v16 = 0;
				_push( *((intOrPtr*)(_t46 + 4)));
				_v20 = 0;
				_push( *_t46);
				_v8 = 0;
				_t47 = E008C2022( &_v12, L"-q -%ls %ls %ls %u", L"burn.elevated");
				if(_t47 >= 0) {
					E00903349(0,  &_v16,  &_v20);
					if(_v16 < 5) {
						L5:
						_t32 = L"open";
					} else {
						_t32 = L"runas";
						if(_a12 == 0) {
							goto L5;
						}
					}
					_t47 = E009034C7(_a4, _v12, _t32, 0, 0, _a16,  &_v8);
					if(_t47 >= 0) {
						 *((intOrPtr*)(_t46 + 8)) = GetProcessId(_v8);
						_t43 = 0;
						 *((intOrPtr*)(_t46 + 0xc)) = _v8;
						_v8 = 0;
					} else {
						E008FFB09(_t47, "Failed to launch elevated child process: %ls", _a4);
						goto L2;
					}
				} else {
					_push("Failed to allocate parameters for elevated process.");
					_push(_t47);
					E008FFB09();
					L2:
					_t43 = _v8;
				}
				if(_t43 != 0) {
					CloseHandle(_t43);
					_v8 = 0;
				}
				if(_v12 != 0) {
					E008C2762(_v12);
				}
				return _t47;
			}













                                                            0x008d505c
                                                            0x008d5062
                                                            0x008d5067
                                                            0x008d506b
                                                            0x008d506e
                                                            0x008d5071
                                                            0x008d5074
                                                            0x008d5077
                                                            0x008d5079
                                                            0x008d508c
                                                            0x008d5093
                                                            0x008d50af
                                                            0x008d50b8
                                                            0x008d50c4
                                                            0x008d50c4
                                                            0x008d50ba
                                                            0x008d50ba
                                                            0x008d50c2
                                                            0x00000000
                                                            0x00000000
                                                            0x008d50c2
                                                            0x008d50de
                                                            0x008d50e2
                                                            0x008d5100
                                                            0x008d5103
                                                            0x008d5108
                                                            0x008d510b
                                                            0x008d50e4
                                                            0x008d50ed
                                                            0x00000000
                                                            0x008d50f2
                                                            0x008d5095
                                                            0x008d5095
                                                            0x008d509a
                                                            0x008d509b
                                                            0x008d50a2
                                                            0x008d50a2
                                                            0x008d50a2
                                                            0x008d5110
                                                            0x008d5113
                                                            0x008d5119
                                                            0x008d5119
                                                            0x008d511f
                                                            0x008d5124
                                                            0x008d5124
                                                            0x008d512f

                                                            APIs
                                                            • GetCurrentProcessId.KERNEL32(?,00000000,?,?,0090A500), ref: 008D505C
                                                            • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 008D50FA
                                                            • CloseHandle.KERNEL32(00000000), ref: 008D5113
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Process$CloseCurrentHandle
                                                            • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                            • API String ID: 2815245435-1352204306
                                                            • Opcode ID: ef25d39ad6407feb011d5b52a06796873ff490bef4a208a323d332c528f91c01
                                                            • Instruction ID: 702d10d4f5ad936ae673763414d5d44917ce6bf2a4f744bf4901ab3d00928399
                                                            • Opcode Fuzzy Hash: ef25d39ad6407feb011d5b52a06796873ff490bef4a208a323d332c528f91c01
                                                            • Instruction Fuzzy Hash: 492137B1A0060DFFCF11AFA8C8819AEBBB8FF04354B10816BF901E2351DB319E509B91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00905C9E Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 153fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 50%
                                                            			E00905C9E(void* __ecx, intOrPtr* _a4, signed short _a8, WCHAR* _a12, WCHAR* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				char _v12;
				signed int _v16;
				WCHAR* _v20;
				signed int _v24;
				void* _v28;
				signed short _v32;
				void* _v36;
				WCHAR* _v40;
				char _v44;
				signed int _t61;
				WCHAR* _t73;
				WCHAR* _t87;
				signed short _t88;
				intOrPtr* _t89;
				signed short _t94;

				_t85 = __ecx;
				_v16 = _v16 | 0xffffffff;
				_t84 = _a4;
				_v12 = 0;
				_t87 = 0;
				_v8 = 0;
				_v20 = 0;
				_v28 = 0;
				_v24 = 0;
				_v36 = 0;
				_v32 = 0;
				_v44 = 0;
				_v40 = 0;
				_t88 = E008C229E( &_v12,  *_a4, 0);
				if(_t88 >= 0) {
					 *0x92a96c(L"Burn", 0, 0, 0, 0);
					_t87 = 0;
					if(0 != 0) {
						E00904FF7(__ecx, L"WiX\\Burn", L"DownloadTimeout", 0x78,  &_v8);
						_t61 = _v8;
						if(_t61 != 0) {
							_t89 =  *0x92a970; // 0x909fbb
							_v8 = _t61 * 0x3e8;
							 *_t89(0, 2,  &_v8, 4);
							 *_t89(0, 6,  &_v8, 4);
							 *_t89(0, 5,  &_v8, 4);
						}
						_t88 = E009054F6(_t85, _t87,  &_v12,  *((intOrPtr*)(_t84 + 4)),  *((intOrPtr*)(_t84 + 8)), _a24,  &_v36,  &_v44);
						if(_t88 >= 0) {
							E0090559F(_t85, _a16,  &_v20,  &_v16,  &_v28);
							_t88 = E00905253(_t87,  &_v12,  *((intOrPtr*)(_t84 + 4)),  *((intOrPtr*)(_t84 + 8)), _a16, _a8, _a12, _v36, _v32, _v28, _v24, _v16, _a20, _a24);
							if(_t88 >= 0) {
								_t73 = _v20;
								if(_t73 != 0 &&  *_t73 != 0) {
									DeleteFileW(_t73);
								}
							}
							if(_v16 != 0xffffffff) {
								CloseHandle(_v16);
							}
						}
					} else {
						_t88 = GetLastError();
						if(_t88 > 0) {
							_t88 = _t88 & 0x0000ffff | 0x80070000;
							_t94 = _t88;
						}
						if(_t94 >= 0) {
							_t88 = 0x80004005;
						}
						E008C38BA(_t82, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0x84, _t88);
					}
				}
				_t52 = _v20;
				if(_v20 != 0) {
					E008C2762(_t52);
				}
				if(_t87 != 0) {
					 *0x92a994(_t87);
				}
				if(_v12 != 0) {
					E008C2762(_v12);
				}
				return _t88;
			}



















                                                            0x00905c9e
                                                            0x00905ca4
                                                            0x00905cab
                                                            0x00905cb3
                                                            0x00905cb6
                                                            0x00905cb8
                                                            0x00905cbb
                                                            0x00905cbe
                                                            0x00905cc1
                                                            0x00905cc4
                                                            0x00905cc7
                                                            0x00905cca
                                                            0x00905ccd
                                                            0x00905cd9
                                                            0x00905cdd
                                                            0x00905cee
                                                            0x00905cf4
                                                            0x00905cf8
                                                            0x00905d3d
                                                            0x00905d42
                                                            0x00905d47
                                                            0x00905d49
                                                            0x00905d57
                                                            0x00905d61
                                                            0x00905d6c
                                                            0x00905d77
                                                            0x00905d77
                                                            0x00905d94
                                                            0x00905d98
                                                            0x00905da9
                                                            0x00905ddc
                                                            0x00905de0
                                                            0x00905de2
                                                            0x00905de7
                                                            0x00905df1
                                                            0x00905df1
                                                            0x00905de7
                                                            0x00905dfb
                                                            0x00905e00
                                                            0x00905e00
                                                            0x00905dfb
                                                            0x00905cfa
                                                            0x00905d00
                                                            0x00905d04
                                                            0x00905d09
                                                            0x00905d0f
                                                            0x00905d0f
                                                            0x00905d11
                                                            0x00905d13
                                                            0x00905d13
                                                            0x00905d23
                                                            0x00905d23
                                                            0x00905cf8
                                                            0x00905e06
                                                            0x00905e0b
                                                            0x00905e0e
                                                            0x00905e0e
                                                            0x00905e15
                                                            0x00905e18
                                                            0x00905e18
                                                            0x00905e22
                                                            0x00905e27
                                                            0x00905e27
                                                            0x00905e32

                                                            APIs
                                                            • GetLastError.KERNEL32 ref: 00905CFA
                                                            • DeleteFileW.KERNEL32(00000410,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 00905DF1
                                                            • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 00905E00
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseDeleteErrorFileHandleLast
                                                            • String ID: @Mqt$Burn$DownloadTimeout$WiX\Burn$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 3522763407-3489524469
                                                            • Opcode ID: 7f11ed0895c4c157e82a238ab2a7631bb85609606dd6dc64da9c244f75b16e94
                                                            • Instruction ID: 4b3bd3185d29e4150d4f94c8bc4c8b30a40ed040a4f63acba58707d51fe0445f
                                                            • Opcode Fuzzy Hash: 7f11ed0895c4c157e82a238ab2a7631bb85609606dd6dc64da9c244f75b16e94
                                                            • Instruction Fuzzy Hash: EA51467290061ABFDB129FA4CC45EEFBABDEB48710F014126FA14E6190E7308A509BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FC3AD Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 79%
                                                            			E008FC3AD(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t115;
				signed int _t117;
				signed char _t122;
				signed char _t127;
				signed int _t128;
				signed char* _t129;
				intOrPtr* _t130;
				signed int _t131;
				void* _t132;

				_t78 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t78 ^ _t131;
				_t80 = _a8;
				_t117 = _t80 >> 6;
				_t115 = (_t80 & 0x0000003f) * 0x30;
				_t129 = _a12;
				_v52 = _t129;
				_v48 = _t117;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x92b118 + _t117 * 4)) + _t115 + 0x18));
				_v40 = _a16 + _t129;
				_t86 = GetConsoleCP();
				_t130 = _a4;
				_v60 = _t86;
				 *_t130 = 0;
				 *((intOrPtr*)(_t130 + 4)) = 0;
				 *((intOrPtr*)(_t130 + 8)) = 0;
				while(_t129 < _v40) {
					_v28 = 0;
					_v31 =  *_t129;
					_t128 =  *(0x92b118 + _v48 * 4);
					_t122 =  *(_t128 + _t115 + 0x2d);
					if((_t122 & 0x00000004) == 0) {
						_t92 = E008F87E6(_t115, _t128);
						_t128 = 0x8000;
						if(( *(_t92 + ( *_t129 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t129);
							goto L8;
						} else {
							if(_t129 >= _v40) {
								_t128 = _v48;
								 *((char*)( *((intOrPtr*)(0x92b118 + _t128 * 4)) + _t115 + 0x2e)) =  *_t129;
								 *( *((intOrPtr*)(0x92b118 + _t128 * 4)) + _t115 + 0x2d) =  *( *((intOrPtr*)(0x92b118 + _t128 * 4)) + _t115 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 4)) + 1;
							} else {
								_t112 = E008F5F09( &_v28, _t129, 2);
								_t132 = _t132 + 0xc;
								if(_t112 != 0xffffffff) {
									_t129 =  &(_t129[1]);
									goto L9;
								}
							}
						}
					} else {
						_t127 = _t122 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t128 + _t115 + 0x2e));
						_push(2);
						_v15 = _t127;
						 *(_t128 + _t115 + 0x2d) = _t127;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E008F5F09();
						_t132 = _t132 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t129 =  &(_t129[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t130 = GetLastError();
								} else {
									_t48 = _t130 + 8; // 0xff76e900
									 *((intOrPtr*)(_t130 + 4)) =  *_t48 - _v52 + _t129;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t130 + 8)) =  *((intOrPtr*)(_t130 + 8)) + 1;
													 *((intOrPtr*)(_t130 + 4)) =  *((intOrPtr*)(_t130 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E008EDD1F(_t115, _v8 ^ _t131, _t128, _t129, _t130);
			}





































                                                            0x008fc3b5
                                                            0x008fc3bc
                                                            0x008fc3bf
                                                            0x008fc3c7
                                                            0x008fc3cb
                                                            0x008fc3d7
                                                            0x008fc3da
                                                            0x008fc3dd
                                                            0x008fc3e4
                                                            0x008fc3ec
                                                            0x008fc3ef
                                                            0x008fc3f5
                                                            0x008fc3fb
                                                            0x008fc400
                                                            0x008fc402
                                                            0x008fc405
                                                            0x008fc40a
                                                            0x008fc414
                                                            0x008fc41b
                                                            0x008fc41e
                                                            0x008fc425
                                                            0x008fc42c
                                                            0x008fc447
                                                            0x008fc44f
                                                            0x008fc458
                                                            0x008fc47e
                                                            0x008fc480
                                                            0x00000000
                                                            0x008fc45a
                                                            0x008fc45d
                                                            0x008fc524
                                                            0x008fc530
                                                            0x008fc53b
                                                            0x008fc540
                                                            0x008fc463
                                                            0x008fc46a
                                                            0x008fc46f
                                                            0x008fc475
                                                            0x008fc47b
                                                            0x00000000
                                                            0x008fc47b
                                                            0x008fc475
                                                            0x008fc45d
                                                            0x008fc42e
                                                            0x008fc432
                                                            0x008fc435
                                                            0x008fc43b
                                                            0x008fc43d
                                                            0x008fc440
                                                            0x008fc444
                                                            0x008fc481
                                                            0x008fc484
                                                            0x008fc485
                                                            0x008fc48a
                                                            0x008fc490
                                                            0x008fc496
                                                            0x008fc4a5
                                                            0x008fc4ab
                                                            0x008fc4b1
                                                            0x008fc4b6
                                                            0x008fc4d2
                                                            0x008fc545
                                                            0x008fc54b
                                                            0x008fc4d4
                                                            0x008fc4d4
                                                            0x008fc4dc
                                                            0x008fc4e5
                                                            0x008fc4eb
                                                            0x00000000
                                                            0x008fc4ed
                                                            0x008fc4ef
                                                            0x008fc4f2
                                                            0x008fc50b
                                                            0x00000000
                                                            0x008fc50d
                                                            0x008fc511
                                                            0x008fc513
                                                            0x008fc516
                                                            0x00000000
                                                            0x008fc516
                                                            0x008fc511
                                                            0x008fc50b
                                                            0x008fc4eb
                                                            0x008fc4e5
                                                            0x008fc4d2
                                                            0x008fc4b6
                                                            0x008fc490
                                                            0x00000000
                                                            0x008fc519
                                                            0x008fc519
                                                            0x008fc54d
                                                            0x008fc55f

                                                            APIs
                                                            • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,008FCB22,00000000,00000000,00000000,00000000,00000000,008F2718), ref: 008FC3EF
                                                            • __fassign.LIBCMT ref: 008FC46A
                                                            • __fassign.LIBCMT ref: 008FC485
                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 008FC4AB
                                                            • WriteFile.KERNEL32(?,00000000,00000000,008FCB22,00000000,?,?,?,?,?,?,?,?,?,008FCB22,00000000), ref: 008FC4CA
                                                            • WriteFile.KERNEL32(?,00000000,00000001,008FCB22,00000000,?,?,?,?,?,?,?,?,?,008FCB22,00000000), ref: 008FC503
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                            • String ID: @Mqt
                                                            • API String ID: 1324828854-2740872224
                                                            • Opcode ID: 4aec7f8ee7f76b669a6abca4820e1f3c1ea9c3f5ae00ff74be1fe057704da529
                                                            • Instruction ID: 1ad571b1778f1f01e6448bf2d03b4a45772f0ac133b634fa813975150ee5ebe9
                                                            • Opcode Fuzzy Hash: 4aec7f8ee7f76b669a6abca4820e1f3c1ea9c3f5ae00ff74be1fe057704da529
                                                            • Instruction Fuzzy Hash: 2F519E7190420D9FCB14CFB8D955AFEBBF4FB09300F14411AEA55E7251E730AA51CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D9158 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 46%
                                                            			E008D9158(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v28;
				signed int _v32;
				char _v36;
				char _v40;
				signed int _v44;
				intOrPtr _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				intOrPtr _t44;
				void* _t63;
				void* _t70;
				signed short _t71;
				signed int _t72;
				intOrPtr _t78;
				char* _t79;
				signed short _t81;
				signed int _t84;
				void* _t85;

				_t40 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t40 ^ _t84;
				_t78 = _a8;
				_t79 =  &_v28;
				_v36 = 0x14;
				asm("stosd");
				_v32 = 0;
				_t71 = 0x80070490;
				_v40 = 0;
				_t72 = 0;
				_v48 = _t78;
				asm("stosd");
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t9 = _t78 + 0x10; // 0xfe60858b
				_t44 =  *((intOrPtr*)( *_t9));
				if( *((intOrPtr*)(_t44 + 0xc)) <= 0) {
					L12:
					_t81 = _t71;
					if(_t71 >= 0) {
						L15:
						_t45 = _v32;
						if(_v32 != 0) {
							E008C3AA4(_t45);
						}
						return E008EDD1F(_t71, _v8 ^ _t84, _t78, _t79, _t81);
					}
					_push("Failed to find expected public key in certificate chain.");
					_push(_t71);
					L14:
					E008FFB09();
					goto L15;
				}
				_t79 = _a4;
				while(1) {
					_t82 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x10)) + _t72 * 4)) + 4));
					_push( &_v36);
					_push( &_v28);
					_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x10)) + _t72 * 4)) + 4)) + 0xc)) + 0x38);
					_push(1);
					_push(0);
					_push(0x8004);
					_push(0);
					if( *0x92a93c() == 0) {
						break;
					}
					_t59 = _v36;
					if( *((intOrPtr*)(_t79 + 0x24)) != _v36) {
						L11:
						_t72 = _v44 + 1;
						_v44 = _t72;
						_t44 =  *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x10))));
						if(_t72 <  *((intOrPtr*)(_t44 + 0xc))) {
							continue;
						}
						goto L12;
					}
					_t63 = E008EF8C3( *((intOrPtr*)(_t79 + 0x20)),  &_v28, _t59);
					_t85 = _t85 + 0xc;
					if(_t63 != 0) {
						goto L11;
					}
					if( *((intOrPtr*)(_t79 + 0x28)) == _t63) {
						_t71 = 0;
						goto L12;
					}
					_t81 = E00904ED0(_t72, _t82, 3,  &_v32,  &_v40);
					if(_t81 < 0) {
						_push("Failed to read certificate thumbprint.");
						L20:
						_push(_t81);
						goto L14;
					}
					_t67 = _v40;
					if( *((intOrPtr*)(_t79 + 0x2c)) != _v40) {
						L9:
						_t68 = _v32;
						if(_v32 != 0) {
							E008C3AA4(_t68);
							_v32 = _v32 & 0x00000000;
						}
						goto L11;
					}
					_t70 = E008EF8C3( *((intOrPtr*)(_t79 + 0x28)), _v32, _t67);
					_t85 = _t85 + 0xc;
					if(_t70 == 0) {
						_t81 = 0;
						goto L15;
					}
					goto L9;
				}
				_t81 = GetLastError();
				__eflags = _t81;
				if(__eflags > 0) {
					_t81 = _t81 & 0x0000ffff | 0x80070000;
					__eflags = _t81;
				}
				if(__eflags >= 0) {
					_t81 = 0x80004005;
				}
				E008C38BA(_t57, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x7c4, _t81);
				_push("Failed to get certificate public key identifier.");
				goto L20;
			}
























                                                            0x008d915e
                                                            0x008d9165
                                                            0x008d9168
                                                            0x008d9170
                                                            0x008d9173
                                                            0x008d917a
                                                            0x008d917d
                                                            0x008d9180
                                                            0x008d9185
                                                            0x008d9188
                                                            0x008d918a
                                                            0x008d918d
                                                            0x008d918e
                                                            0x008d9191
                                                            0x008d9192
                                                            0x008d9193
                                                            0x008d9194
                                                            0x008d9197
                                                            0x008d919c
                                                            0x008d9255
                                                            0x008d9255
                                                            0x008d9259
                                                            0x008d9268
                                                            0x008d9268
                                                            0x008d926d
                                                            0x008d9270
                                                            0x008d9270
                                                            0x008d9285
                                                            0x008d9285
                                                            0x008d925b
                                                            0x008d9260
                                                            0x008d9261
                                                            0x008d9261
                                                            0x00000000
                                                            0x008d9267
                                                            0x008d91a2
                                                            0x008d91a5
                                                            0x008d91ab
                                                            0x008d91b1
                                                            0x008d91b5
                                                            0x008d91bc
                                                            0x008d91bd
                                                            0x008d91bf
                                                            0x008d91c1
                                                            0x008d91c6
                                                            0x008d91d0
                                                            0x00000000
                                                            0x00000000
                                                            0x008d91d6
                                                            0x008d91dc
                                                            0x008d923d
                                                            0x008d9243
                                                            0x008d9244
                                                            0x008d924a
                                                            0x008d924f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008d924f
                                                            0x008d91e6
                                                            0x008d91eb
                                                            0x008d91f0
                                                            0x00000000
                                                            0x00000000
                                                            0x008d91f5
                                                            0x008d9294
                                                            0x00000000
                                                            0x008d9294
                                                            0x008d920b
                                                            0x008d920f
                                                            0x008d928c
                                                            0x008d9291
                                                            0x008d9291
                                                            0x00000000
                                                            0x008d9291
                                                            0x008d9211
                                                            0x008d9217
                                                            0x008d922c
                                                            0x008d922c
                                                            0x008d9231
                                                            0x008d9234
                                                            0x008d9239
                                                            0x008d9239
                                                            0x00000000
                                                            0x008d9231
                                                            0x008d9220
                                                            0x008d9225
                                                            0x008d922a
                                                            0x008d9288
                                                            0x00000000
                                                            0x008d9288
                                                            0x00000000
                                                            0x008d922a
                                                            0x008d929e
                                                            0x008d92a0
                                                            0x008d92a2
                                                            0x008d92a7
                                                            0x008d92ad
                                                            0x008d92ad
                                                            0x008d92af
                                                            0x008d92b1
                                                            0x008d92b1
                                                            0x008d92c1
                                                            0x008d92c6
                                                            0x00000000

                                                            APIs
                                                            • _memcmp.LIBVCRUNTIME ref: 008D91E6
                                                              • Part of subcall function 00904ED0: GetLastError.KERNEL32(?,?,008D920B,?,00000003,008C54C6,?), ref: 00904EEF
                                                            • _memcmp.LIBVCRUNTIME ref: 008D9220
                                                            • GetLastError.KERNEL32 ref: 008D9298
                                                            Strings
                                                            • Failed to get certificate public key identifier., xrefs: 008D92C6
                                                            • Failed to read certificate thumbprint., xrefs: 008D928C
                                                            • Failed to find expected public key in certificate chain., xrefs: 008D925B
                                                            • @Mqt, xrefs: 008D9298
                                                            • c:\agent\_work\66\s\src\burn\engine\cache.cpp, xrefs: 008D92BC
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast_memcmp
                                                            • String ID: @Mqt$Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$c:\agent\_work\66\s\src\burn\engine\cache.cpp
                                                            • API String ID: 3428363238-1349400052
                                                            • Opcode ID: 6dc947e2b137b74a41341869bfb967a2a1b0122e016b842f31e63382f67c49e7
                                                            • Instruction ID: a1758393fca943975c5f89ba66269ade28119bcb084c83623d2a76077cf06800
                                                            • Opcode Fuzzy Hash: 6dc947e2b137b74a41341869bfb967a2a1b0122e016b842f31e63382f67c49e7
                                                            • Instruction Fuzzy Hash: 3D413072E00219BBDB10DBA9C841EAEB7B8FF08714F11422AEA55F7341D634ED418BA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00906402 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 61%
                                                            			E00906402(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _t38;
				void* _t56;
				intOrPtr _t60;
				intOrPtr* _t62;
				intOrPtr* _t63;
				void* _t68;
				void* _t77;

				_t38 = _a4;
				_v16 = _v16 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t61 =  *_t38;
				_t68 =  *((intOrPtr*)( *_t38 + 0x30))(_t38,  &_v16);
				if(_t68 < 0) {
					L19:
					if(_v8 != 0) {
						__imp__#6(_v8);
					}
					_t62 = _v12;
					if(_t62 != 0) {
						 *((intOrPtr*)( *_t62 + 8))(_t62);
					}
					_t63 = _v16;
					if(_t63 != 0) {
						 *((intOrPtr*)( *_t63 + 8))(_t63);
					}
					return _t68;
				}
				_t68 = E009030E2(_t61, _v16,  &_v12,  &_v8);
				if(_t68 != 0) {
					L16:
					if(_t77 >= 0) {
						_t68 = 0;
					}
					L18:
					goto L19;
				}
				_t60 = _a8;
				do {
					if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"name", 0xffffffff) != 2) {
						if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"email", 0xffffffff) != 2) {
							if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"uri", 0xffffffff) != 2) {
								goto L11;
							}
							_t19 = _t60 + 8; // 0x8
							_t56 = _t19;
							L9:
							_push(_v12);
							_push(_t56);
							L10:
							_t68 = E009060FB(_t61);
							if(_t68 < 0) {
								goto L18;
							}
							goto L11;
						}
						_t17 = _t60 + 4; // 0x4
						_t56 = _t17;
						goto L9;
					}
					_push(_v12);
					_push(_t60);
					goto L10;
					L11:
					if(_v8 != 0) {
						__imp__#6(_v8);
						_v8 = _v8 & 0x00000000;
					}
					_t61 = _v12;
					if(_t61 != 0) {
						 *((intOrPtr*)( *_t61 + 8))(_t61);
						_v12 = _v12 & 0x00000000;
					}
					_t68 = E009030E2(_t61, _v16,  &_v12,  &_v8);
					_t77 = _t68;
				} while (_t77 == 0);
				goto L16;
			}













                                                            0x00906408
                                                            0x0090640e
                                                            0x00906412
                                                            0x00906416
                                                            0x0090641a
                                                            0x00906422
                                                            0x00906426
                                                            0x009064f7
                                                            0x009064fb
                                                            0x00906500
                                                            0x00906500
                                                            0x00906506
                                                            0x0090650b
                                                            0x00906510
                                                            0x00906510
                                                            0x00906513
                                                            0x00906518
                                                            0x0090651d
                                                            0x0090651d
                                                            0x00906524
                                                            0x00906524
                                                            0x0090643e
                                                            0x00906442
                                                            0x009064f1
                                                            0x009064f1
                                                            0x009064f3
                                                            0x009064f3
                                                            0x009064f5
                                                            0x00000000
                                                            0x009064f6
                                                            0x00906448
                                                            0x00906451
                                                            0x00906466
                                                            0x00906483
                                                            0x0090649f
                                                            0x00000000
                                                            0x00000000
                                                            0x009064a1
                                                            0x009064a1
                                                            0x009064a4
                                                            0x009064a4
                                                            0x009064a7
                                                            0x009064a8
                                                            0x009064ad
                                                            0x009064b1
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x009064b1
                                                            0x00906485
                                                            0x00906485
                                                            0x00000000
                                                            0x00906485
                                                            0x00906468
                                                            0x0090646b
                                                            0x00000000
                                                            0x009064b3
                                                            0x009064b7
                                                            0x009064bc
                                                            0x009064c2
                                                            0x009064c2
                                                            0x009064c6
                                                            0x009064cb
                                                            0x009064d0
                                                            0x009064d3
                                                            0x009064d3
                                                            0x009064e7
                                                            0x009064e9
                                                            0x009064e9
                                                            0x00000000

                                                            APIs
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,name,000000FF,00000000,00000000,00000000,?,74714160), ref: 00906461
                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,email,000000FF), ref: 0090647E
                                                            • SysFreeString.OLEAUT32(00000000), ref: 009064BC
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00906500
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$CompareFree
                                                            • String ID: email$name$uri
                                                            • API String ID: 3589242889-1168628755
                                                            • Opcode ID: ceb4fc37ffab86b033762b3a45277966823519d474ce36958ab6bc3675cbf155
                                                            • Instruction ID: 0efdcd4f5e0a4e4a19426fab77c79159728ef5fa4bb0b6b7ca8c6feec5f83f3b
                                                            • Opcode Fuzzy Hash: ceb4fc37ffab86b033762b3a45277966823519d474ce36958ab6bc3675cbf155
                                                            • Instruction Fuzzy Hash: 09415A36905219FFCF219B94CC45FAEBB78AF40725F2082A4F921AB2E0C7759E14DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0090559F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 99fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 81%
                                                            			E0090559F(void* __ecx, intOrPtr _a4, WCHAR** _a8, void** _a12, signed int* _a16) {
				signed int _v8;
				signed short _v12;
				void* _t22;
				signed short _t25;
				signed int* _t33;
				intOrPtr _t36;
				WCHAR** _t39;
				void* _t41;
				signed short _t43;
				signed short _t52;

				_t33 = _a16;
				_v8 = 0;
				_v12 = 0;
				 *_t33 = 0;
				_t33[1] = 0;
				_t39 = _a8;
				_t43 = E008C2022(_t39, L"%ls.R", _a4);
				if(_t43 < 0) {
					L21:
					return _t43;
				}
				_t41 = CreateFileW( *_t39, 0xc0000000, 4, 0, 4, 0x80, 0);
				if(_t41 != 0xffffffff) {
					_t36 = _v8;
					while(1) {
						_push(0);
						_push( &_v12);
						_t22 = 8;
						_t25 = ReadFile(_t41, _t36 + _t33, _t22 - _t36, ??, ??);
						__eflags = _t25;
						if(_t25 == 0) {
							break;
						}
						_t36 = _v8 + _v12;
						__eflags = _v12;
						_v8 = _t36;
						if(_v12 == 0) {
							L11:
							__eflags = _t36 - 8;
							if(_t36 != 8) {
								 *_t33 =  *_t33 & 0x00000000;
								_t14 =  &(_t33[1]);
								 *_t14 = _t33[1] & 0x00000000;
								__eflags =  *_t14;
							}
							 *_a12 = _t41;
							_t41 = _t41 | 0xffffffff;
							L19:
							__eflags = _t41 - 0xffffffff;
							if(_t41 != 0xffffffff) {
								CloseHandle(_t41);
							}
							goto L21;
						}
						__eflags = _t36 - 8;
						if(_t36 < 8) {
							continue;
						}
						goto L11;
					}
					_t43 = GetLastError();
					__eflags = _t43;
					if(__eflags > 0) {
						_t43 = _t43 & 0x0000ffff | 0x80070000;
						__eflags = _t43;
					}
					if(__eflags >= 0) {
						_t43 = 0x80004005;
					}
					E008C38BA(_t26, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0xc8, _t43);
					goto L19;
				}
				_t43 = GetLastError();
				if(_t43 > 0) {
					_t43 = _t43 & 0x0000ffff | 0x80070000;
					_t52 = _t43;
				}
				if(_t52 >= 0) {
					_t43 = 0x80004005;
				}
				E008C38BA(_t30, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0xc1, _t43);
				goto L21;
			}













                                                            0x009055a5
                                                            0x009055ac
                                                            0x009055af
                                                            0x009055b2
                                                            0x009055b4
                                                            0x009055ba
                                                            0x009055c8
                                                            0x009055cf
                                                            0x009056ab
                                                            0x009056b1
                                                            0x009056b1
                                                            0x009055ef
                                                            0x009055f4
                                                            0x00905629
                                                            0x0090562c
                                                            0x0090562c
                                                            0x00905631
                                                            0x00905634
                                                            0x0090563d
                                                            0x00905643
                                                            0x00905645
                                                            0x00000000
                                                            0x00000000
                                                            0x0090564a
                                                            0x0090564d
                                                            0x00905651
                                                            0x00905654
                                                            0x0090565b
                                                            0x0090565b
                                                            0x0090565e
                                                            0x00905660
                                                            0x00905663
                                                            0x00905663
                                                            0x00905663
                                                            0x00905663
                                                            0x0090566a
                                                            0x0090566c
                                                            0x0090569f
                                                            0x0090569f
                                                            0x009056a2
                                                            0x009056a5
                                                            0x009056a5
                                                            0x00000000
                                                            0x009056a2
                                                            0x00905656
                                                            0x00905659
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00905659
                                                            0x00905677
                                                            0x00905679
                                                            0x0090567b
                                                            0x00905680
                                                            0x00905686
                                                            0x00905686
                                                            0x00905688
                                                            0x0090568a
                                                            0x0090568a
                                                            0x0090569a
                                                            0x00000000
                                                            0x0090569a
                                                            0x009055fc
                                                            0x00905600
                                                            0x00905605
                                                            0x0090560b
                                                            0x0090560b
                                                            0x0090560d
                                                            0x0090560f
                                                            0x0090560f
                                                            0x0090561f
                                                            0x00000000

                                                            APIs
                                                            • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 009055E9
                                                            • GetLastError.KERNEL32 ref: 009055F6
                                                            • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 0090563D
                                                            • GetLastError.KERNEL32 ref: 00905671
                                                            • CloseHandle.KERNEL32(00000000,c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp,000000C8,00000000), ref: 009056A5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLast$CloseCreateHandleRead
                                                            • String ID: %ls.R$@Mqt$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 3160720760-3279515078
                                                            • Opcode ID: 1888908de4e2d57d1fd37bf261561f6b6b52c1c5c7fe812ba274d7d97859a4b5
                                                            • Instruction ID: 45d11a64d9fe3774b22751bcaff038e4798a262746d3e05446b4c9788e46ec94
                                                            • Opcode Fuzzy Hash: 1888908de4e2d57d1fd37bf261561f6b6b52c1c5c7fe812ba274d7d97859a4b5
                                                            • Instruction Fuzzy Hash: 8631F672951A29EFEB208B54CD45BAF7AB8EF41724F124215FE01EB2D0D7769C00DEA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CC8A5 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 97fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 50%
                                                            			E008CC8A5(void* __edx, signed short _a4, intOrPtr _a8) {
				char _v8;
				signed short _v12;
				void* __ecx;
				void* _t30;
				intOrPtr _t36;
				intOrPtr* _t38;
				signed short _t41;
				void* _t46;
				void* _t49;
				signed short _t52;

				_t46 = __edx;
				_push(_t40);
				_t38 = _a4;
				_t52 = 0;
				_v8 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(_t38 + 4)) > 0) {
					_t41 = 0;
					_a4 = 0;
					while(1) {
						_t49 =  *_t38 + _t41;
						_t7 = _t49 + 4; // 0xe0680a79
						_t52 = E008CCD19(_t41, _a8,  *_t7,  &_v8);
						if(_t52 < 0) {
							break;
						}
						_t10 = _t49 + 8; // 0x8c5402
						_t52 = E008C229E(_t10,  *((intOrPtr*)(_v8 + 0x50)), 0);
						if(_t52 < 0) {
							_push("Failed to get catalog local file path");
							L17:
							_push(_t52);
							E008FFB09();
						} else {
							_t12 = _t49 + 8; // 0xe90090aa
							_t30 = CreateFileW( *_t12, 0x80000000, 5, 0, 3, 0x8000000, 0);
							 *(_t49 + 0xc) = _t30;
							if(_t30 == 0xffffffff) {
								_t52 = GetLastError();
								__eflags = _t52;
								if(__eflags > 0) {
									_t52 = _t52 & 0x0000ffff | 0x80070000;
									__eflags = _t52;
								}
								if(__eflags >= 0) {
									_t52 = 0x80004005;
								}
								E008C38BA(_t31, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\catalog.cpp", 0x76, _t52);
								_t22 = _t49 + 8; // 0xe90090aa
								_push( *_t22);
								_push("Failed to open catalog in working path: %ls");
								goto L14;
							} else {
								_t14 = _t49 + 8; // 0xe90090aa
								_t52 = E008DAA79(_t46, _v8,  *_t14, _t30);
								if(_t52 < 0) {
									_t21 = _t49 + 8; // 0xe90090aa
									_push( *_t21);
									_push("Failed to verify catalog signature: %ls");
									L14:
									_push(_t52);
									E008FFB09();
								} else {
									_t36 = _v12 + 1;
									_t41 = _a4 + 0x10;
									_v12 = _t36;
									_a4 = _t41;
									if(_t36 <  *((intOrPtr*)(_t38 + 4))) {
										continue;
									} else {
									}
								}
							}
						}
						goto L19;
					}
					_push("Failed to find payload for catalog file.");
					goto L17;
				}
				L19:
				return _t52;
			}













                                                            0x008cc8a5
                                                            0x008cc8a9
                                                            0x008cc8ab
                                                            0x008cc8b1
                                                            0x008cc8b3
                                                            0x008cc8b6
                                                            0x008cc8bc
                                                            0x008cc8c2
                                                            0x008cc8c4
                                                            0x008cc8c8
                                                            0x008cc8cd
                                                            0x008cc8d0
                                                            0x008cc8db
                                                            0x008cc8df
                                                            0x00000000
                                                            0x00000000
                                                            0x008cc8e8
                                                            0x008cc8f6
                                                            0x008cc8fa
                                                            0x008cc998
                                                            0x008cc9a4
                                                            0x008cc9a4
                                                            0x008cc9a5
                                                            0x008cc900
                                                            0x008cc912
                                                            0x008cc915
                                                            0x008cc91b
                                                            0x008cc921
                                                            0x008cc960
                                                            0x008cc962
                                                            0x008cc964
                                                            0x008cc969
                                                            0x008cc96f
                                                            0x008cc96f
                                                            0x008cc971
                                                            0x008cc973
                                                            0x008cc973
                                                            0x008cc980
                                                            0x008cc985
                                                            0x008cc985
                                                            0x008cc988
                                                            0x00000000
                                                            0x008cc923
                                                            0x008cc924
                                                            0x008cc92f
                                                            0x008cc933
                                                            0x008cc950
                                                            0x008cc950
                                                            0x008cc953
                                                            0x008cc98d
                                                            0x008cc98d
                                                            0x008cc98e
                                                            0x008cc935
                                                            0x008cc93b
                                                            0x008cc93c
                                                            0x008cc93f
                                                            0x008cc942
                                                            0x008cc948
                                                            0x00000000
                                                            0x00000000
                                                            0x008cc94e
                                                            0x008cc948
                                                            0x008cc933
                                                            0x008cc921
                                                            0x00000000
                                                            0x008cc9ac
                                                            0x008cc99f
                                                            0x00000000
                                                            0x008cc99f
                                                            0x008cc9ad
                                                            0x008cc9b2

                                                            APIs
                                                              • Part of subcall function 008CCD19: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,008CE3ED,000000FF,00000000,00000000,008CE3ED,?,?,008CDB97,?,?,?,?), ref: 008CCD44
                                                            • CreateFileW.KERNEL32(E90090AA,80000000,00000005,00000000,00000003,08000000,00000000,008C5402,?,00000000,840F01E8,E0680A79,00000001,008C53FA,00000000,008C54C6), ref: 008CC915
                                                            • GetLastError.KERNEL32(?,?,?,008D76FC,008C56AA,008C54B6,008C54B6,00000000,?,008C54C6,FFF9E89D,008C54C6,008C54FA,008C5482,?,008C5482), ref: 008CC95A
                                                            Strings
                                                            • Failed to find payload for catalog file., xrefs: 008CC99F
                                                            • Failed to verify catalog signature: %ls, xrefs: 008CC953
                                                            • Failed to get catalog local file path, xrefs: 008CC998
                                                            • @Mqt, xrefs: 008CC95A
                                                            • c:\agent\_work\66\s\src\burn\engine\catalog.cpp, xrefs: 008CC97B
                                                            • Failed to open catalog in working path: %ls, xrefs: 008CC988
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareCreateErrorFileLastString
                                                            • String ID: @Mqt$Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$c:\agent\_work\66\s\src\burn\engine\catalog.cpp
                                                            • API String ID: 1774366664-1087030872
                                                            • Opcode ID: 5504093a24bbb0861ca0ce7e779a9fad96b4710af4c6d4cf31ee48a31607a229
                                                            • Instruction ID: 0ac4be5faa421572f5f3fabb3e149fa233c64fbabf56e9edb9ba1089c4a96dce
                                                            • Opcode Fuzzy Hash: 5504093a24bbb0861ca0ce7e779a9fad96b4710af4c6d4cf31ee48a31607a229
                                                            • Instruction Fuzzy Hash: E931B332900626BFD7119B69CC01F5ABFB4FF04750F21862AFA09FB290E671E9508B95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C9B5C Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 57%
                                                            			E008C9B5C(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed char _t18;
				signed short _t34;

				_v8 = _v8 & 0x00000000;
				_t30 = _a4;
				if(E008C7303(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0) >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						if((_t18 & 0x00000010) == 0) {
							_t34 = 0x80070003;
							goto L10;
						}
						_t34 = E008C821A(_a8,  *((intOrPtr*)(_t30 + 4)), _v8, 0);
						if(_t34 >= 0) {
							goto L10;
						}
						_push("Failed to set directory search path variable.");
						goto L2;
					} else {
						_t34 = GetLastError();
						if(_t34 > 0) {
							_t34 = _t34 & 0x0000ffff | 0x80070000;
						}
						L10:
						if(_t34 == 0x80070002 || _t34 == 0x80070003) {
							_push(_t34);
							_push(_v8);
							E008FFFF0(2, "Directory search: %ls, did not find path: %ls, reason: 0x%x",  *_t30);
							_t34 = 0;
						} else {
							if(_t34 < 0) {
								_push(_v8);
								E008FFB09(_t34, "Failed while searching directory search: %ls, for path: %ls",  *_t30);
							}
						}
						goto L15;
					}
				} else {
					_push("Failed to format variable string.");
					L2:
					_push(_t34);
					E008FFB09();
					L15:
					E008C287D(_v8);
					return _t34;
				}
			}






                                                            0x008c9b60
                                                            0x008c9b69
                                                            0x008c9b7e
                                                            0x008c9b95
                                                            0x008c9b9e
                                                            0x008c9bb9
                                                            0x008c9bd8
                                                            0x00000000
                                                            0x008c9bd8
                                                            0x008c9bcb
                                                            0x008c9bcf
                                                            0x00000000
                                                            0x00000000
                                                            0x008c9bd1
                                                            0x00000000
                                                            0x008c9ba0
                                                            0x008c9ba6
                                                            0x008c9baa
                                                            0x008c9baf
                                                            0x008c9baf
                                                            0x008c9bdd
                                                            0x008c9be3
                                                            0x008c9c06
                                                            0x008c9c07
                                                            0x008c9c13
                                                            0x008c9c1b
                                                            0x008c9bed
                                                            0x008c9bef
                                                            0x008c9bf1
                                                            0x008c9bfc
                                                            0x008c9c01
                                                            0x008c9bef
                                                            0x00000000
                                                            0x008c9be3
                                                            0x008c9b80
                                                            0x008c9b80
                                                            0x008c9b85
                                                            0x008c9b85
                                                            0x008c9b86
                                                            0x008c9c1d
                                                            0x008c9c20
                                                            0x008c9c2a
                                                            0x008c9c2a

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 008C9B75
                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,008CA880,00000100,000002C0,000002C0,00000100), ref: 008C9B95
                                                            • GetLastError.KERNEL32(?,008CA880,00000100,000002C0,000002C0,00000100), ref: 008C9BA0
                                                            Strings
                                                            • Failed to set directory search path variable., xrefs: 008C9BD1
                                                            • Failed to format variable string., xrefs: 008C9B80
                                                            • @Mqt, xrefs: 008C9BA0
                                                            • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 008C9C0C
                                                            • Failed while searching directory search: %ls, for path: %ls, xrefs: 008C9BF6
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesErrorFileLastOpen@16
                                                            • String ID: @Mqt$Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                            • API String ID: 1811509786-1251989916
                                                            • Opcode ID: 79841139cfe10c53eee5b2cb050a7d95b490d319e775d0543f5c999a3af06ad3
                                                            • Instruction ID: 75645cb0dd7d5f2443a80ef849a2c990025a3c0da3836e725035cdf8ee6327c9
                                                            • Opcode Fuzzy Hash: 79841139cfe10c53eee5b2cb050a7d95b490d319e775d0543f5c999a3af06ad3
                                                            • Instruction Fuzzy Hash: 2611C333840139BACB121A98AD0AF9DBA75FF40734F2142A9FD80F61A1E735DD50A6D5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D68AE Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53synchronizationthreadCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 43%
                                                            			E008D68AE(void* __ecx, void* _a4) {
				long _v8;
				signed short _t16;
				signed short _t20;

				_v8 = _v8 & 0x00000000;
				if(WaitForSingleObject(_a4, 0xffffffff) == 0) {
					if(GetExitCodeThread(_a4,  &_v8) == 0) {
						_t16 = GetLastError();
						if(_t16 > 0) {
							_t16 = _t16 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t16;
						if(_t16 >= 0) {
							_t16 = 0x80004005;
							_v8 = 0x80004005;
						}
						E008C38BA(_t16, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\core.cpp", 0x633, _t16);
						_push("Failed to get cache thread exit code.");
						goto L12;
					}
				} else {
					_t20 = GetLastError();
					if(_t20 > 0) {
						_t20 = _t20 & 0x0000ffff | 0x80070000;
					}
					_v8 = _t20;
					if(_t20 >= 0) {
						_t20 = 0x80004005;
						_v8 = 0x80004005;
					}
					E008C38BA(_t20, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\core.cpp", 0x62e, _t20);
					_push("Failed to wait for cache thread to terminate.");
					L12:
					_push(_v8);
					E008FFB09();
				}
				return _v8;
			}






                                                            0x008d68b2
                                                            0x008d68c3
                                                            0x008d690c
                                                            0x008d690e
                                                            0x008d6916
                                                            0x008d691b
                                                            0x008d691b
                                                            0x008d6920
                                                            0x008d6925
                                                            0x008d6927
                                                            0x008d692c
                                                            0x008d692c
                                                            0x008d693a
                                                            0x008d693f
                                                            0x00000000
                                                            0x008d693f
                                                            0x008d68c5
                                                            0x008d68c5
                                                            0x008d68cd
                                                            0x008d68d2
                                                            0x008d68d2
                                                            0x008d68d7
                                                            0x008d68dc
                                                            0x008d68de
                                                            0x008d68e3
                                                            0x008d68e3
                                                            0x008d68f1
                                                            0x008d68f6
                                                            0x008d6944
                                                            0x008d6944
                                                            0x008d6947
                                                            0x008d694d
                                                            0x008d6952

                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,008D6DE9,?,?,00000000,crypt32.dll,00000000,00000001), ref: 008D68BB
                                                            • GetLastError.KERNEL32(?,008D6DE9,?,?,00000000,crypt32.dll,00000000,00000001), ref: 008D68C5
                                                            • GetExitCodeThread.KERNEL32(00000001,00000000,?,008D6DE9,?,?,00000000,crypt32.dll,00000000,00000001), ref: 008D6904
                                                            • GetLastError.KERNEL32(?,008D6DE9,?,?,00000000,crypt32.dll,00000000,00000001), ref: 008D690E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                            • String ID: @Mqt$Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$c:\agent\_work\66\s\src\burn\engine\core.cpp
                                                            • API String ID: 3686190907-1949184541
                                                            • Opcode ID: 9307ebeae5056b8e956ee42764d605ea28f5ec08e055763e4916bacdc8f12887
                                                            • Instruction ID: b96844dc8e08bba2377b55fc69e7969b34e12bd92dab0f4402df134fe0c1af0d
                                                            • Opcode Fuzzy Hash: 9307ebeae5056b8e956ee42764d605ea28f5ec08e055763e4916bacdc8f12887
                                                            • Instruction Fuzzy Hash: 5611A57075420FFFE7009F649D11B6A7BB8FF00754F10417AB900E5290EB3ACA50A765
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008DAA79 Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 55%
                                                            			E008DAA79(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				char _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed short _t40;
				intOrPtr _t52;
				void* _t60;
				signed short _t62;
				signed int _t66;
				signed short _t70;
				signed short _t71;

				_t60 = __edx;
				_t35 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t35 ^ _t66;
				_t52 = _a4;
				_v80 = _a12;
				_t61 = _a8;
				_v48 =  &_v88;
				_push( &_v72);
				_t40 =  &_v24;
				_v76 = 0;
				_v68 = 0;
				_v64 = 0;
				_v56 = 0;
				_v40 = 0;
				_v36 = 0;
				_v28 = 0;
				_push(_t40);
				_push(0xffffffff);
				_v24 = 0xaac56b;
				_v20 = 0x11d0cd44;
				_v16 = 0xc000c28c;
				_v12 = 0xee95c24f;
				_v88 = 0x10;
				_v84 = _a8;
				_v72 = 0x30;
				_v52 = 1;
				_v44 = 1;
				_v32 = 0x80;
				_v60 = 2;
				L008FEE0B();
				if(_t40 == 0) {
					L7:
					_push(_v40);
					L008FEE3C();
					__eflags = _t40;
					if(_t40 != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(_t40);
						L008FEE2C();
						__eflags = _t40;
						if(_t40 != 0) {
							_t62 = E008D9158(_t52,  *((intOrPtr*)(_t40 + 0x28)));
							__eflags = _t62;
							if(_t62 < 0) {
								_push("Failed to verify expected payload against actual certificate chain.");
								goto L21;
							}
						} else {
							_t62 = GetLastError();
							__eflags = _t62;
							if(__eflags > 0) {
								_t62 = _t62 & 0x0000ffff | 0x80070000;
								__eflags = _t62;
							}
							if(__eflags >= 0) {
								_t62 = 0x80004005;
							}
							E008C38BA(_t45, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x3f0, _t62);
							_push("Failed to get signer chain from authenticode certificate.");
							goto L21;
						}
					} else {
						_t62 = GetLastError();
						__eflags = _t62;
						if(__eflags > 0) {
							_t62 = _t62 & 0x0000ffff | 0x80070000;
							__eflags = _t62;
						}
						if(__eflags >= 0) {
							_t62 = 0x80004005;
						}
						E008C38BA(_t47, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x3ed, _t62);
						_push("Failed to get provider state from authenticode certificate.");
						L21:
						_push(_t62);
						E008FFB09();
					}
				} else {
					_v32 = _v32 | 0x00001000;
					_push( &_v72);
					_t40 =  &_v24;
					_push(_t40);
					_push(0xffffffff);
					L008FEE0B();
					_t62 = _t40;
					_t70 = _t62;
					if(_t70 == 0) {
						goto L7;
					} else {
						if(_t70 > 0) {
							_t71 = _t62;
						}
						if(_t71 >= 0) {
							_t62 = 0x80004005;
						}
						E008C38BA(_t40, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x3e9, _t62);
						E008FFB09(_t62, "Failed authenticode verification of payload: %ls", _t61);
					}
				}
				return E008EDD1F(_t52, _v8 ^ _t66, _t60, _t61, _t62);
			}



































                                                            0x008daa79
                                                            0x008daa7f
                                                            0x008daa86
                                                            0x008daa8f
                                                            0x008daa92
                                                            0x008daa9a
                                                            0x008daa9d
                                                            0x008daaa3
                                                            0x008daaa4
                                                            0x008daaa7
                                                            0x008daaaa
                                                            0x008daaad
                                                            0x008daab0
                                                            0x008daab3
                                                            0x008daab6
                                                            0x008daab9
                                                            0x008daabd
                                                            0x008daabe
                                                            0x008daac0
                                                            0x008daac7
                                                            0x008daace
                                                            0x008daad5
                                                            0x008daadc
                                                            0x008daae3
                                                            0x008daae6
                                                            0x008daaed
                                                            0x008daaf0
                                                            0x008daaf3
                                                            0x008daafa
                                                            0x008dab01
                                                            0x008dab08
                                                            0x008dab5e
                                                            0x008dab5e
                                                            0x008dab61
                                                            0x008dab66
                                                            0x008dab68
                                                            0x008daba1
                                                            0x008daba2
                                                            0x008daba3
                                                            0x008daba4
                                                            0x008daba5
                                                            0x008dabaa
                                                            0x008dabac
                                                            0x008dabec
                                                            0x008dabee
                                                            0x008dabf0
                                                            0x008dabf2
                                                            0x00000000
                                                            0x008dabf2
                                                            0x008dabae
                                                            0x008dabb4
                                                            0x008dabb6
                                                            0x008dabb8
                                                            0x008dabbd
                                                            0x008dabc3
                                                            0x008dabc3
                                                            0x008dabc5
                                                            0x008dabc7
                                                            0x008dabc7
                                                            0x008dabd7
                                                            0x008dabdc
                                                            0x00000000
                                                            0x008dabdc
                                                            0x008dab6a
                                                            0x008dab70
                                                            0x008dab72
                                                            0x008dab74
                                                            0x008dab79
                                                            0x008dab7f
                                                            0x008dab7f
                                                            0x008dab81
                                                            0x008dab83
                                                            0x008dab83
                                                            0x008dab93
                                                            0x008dab98
                                                            0x008dabf7
                                                            0x008dabf7
                                                            0x008dabf8
                                                            0x008dabfe
                                                            0x008dab0a
                                                            0x008dab0a
                                                            0x008dab14
                                                            0x008dab15
                                                            0x008dab18
                                                            0x008dab19
                                                            0x008dab1b
                                                            0x008dab20
                                                            0x008dab22
                                                            0x008dab24
                                                            0x00000000
                                                            0x008dab26
                                                            0x008dab26
                                                            0x008dab31
                                                            0x008dab31
                                                            0x008dab33
                                                            0x008dab35
                                                            0x008dab35
                                                            0x008dab45
                                                            0x008dab51
                                                            0x008dab56
                                                            0x008dab24
                                                            0x008dac0f

                                                            APIs
                                                            • GetLastError.KERNEL32(008C54C6,000000FF,008C5482,008D76FC,008C53FA,00000000,?), ref: 008DAB6A
                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,008C54C6,000000FF,008C5482,008D76FC,008C53FA,00000000,?), ref: 008DABAE
                                                              • Part of subcall function 008D9158: _memcmp.LIBVCRUNTIME ref: 008D91E6
                                                              • Part of subcall function 008D9158: _memcmp.LIBVCRUNTIME ref: 008D9220
                                                            Strings
                                                            • Failed authenticode verification of payload: %ls, xrefs: 008DAB4B
                                                            • 0, xrefs: 008DAAE6
                                                            • Failed to get provider state from authenticode certificate., xrefs: 008DAB98
                                                            • Failed to get signer chain from authenticode certificate., xrefs: 008DABDC
                                                            • Failed to verify expected payload against actual certificate chain., xrefs: 008DABF2
                                                            • @Mqt, xrefs: 008DAB6A, 008DABAE
                                                            • c:\agent\_work\66\s\src\burn\engine\cache.cpp, xrefs: 008DAB40, 008DAB8E, 008DABD2
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast_memcmp
                                                            • String ID: 0$@Mqt$Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$c:\agent\_work\66\s\src\burn\engine\cache.cpp
                                                            • API String ID: 3428363238-2182953372
                                                            • Opcode ID: c86813e65c3031269457deb1b797d292c6d8381ee068e2cf767963c02bc5917b
                                                            • Instruction ID: 210ef168b343471e7182154df7b2f7376194f0179e3e470ef82a5dced8a317bf
                                                            • Opcode Fuzzy Hash: c86813e65c3031269457deb1b797d292c6d8381ee068e2cf767963c02bc5917b
                                                            • Instruction Fuzzy Hash: F3418472D41229ABD714DFA8D845AEEBBB4FF04724F21022BF901F7340D77499418BA6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00907C88 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 157COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 92%
                                                            			E00907C88(void* __ecx, void* __eflags, signed int _a4, intOrPtr* _a8) {
				short* _v8;
				void* __ebx;
				void* __edi;
				signed int _t44;
				signed int _t50;
				short* _t51;
				signed int _t53;
				signed int _t62;
				short* _t65;
				short** _t73;
				signed int _t76;
				short* _t81;
				intOrPtr* _t84;

				_t81 = 0;
				_t84 = E008C39DF(0x10, 1);
				_t73 =  *(_a4 + 0x44);
				while(_t73 != 0) {
					if(CompareStringW(0x7f, 0,  *_t73, 0xffffffff, L"http://appsyndication.org/2006/appsyn", 0xffffffff) != 2 || CompareStringW(0x7f, 0, _t73[1], 0xffffffff, L"application", 0xffffffff) != 2) {
						L9:
						_t73 = _t73[4];
						continue;
					} else {
						_t81 = E008C229E(_t84, _t73[2], 0);
						if(_t81 < 0) {
							L30:
							if(_t84 != 0) {
								E00907E3A(_t73, _t81, _t84);
							}
							return _t81;
						}
						_t65 = _t73[3];
						while(1) {
							_v8 = _t65;
							if(_t65 == 0) {
								goto L9;
							}
							_t6 =  &(_t65[2]); // 0x700079
							if(CompareStringW(0x7f, 0,  *_t6, 0xffffffff, L"type", 0xffffffff) != 2) {
								L7:
								_t65 = _v8[6];
								continue;
							}
							_t9 = _t84 + 4; // 0x4
							_t81 = E008C229E(_t9, _v8[4], 0);
							if(_t81 < 0) {
								goto L30;
							}
							goto L7;
						}
						goto L9;
					}
				}
				_t73 = _a4;
				_t76 = _t73[0xc];
				if(_t76 == 0) {
					L23:
					_t44 =  *(_t84 + 8);
					if(_t44 == _t76) {
						L29:
						 *_a8 = _t84;
						_t84 = 0;
						goto L30;
					}
					if(_t44 == 0) {
						if( *(_t84 + 0xc) != 0) {
							E008C3AA4( *(_t84 + 0xc));
							 *(_t84 + 0xc) =  *(_t84 + 0xc) & 0x00000000;
						}
						goto L29;
					}
					_t50 = E008C3B7C( *(_t84 + 0xc), _t44 << 6, 0);
					 *(_t84 + 0xc) = _t50;
					if(_t50 != 0) {
						goto L29;
					}
					_t51 = 0x8007000e;
					_push(0x8007000e);
					_push(0x6c);
					L14:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\apuputil.cpp");
					_t81 = _t51;
					E008C38BA(_t51);
					goto L30;
				}
				_t53 = E008C39DF(_t76 << 6, 1);
				 *(_t84 + 0xc) = _t53;
				if(_t53 != 0) {
					_a4 = _a4 & 0x00000000;
					if(_t73[0xc] <= 0) {
						L22:
						E00909AA0(_t53,  *(_t84 + 8), 0x40, 0x907615, 0);
						_t76 = _t73[0xc];
						goto L23;
					}
					_t78 = 0;
					_v8 = 0;
					while(1) {
						_t81 = E009078F7(_t73[0xd] + _t78,  *_t84, ( *(_t84 + 8) << 6) +  *(_t84 + 0xc));
						if(_t81 < 0) {
							goto L30;
						}
						if(_t81 != 1) {
							 *(_t84 + 8) =  *(_t84 + 8) + 1;
						}
						_t62 = _a4 + 1;
						_t78 =  &(_v8[0x20]);
						_a4 = _t62;
						_v8 =  &(_v8[0x20]);
						if(_t62 < _t73[0xc]) {
							continue;
						} else {
							_t53 =  *(_t84 + 0xc);
							goto L22;
						}
					}
					goto L30;
				}
				_t51 = 0x8007000e;
				_push(0x8007000e);
				_push(0x54);
				goto L14;
			}
















                                                            0x00907c93
                                                            0x00907c9d
                                                            0x00907c9f
                                                            0x00907d3c
                                                            0x00907cbf
                                                            0x00907d39
                                                            0x00907d39
                                                            0x00000000
                                                            0x00907cdc
                                                            0x00907ce7
                                                            0x00907ceb
                                                            0x00907e27
                                                            0x00907e29
                                                            0x00907e2c
                                                            0x00907e2c
                                                            0x00907e37
                                                            0x00907e37
                                                            0x00907cf1
                                                            0x00907d32
                                                            0x00907d32
                                                            0x00907d37
                                                            0x00000000
                                                            0x00000000
                                                            0x00907cff
                                                            0x00907d0f
                                                            0x00907d2c
                                                            0x00907d2f
                                                            0x00000000
                                                            0x00907d2f
                                                            0x00907d19
                                                            0x00907d22
                                                            0x00907d26
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00907d26
                                                            0x00000000
                                                            0x00907d32
                                                            0x00907cbf
                                                            0x00907d44
                                                            0x00907d47
                                                            0x00907d4c
                                                            0x00907de1
                                                            0x00907de1
                                                            0x00907de6
                                                            0x00907e20
                                                            0x00907e23
                                                            0x00907e25
                                                            0x00000000
                                                            0x00907e25
                                                            0x00907dea
                                                            0x00907e12
                                                            0x00907e17
                                                            0x00907e1c
                                                            0x00907e1c
                                                            0x00000000
                                                            0x00907e12
                                                            0x00907df5
                                                            0x00907dfa
                                                            0x00907dff
                                                            0x00000000
                                                            0x00000000
                                                            0x00907e01
                                                            0x00907e06
                                                            0x00907e07
                                                            0x00907d6c
                                                            0x00907d6c
                                                            0x00907d71
                                                            0x00907d73
                                                            0x00000000
                                                            0x00907d73
                                                            0x00907d58
                                                            0x00907d5d
                                                            0x00907d62
                                                            0x00907d7d
                                                            0x00907d85
                                                            0x00907dc9
                                                            0x00907dd6
                                                            0x00907ddb
                                                            0x00000000
                                                            0x00907dde
                                                            0x00907d87
                                                            0x00907d89
                                                            0x00907d8c
                                                            0x00907da3
                                                            0x00907da7
                                                            0x00000000
                                                            0x00000000
                                                            0x00907dac
                                                            0x00907dae
                                                            0x00907dae
                                                            0x00907db7
                                                            0x00907db8
                                                            0x00907dbb
                                                            0x00907dbe
                                                            0x00907dc4
                                                            0x00000000
                                                            0x00907dc6
                                                            0x00907dc6
                                                            0x00000000
                                                            0x00907dc6
                                                            0x00907dc4
                                                            0x00000000
                                                            0x00907d8c
                                                            0x00907d64
                                                            0x00907d69
                                                            0x00907d6a
                                                            0x00000000

                                                            APIs
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000410,?,?,008E8D9E,000002C0,00000100), ref: 00907CB6
                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,008E8D9E,000002C0,00000100,000002C0,000002C0,00000100,000002C0,00000410), ref: 00907CD1
                                                            Strings
                                                            • type, xrefs: 00907CF8
                                                            • application, xrefs: 00907CC3
                                                            • c:\agent\_work\66\s\src\libs\dutil\apuputil.cpp, xrefs: 00907D6C
                                                            • http://appsyndication.org/2006/appsyn, xrefs: 00907CA9
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareHeapString$AllocateProcess
                                                            • String ID: application$c:\agent\_work\66\s\src\libs\dutil\apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                            • API String ID: 2664528157-536847345
                                                            • Opcode ID: 483c2890a8f9352c8c002c5e94cacdb095655446b1cb2f08534d0b6eefb04171
                                                            • Instruction ID: a2ad06219535002ee2ac398fb22200b3b2c2e449e36cfe4df7643277ffa0c273
                                                            • Opcode Fuzzy Hash: 483c2890a8f9352c8c002c5e94cacdb095655446b1cb2f08534d0b6eefb04171
                                                            • Instruction Fuzzy Hash: 4D519F31A08316AFEB209E98CC81F2AB7A9EF40734F208558F965EB2D5D674FD41DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008ED016 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 50%
                                                            			E008ED016(char _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				char _v28;
				void* _t48;
				signed int _t60;
				char _t69;
				void* _t71;

				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t69 = _a4;
				WaitForSingleObject( *(_t69 + 0xc), 0xffffffff);
				ReleaseMutex( *(_t69 + 0xc));
				_v16 = _v16 & 0x00000000;
				_push(_a12);
				_v28 = 2;
				_v24 = 1;
				_v20 = (( *( *((intOrPtr*)(_t69 + 0x10)) + 0x218) & 0x000000ff) + ( *( *((intOrPtr*)(_t69 + 0x10)) + 0x218) & 0x000000ff) >> 1) * 0x64 / 0xff;
				_push( &_v28);
				if(_a8() == 2) {
					WaitForSingleObject( *(_t69 + 0xc), 0xffffffff);
					 *((char*)( *((intOrPtr*)(_t69 + 0x10)) + 2)) = 1;
					 *((char*)( *((intOrPtr*)(_t69 + 0x10)) + 3)) = 1;
					ReleaseMutex( *(_t69 + 0xc));
					SetEvent( *(_t69 + 8));
				}
				_t48 = E008ECE8D(_t69,  &_v12,  &_v8,  &_a4);
				_t60 = _v8;
				_t71 = _t48;
				if(_t71 >= 0) {
					__eflags = _v12 - 0x1070001;
					if(__eflags == 0) {
						_t71 = E008ECF33(__eflags, _t69, _t60, _a8, _a12);
						__eflags = _t71;
						if(_t71 < 0) {
							_push("Failed to send files in use message from netfx chainer.");
							goto L7;
						}
					}
				} else {
					_push("Failed to get message from netfx chainer.");
					L7:
					_push(_t71);
					E008FFB09();
				}
				if(_t60 != 0) {
					E008C3AA4(_t60);
				}
				return _t71;
			}













                                                            0x008ed01c
                                                            0x008ed020
                                                            0x008ed02d
                                                            0x008ed035
                                                            0x008ed049
                                                            0x008ed059
                                                            0x008ed067
                                                            0x008ed06a
                                                            0x008ed071
                                                            0x008ed07a
                                                            0x008ed080
                                                            0x008ed087
                                                            0x008ed08e
                                                            0x008ed093
                                                            0x008ed09a
                                                            0x008ed0a1
                                                            0x008ed0aa
                                                            0x008ed0aa
                                                            0x008ed0bd
                                                            0x008ed0c2
                                                            0x008ed0c5
                                                            0x008ed0c9
                                                            0x008ed0d2
                                                            0x008ed0d9
                                                            0x008ed0e8
                                                            0x008ed0ea
                                                            0x008ed0ec
                                                            0x008ed0ee
                                                            0x00000000
                                                            0x008ed0ee
                                                            0x008ed0ec
                                                            0x008ed0cb
                                                            0x008ed0cb
                                                            0x008ed0f3
                                                            0x008ed0f3
                                                            0x008ed0f4
                                                            0x008ed0fa
                                                            0x008ed0fd
                                                            0x008ed100
                                                            0x008ed100
                                                            0x008ed10b

                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,000000FF,7476F730,00000000,?,?,?,008ED312,?), ref: 008ED035
                                                            • ReleaseMutex.KERNEL32(?,?,?,008ED312,?), ref: 008ED049
                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 008ED08E
                                                            • ReleaseMutex.KERNEL32(?), ref: 008ED0A1
                                                            • SetEvent.KERNEL32(?), ref: 008ED0AA
                                                            Strings
                                                            • Failed to send files in use message from netfx chainer., xrefs: 008ED0EE
                                                            • Failed to get message from netfx chainer., xrefs: 008ED0CB
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: MutexObjectReleaseSingleWait$Event
                                                            • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
                                                            • API String ID: 2608678126-3424578679
                                                            • Opcode ID: 83fec838dd5b81ce4a2f5d43c59720d6305d5881de874a1e1c9925da81623262
                                                            • Instruction ID: a007fc0b9199a8078ad426be8f7dc21df9d921726f83abe822d3f77ecf4e7610
                                                            • Opcode Fuzzy Hash: 83fec838dd5b81ce4a2f5d43c59720d6305d5881de874a1e1c9925da81623262
                                                            • Instruction Fuzzy Hash: E331F43290465ABFCB019F69CC44EEEBBB8FF06324F148225F510E2250CB74D9559BD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D8CC3 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 73%
                                                            			E008D8CC3(void* __ecx, intOrPtr _a4, WCHAR* _a8) {
				char _v8;
				struct _ACL _v16;
				void* _t12;
				signed short _t20;
				char _t29;
				signed short _t30;

				_t12 = 0x20000004;
				_t29 = 0;
				_v16.AclRevision = 0;
				_v16.AceCount = 0;
				_v8 = 0;
				_t33 = _a4;
				if(_a4 == 0) {
					L11:
					_t30 = E00904E42( &_v16, _a8, 1, _t12, _t29, 0,  &_v16, 0, 3, 0x7d0);
					SetFileAttributesW(_a8, 0x80);
				} else {
					if(E008D80F6(__ecx, _t33, 0x1a,  &_v8) >= 0) {
						_t20 = InitializeAcl( &_v16, 8, 2);
						__eflags = _t20;
						if(_t20 != 0) {
							_t29 = _v8;
							_t12 = 0x20000005;
							goto L11;
						} else {
							_t30 = GetLastError();
							__eflags = _t30;
							if(__eflags > 0) {
								_t30 = _t30 & 0x0000ffff | 0x80070000;
								__eflags = _t30;
							}
							if(__eflags >= 0) {
								_t30 = 0x80004005;
							}
							E008C38BA(_t21, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\cache.cpp", 0x601, _t30);
							_push("Failed to initialize ACL.");
							goto L3;
						}
					} else {
						_push("Failed to allocate administrator SID.");
						L3:
						_push(_t30);
						E008FFB09();
						_t29 = _v8;
					}
				}
				if(_t29 != 0) {
					E008C3AA4(_t29);
				}
				return _t30;
			}









                                                            0x008d8ccc
                                                            0x008d8cd3
                                                            0x008d8cd5
                                                            0x008d8cd8
                                                            0x008d8cdb
                                                            0x008d8cde
                                                            0x008d8ce1
                                                            0x008d8d55
                                                            0x008d8d76
                                                            0x008d8d78
                                                            0x008d8ce3
                                                            0x008d8cf2
                                                            0x008d8d0e
                                                            0x008d8d14
                                                            0x008d8d16
                                                            0x008d8d4d
                                                            0x008d8d50
                                                            0x00000000
                                                            0x008d8d18
                                                            0x008d8d1e
                                                            0x008d8d20
                                                            0x008d8d22
                                                            0x008d8d27
                                                            0x008d8d2d
                                                            0x008d8d2d
                                                            0x008d8d2f
                                                            0x008d8d31
                                                            0x008d8d31
                                                            0x008d8d41
                                                            0x008d8d46
                                                            0x00000000
                                                            0x008d8d46
                                                            0x008d8cf4
                                                            0x008d8cf4
                                                            0x008d8cf9
                                                            0x008d8cf9
                                                            0x008d8cfa
                                                            0x008d8cff
                                                            0x008d8d03
                                                            0x008d8cf2
                                                            0x008d8d80
                                                            0x008d8d83
                                                            0x008d8d83
                                                            0x008d8d8e

                                                            APIs
                                                            • InitializeAcl.ADVAPI32(?,00000008,00000002,0000001A,?,?,00000000,00000000,?,?,?), ref: 008D8D0E
                                                            • GetLastError.KERNEL32 ref: 008D8D18
                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,00000001,20000004,00000000,00000000,?,00000000,00000003,000007D0,?,00000000,00000000,?,?), ref: 008D8D78
                                                            Strings
                                                            • Failed to initialize ACL., xrefs: 008D8D46
                                                            • @Mqt, xrefs: 008D8D18
                                                            • c:\agent\_work\66\s\src\burn\engine\cache.cpp, xrefs: 008D8D3C
                                                            • Failed to allocate administrator SID., xrefs: 008D8CF4
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesErrorFileInitializeLast
                                                            • String ID: @Mqt$Failed to allocate administrator SID.$Failed to initialize ACL.$c:\agent\_work\66\s\src\burn\engine\cache.cpp
                                                            • API String ID: 669721577-1667120060
                                                            • Opcode ID: 5ac8f3f8c4925ef4a0d577594f1a29505d50ca28de29ea69505a8a11a675efcb
                                                            • Instruction ID: 2de597659790f1231cd0bde5634983b7869a88a938278b70debae17758a47f97
                                                            • Opcode Fuzzy Hash: 5ac8f3f8c4925ef4a0d577594f1a29505d50ca28de29ea69505a8a11a675efcb
                                                            • Instruction Fuzzy Hash: 5521BB72E40219FBD7215AD99C46F9EB779FF50B50F118166BA00F73C0EA749D009691
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C4263 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 87%
                                                            			E008C4263(void* __ecx, WCHAR** _a4) {
				long _v8;
				long _t6;
				signed short _t10;
				WCHAR* _t16;
				long _t17;
				WCHAR** _t21;
				signed short _t24;
				signed short _t34;

				_t16 = 0;
				_t21 = _a4;
				_t6 = 0;
				_v8 = 0;
				_t24 = 0;
				if(_t21 == 0 ||  *_t21 == 0) {
					L5:
					_t17 = GetCurrentDirectoryW(_t6, _t16);
					if(_t17 != 0) {
						__eflags = _v8 - _t17;
						if(_v8 >= _t17) {
							goto L20;
						}
						_t24 = E008C1FE0(_t21, _t17);
						__eflags = _t24;
						if(_t24 < 0) {
							goto L20;
						}
						_t10 = GetCurrentDirectoryW(_t17,  *_t21);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L20;
						}
						_t24 = GetLastError();
						__eflags = _t24;
						if(__eflags > 0) {
							_t24 = _t24 & 0x0000ffff | 0x80070000;
							__eflags = _t24;
						}
						if(__eflags >= 0) {
							_t24 = 0x80004005;
						}
						_push(_t24);
						_push(0x190);
						L19:
						_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dirutil.cpp");
						E008C38BA(_t11);
						goto L20;
					}
					_t24 = GetLastError();
					if(_t24 > 0) {
						_t24 = _t24 & 0x0000ffff | 0x80070000;
						_t34 = _t24;
					}
					if(_t34 >= 0) {
						_t24 = 0x80004005;
					}
					_push(_t24);
					_push(0x187);
					goto L19;
				} else {
					_t24 = E008C2847( *_t21,  &_v8);
					if(_t24 < 0) {
						L20:
						return _t24;
					}
					_t6 = _v8;
					if(_t6 != 0) {
						_t16 =  *_t21;
					}
					goto L5;
				}
			}











                                                            0x008c4269
                                                            0x008c426c
                                                            0x008c426f
                                                            0x008c4271
                                                            0x008c4274
                                                            0x008c4278
                                                            0x008c429c
                                                            0x008c42a4
                                                            0x008c42a8
                                                            0x008c42d0
                                                            0x008c42d3
                                                            0x00000000
                                                            0x00000000
                                                            0x008c42dc
                                                            0x008c42de
                                                            0x008c42e0
                                                            0x00000000
                                                            0x00000000
                                                            0x008c42e5
                                                            0x008c42eb
                                                            0x008c42ed
                                                            0x00000000
                                                            0x00000000
                                                            0x008c42f5
                                                            0x008c42f7
                                                            0x008c42f9
                                                            0x008c42fe
                                                            0x008c4304
                                                            0x008c4304
                                                            0x008c4306
                                                            0x008c4308
                                                            0x008c4308
                                                            0x008c430d
                                                            0x008c430e
                                                            0x008c4313
                                                            0x008c4313
                                                            0x008c4318
                                                            0x00000000
                                                            0x008c4318
                                                            0x008c42b0
                                                            0x008c42b4
                                                            0x008c42b9
                                                            0x008c42bf
                                                            0x008c42bf
                                                            0x008c42c1
                                                            0x008c42c3
                                                            0x008c42c3
                                                            0x008c42c8
                                                            0x008c42c9
                                                            0x00000000
                                                            0x008c427e
                                                            0x008c4289
                                                            0x008c428d
                                                            0x008c431d
                                                            0x008c4323
                                                            0x008c4323
                                                            0x008c4293
                                                            0x008c4298
                                                            0x008c429a
                                                            0x008c429a
                                                            0x00000000
                                                            0x008c4298

                                                            APIs
                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00000000,crypt32.dll,?,?,008D3FAF,00000001,feclient.dll,?,00000000,?,?,?,008C4B57), ref: 008C429E
                                                            • GetLastError.KERNEL32(?,?,008D3FAF,00000001,feclient.dll,?,00000000,?,?,?,008C4B57,?,?,0090A488,?,00000001), ref: 008C42AA
                                                            • GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,008D3FAF,00000001,feclient.dll,?,00000000,?,?,?,008C4B57,?), ref: 008C42E5
                                                            • GetLastError.KERNEL32(?,?,008D3FAF,00000001,feclient.dll,?,00000000,?,?,?,008C4B57,?,?,0090A488,?,00000001), ref: 008C42EF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectoryErrorLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp$crypt32.dll
                                                            • API String ID: 152501406-3004288549
                                                            • Opcode ID: 6a6be28ff1d0606abc40dbe3efd702550d66a6dd2058745edef5b854885d1ec5
                                                            • Instruction ID: e4f5efec90b968b0615718421b53026857b83e3aa239f3a61b8d50a46e5f8a70
                                                            • Opcode Fuzzy Hash: 6a6be28ff1d0606abc40dbe3efd702550d66a6dd2058745edef5b854885d1ec5
                                                            • Instruction Fuzzy Hash: E111A272A01336ABEB214AE94855F5FA678FF41754B11013DBD00FB340E634DC408AE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C9A9F Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 62%
                                                            			E008C9A9F(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed short _t17;
				void* _t25;
				signed char _t28;
				signed short _t33;

				_v8 = _v8 & 0x00000000;
				_t30 = _a4;
				_t33 = E008C7303(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0);
				if(_t33 >= 0) {
					_t28 = GetFileAttributesW(_v8);
					if(_t28 != 0xffffffff) {
						_t17 = 0;
						_t25 = 0;
						if((_t28 & 0x00000010) != 0) {
							_t17 = 1;
							goto L11;
						}
					} else {
						_t33 = GetLastError();
						if(_t33 > 0) {
							_t33 = _t33 & 0x0000ffff | 0x80070000;
						}
						if(_t33 == 0x80070002 || _t33 == 0x80070003) {
							_t33 = 0;
						}
						_t17 = 0;
						L11:
						_t25 = 0;
					}
					if(_t33 >= 0) {
						_t33 = E008C8274(_a8,  *((intOrPtr*)(_t30 + 4)), _t17, _t25, 0);
						if(_t33 < 0) {
							_push("Failed to set variable.");
							goto L16;
						}
					} else {
						_push(_v8);
						E008FFB09(_t33, "Failed while searching directory search: %ls, for path: %ls",  *_t30);
					}
				} else {
					_push("Failed to format variable string.");
					L16:
					_push(_t33);
					E008FFB09();
				}
				E008C287D(_v8);
				return _t33;
			}








                                                            0x008c9aa3
                                                            0x008c9aac
                                                            0x008c9abd
                                                            0x008c9ac1
                                                            0x008c9ad3
                                                            0x008c9ad8
                                                            0x008c9b05
                                                            0x008c9b07
                                                            0x008c9b0c
                                                            0x008c9b0e
                                                            0x00000000
                                                            0x008c9b0e
                                                            0x008c9ada
                                                            0x008c9ae0
                                                            0x008c9ae4
                                                            0x008c9ae9
                                                            0x008c9ae9
                                                            0x008c9af5
                                                            0x008c9aff
                                                            0x008c9aff
                                                            0x008c9b01
                                                            0x008c9b0f
                                                            0x008c9b0f
                                                            0x008c9b0f
                                                            0x008c9b13
                                                            0x008c9b39
                                                            0x008c9b3d
                                                            0x008c9b3f
                                                            0x00000000
                                                            0x008c9b3f
                                                            0x008c9b15
                                                            0x008c9b15
                                                            0x008c9b20
                                                            0x008c9b25
                                                            0x008c9ac3
                                                            0x008c9ac3
                                                            0x008c9b44
                                                            0x008c9b44
                                                            0x008c9b45
                                                            0x008c9b4b
                                                            0x008c9b4f
                                                            0x008c9b59

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 008C9AB8
                                                            • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,008CA889,00000100,000002C0,000002C0,00000100), ref: 008C9ACD
                                                            • GetLastError.KERNEL32(?,008CA889,00000100,000002C0,000002C0,00000100), ref: 008C9ADA
                                                            Strings
                                                            • Failed to set variable., xrefs: 008C9B3F
                                                            • Failed to format variable string., xrefs: 008C9AC3
                                                            • @Mqt, xrefs: 008C9ADA
                                                            • Failed while searching directory search: %ls, for path: %ls, xrefs: 008C9B1A
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AttributesErrorFileLastOpen@16
                                                            • String ID: @Mqt$Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                            • API String ID: 1811509786-237658025
                                                            • Opcode ID: 220bda01bdacb5f1aa11af2c268125ebfbf844d8ccfa9d259062a4d2c64e3017
                                                            • Instruction ID: c1106985b53a66c27c6541b41b2b48ce5a73b2dc45eb48200bf1413618672e33
                                                            • Opcode Fuzzy Hash: 220bda01bdacb5f1aa11af2c268125ebfbf844d8ccfa9d259062a4d2c64e3017
                                                            • Instruction Fuzzy Hash: 7C11E433940536BBCB1266A8EC0AFAEB675FF01730F2142A9F941F6191E771DE10A6D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F5929 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 69%
                                                            			E008F5929(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_push(_t30);
				_t36 = GetLastError();
				_t2 =  *0x92a060; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E008F71F5(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E008F82DC(_t20, _t25, _t31, __eflags,  *0x92a060, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E008F579B(_t25, _t31, 0x92b0fc);
							E008F5CE8(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E008F5CE8();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E008F4A66(_t20, _t25, _t29, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x92a060; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E008F71F5(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E008F82DC(_t21, _t27, _t32, __eflags,  *0x92a060, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E008F579B(_t27, _t32, 0x92b0fc);
									E008F5CE8(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E008F5CE8();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E008F8286(0, _t25, _t31, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E008F8286(__ebx, _t23, _t30, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}






















                                                            0x008f5929
                                                            0x008f5929
                                                            0x008f5929
                                                            0x008f592c
                                                            0x008f5933
                                                            0x008f5935
                                                            0x008f593a
                                                            0x008f593d
                                                            0x008f594b
                                                            0x008f5952
                                                            0x008f5957
                                                            0x008f595a
                                                            0x008f595d
                                                            0x008f596f
                                                            0x008f5974
                                                            0x008f5976
                                                            0x008f5981
                                                            0x008f5988
                                                            0x008f598d
                                                            0x008f5990
                                                            0x008f5992
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f5978
                                                            0x008f5978
                                                            0x00000000
                                                            0x008f5978
                                                            0x008f595f
                                                            0x008f595f
                                                            0x008f5960
                                                            0x008f5960
                                                            0x008f5965
                                                            0x008f59a0
                                                            0x008f59a1
                                                            0x008f59a7
                                                            0x008f59ac
                                                            0x008f59af
                                                            0x008f59b0
                                                            0x008f59b1
                                                            0x008f59b8
                                                            0x008f59ba
                                                            0x008f59bc
                                                            0x008f59c1
                                                            0x008f59c4
                                                            0x008f59d2
                                                            0x008f59de
                                                            0x008f59e1
                                                            0x008f59e4
                                                            0x008f59f6
                                                            0x008f59fb
                                                            0x008f59fd
                                                            0x008f5a08
                                                            0x008f5a0e
                                                            0x008f5a16
                                                            0x008f5a18
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f59ff
                                                            0x008f59ff
                                                            0x00000000
                                                            0x008f59ff
                                                            0x008f59e6
                                                            0x008f59e6
                                                            0x008f59e7
                                                            0x008f59e7
                                                            0x008f5a1a
                                                            0x008f5a1b
                                                            0x008f5a1b
                                                            0x008f59c6
                                                            0x008f59cc
                                                            0x008f59d0
                                                            0x008f5a23
                                                            0x008f5a24
                                                            0x008f5a2a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f59d0
                                                            0x008f5a31
                                                            0x008f5a31
                                                            0x008f593f
                                                            0x008f5945
                                                            0x008f5949
                                                            0x008f5994
                                                            0x008f5995
                                                            0x008f599f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f5949

                                                            APIs
                                                            • GetLastError.KERNEL32(?,00000000,008F12E7,00000000,775FA76F,?,008F15EB,00000000,775FA76F,00000000,00000000), ref: 008F592D
                                                            • _free.LIBCMT ref: 008F5960
                                                            • _free.LIBCMT ref: 008F5988
                                                            • SetLastError.KERNEL32(00000000,775FA76F,00000000,00000000), ref: 008F5995
                                                            • SetLastError.KERNEL32(00000000,775FA76F,00000000,00000000), ref: 008F59A1
                                                            • _abort.LIBCMT ref: 008F59A7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free$_abort
                                                            • String ID: @Mqt
                                                            • API String ID: 3160817290-2740872224
                                                            • Opcode ID: a4713bea2cd4dd0d199013340b0d8da0e6659ca4582e1f224a8a4c21a5ac60a9
                                                            • Instruction ID: 74d7ea2c59fa83118871c876da5b4c3b5837c9596c80ebdc0cd4da09f3950386
                                                            • Opcode Fuzzy Hash: a4713bea2cd4dd0d199013340b0d8da0e6659ca4582e1f224a8a4c21a5ac60a9
                                                            • Instruction Fuzzy Hash: 4DF08136288F0DABC616233D7C0AB3B2D59FBC1B35B250124F729E2192EEA189425167
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008E5954 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 70%
                                                            			E008E5954(void* __ecx, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36) {
				intOrPtr _v8;
				intOrPtr _t124;
				void* _t126;
				intOrPtr _t152;
				intOrPtr _t155;
				intOrPtr* _t157;
				signed int _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t173;
				signed int _t182;
				signed int _t183;
				intOrPtr* _t194;
				signed int _t196;
				intOrPtr _t197;
				signed int _t199;
				intOrPtr _t202;
				intOrPtr* _t204;
				signed int _t205;
				intOrPtr* _t207;

				_push(__ecx);
				_t169 = _a8;
				_t196 = _a12;
				if(_t169 == 0) {
					_t202 =  *((intOrPtr*)(_t196 + 0x5c));
				} else {
					_t202 =  *((intOrPtr*)(_t196 + 0x64));
				}
				if(_t169 == 0) {
					_t124 =  *((intOrPtr*)(_t196 + 0x60));
				} else {
					_t124 =  *((intOrPtr*)(_t196 + 0x68));
				}
				_a12 = _a12 & 0x00000000;
				_t175 = 0;
				_v8 = _t124;
				_a8 = 0;
				if(_t124 == 0) {
					L14:
					_push( &_a12);
					_push(_t196);
					_t218 = _t169;
					if(_t169 == 0) {
						_t126 = E008D1DF0(_t175, __eflags);
					} else {
						_t126 = E008D1E37(_t175, _t218);
					}
					if(_t126 >= 0) {
						_t204 = _a32;
						 *_a12 = 6;
						 *((intOrPtr*)(_a12 + 0x24)) = _a24;
						 *((intOrPtr*)(_a12 + 8)) = _a28;
						__eflags =  *_t204 - 4;
						 *(_a12 + 0x18) = 0 |  *_t204 == 0x00000004;
						 *((intOrPtr*)(_a12 + 0x20)) = E008E36F3( *((intOrPtr*)(_a28 + 0x98)), _a4,  *((intOrPtr*)(_a12 + 0x24)));
						 *((intOrPtr*)(_a12 + 0x10)) =  *((intOrPtr*)(_t204 + 0x58));
						 *((intOrPtr*)(_a12 + 0x14)) =  *((intOrPtr*)(_t204 + 0x5c));
						_t205 = E008C229E(_a12 + 0xc, _t204 + 8, 0);
						__eflags = _t205;
						if(_t205 >= 0) {
							_t182 = _a12;
							__eflags =  *(_t182 + 0x18);
							if( *(_t182 + 0x18) != 0) {
								 *((intOrPtr*)(_t196 + 0xc)) = 1;
							}
							_t197 = _a28;
							_t72 = _t182 + 0x1c; // 0x1c
							E008D4426(_t182, _t197,  *((intOrPtr*)(_t182 + 0xc)), _t169, _a16, _a20, _t72);
							_t183 = _a12;
							goto L23;
						}
						_push("Failed to copy target product code.");
					} else {
						_push("Failed to plan action for target product.");
					}
					goto L28;
				} else {
					_t207 = _t202 + 0x18;
					do {
						_t157 = _t207 - 0x18;
						_a12 = _t157;
						if( *_t157 == 6 &&  *((intOrPtr*)(_t207 + 0xc)) == _a24) {
							_t194 = _a32;
							if( *_t207 != (0 |  *_t194 == 0x00000004)) {
								goto L13;
							}
							if(CompareStringW(0, 0,  *(_t207 - 0xc), 0xffffffff, _t194 + 8, 0xffffffff) == 2) {
								_t175 = _a12;
								__eflags = _a12;
								if(__eflags == 0) {
									goto L14;
								}
								__eflags = _t169;
								if(__eflags != 0) {
									L22:
									_t197 = _a28;
									L23:
									_t41 = _t183 + 0x28; // 0x28
									_t205 = E008C3A01(_t183, __eflags, _t41,  *((intOrPtr*)(_t183 + 0x2c)) + 1, 8, 2);
									__eflags = _t205;
									if(_t205 >= 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_a12 + 0x28)) +  *(_a12 + 0x2c) * 8)) =  *((intOrPtr*)(_a32 + 4));
										 *((intOrPtr*)( *((intOrPtr*)(_a12 + 0x28)) + 4 +  *(_a12 + 0x2c) * 8)) = _t197;
										 *(_a12 + 0x2c) =  *(_a12 + 0x2c) + 1;
										_t170 = _a12;
										_t199 =  *((intOrPtr*)(_t170 + 0x2c)) - 1;
										__eflags = _t199;
										if(_t199 == 0) {
											L29:
											return _t205;
										} else {
											goto L36;
										}
										while(1) {
											L36:
											_t172 =  *((intOrPtr*)(_t170 + 0x28));
											_t152 =  *((intOrPtr*)(_t172 + _t199 * 8));
											__eflags = _t152 -  *((intOrPtr*)(_t172 + _t199 * 8 - 8));
											if(_t152 >=  *((intOrPtr*)(_t172 + _t199 * 8 - 8))) {
												goto L29;
											}
											 *((intOrPtr*)(_t172 + _t199 * 8 - 8)) = _t152;
											 *((intOrPtr*)(_t172 + _t199 * 8 - 4)) =  *((intOrPtr*)(_t172 + 4 + _t199 * 8));
											_t155 =  *((intOrPtr*)(_a12 + 0x28));
											 *((intOrPtr*)(_t155 + _t199 * 8)) =  *((intOrPtr*)(_t172 + _t199 * 8 - 8));
											 *((intOrPtr*)(_t155 + 4 + _t199 * 8)) =  *((intOrPtr*)(_t172 + _t199 * 8 - 4));
											_t199 = _t199 - 1;
											__eflags = _t199;
											if(_t199 == 0) {
												goto L29;
											}
											_t170 = _a12;
										}
										goto L29;
									}
									_push("Failed grow array of ordered patches.");
									L28:
									_push(_t205);
									E008FFB09();
									goto L29;
								}
								__eflags = _a36 - _t169;
								if(__eflags == 0) {
									goto L22;
								}
								_a24 = _a24 & _t169;
								_t173 = _a8;
								_t205 = E008D2454(_t175, __eflags, _t173, _t196,  &_a24);
								__eflags = _t205;
								if(_t205 >= 0) {
									 *_a24 = 2;
									 *((intOrPtr*)(_a24 + 8)) = _a36;
									_t36 = _t173 + 1; // 0x1
									_t183 = _t36 * 0x30 +  *((intOrPtr*)(_t196 + 0x5c));
									__eflags = _t183;
									_a12 = _t183;
									goto L22;
								}
								_push("Failed to insert execute action.");
								goto L28;
							}
							_t175 = _a8;
						}
						L13:
						_a12 = _a12 & 0x00000000;
						_t207 = _t207 + 0x30;
						_t175 = _t175 + 1;
						_a8 = _t175;
					} while (_t175 < _v8);
					goto L14;
				}
			}























                                                            0x008e5957
                                                            0x008e5959
                                                            0x008e595e
                                                            0x008e5963
                                                            0x008e596a
                                                            0x008e5965
                                                            0x008e5965
                                                            0x008e5965
                                                            0x008e596f
                                                            0x008e5976
                                                            0x008e5971
                                                            0x008e5971
                                                            0x008e5971
                                                            0x008e5979
                                                            0x008e597d
                                                            0x008e597f
                                                            0x008e5982
                                                            0x008e5987
                                                            0x008e59db
                                                            0x008e59de
                                                            0x008e59df
                                                            0x008e59e0
                                                            0x008e59e2
                                                            0x008e5a5d
                                                            0x008e59e4
                                                            0x008e59e4
                                                            0x008e59e4
                                                            0x008e5a66
                                                            0x008e5a84
                                                            0x008e5a8a
                                                            0x008e5a93
                                                            0x008e5a9b
                                                            0x008e5a9e
                                                            0x008e5aa7
                                                            0x008e5ac3
                                                            0x008e5acc
                                                            0x008e5ad5
                                                            0x008e5ae8
                                                            0x008e5aea
                                                            0x008e5aec
                                                            0x008e5af8
                                                            0x008e5afb
                                                            0x008e5aff
                                                            0x008e5b01
                                                            0x008e5b01
                                                            0x008e5b08
                                                            0x008e5b0b
                                                            0x008e5b1a
                                                            0x008e5b1f
                                                            0x00000000
                                                            0x008e5b1f
                                                            0x008e5aee
                                                            0x008e5a68
                                                            0x008e5a68
                                                            0x008e5a68
                                                            0x00000000
                                                            0x008e5989
                                                            0x008e5989
                                                            0x008e598c
                                                            0x008e598c
                                                            0x008e598f
                                                            0x008e5995
                                                            0x008e599f
                                                            0x008e59ac
                                                            0x00000000
                                                            0x00000000
                                                            0x008e59c6
                                                            0x008e59eb
                                                            0x008e59ee
                                                            0x008e59f0
                                                            0x00000000
                                                            0x00000000
                                                            0x008e59f2
                                                            0x008e59f4
                                                            0x008e5a37
                                                            0x008e5a37
                                                            0x008e5a3a
                                                            0x008e5a43
                                                            0x008e5a4c
                                                            0x008e5a4e
                                                            0x008e5a50
                                                            0x008e5b36
                                                            0x008e5b42
                                                            0x008e5b49
                                                            0x008e5b4c
                                                            0x008e5b52
                                                            0x008e5b52
                                                            0x008e5b55
                                                            0x008e5a75
                                                            0x008e5a7b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008e5b5b
                                                            0x008e5b5b
                                                            0x008e5b5b
                                                            0x008e5b5e
                                                            0x008e5b61
                                                            0x008e5b65
                                                            0x00000000
                                                            0x00000000
                                                            0x008e5b73
                                                            0x008e5b7b
                                                            0x008e5b82
                                                            0x008e5b85
                                                            0x008e5b88
                                                            0x008e5b8c
                                                            0x008e5b8c
                                                            0x008e5b8f
                                                            0x00000000
                                                            0x00000000
                                                            0x008e5b95
                                                            0x008e5b95
                                                            0x00000000
                                                            0x008e5b5b
                                                            0x008e5a56
                                                            0x008e5a6d
                                                            0x008e5a6d
                                                            0x008e5a6e
                                                            0x00000000
                                                            0x008e5a74
                                                            0x008e59f6
                                                            0x008e59f9
                                                            0x00000000
                                                            0x00000000
                                                            0x008e59fb
                                                            0x008e5a01
                                                            0x008e5a0c
                                                            0x008e5a0e
                                                            0x008e5a10
                                                            0x008e5a1f
                                                            0x008e5a28
                                                            0x008e5a2b
                                                            0x008e5a31
                                                            0x008e5a31
                                                            0x008e5a34
                                                            0x00000000
                                                            0x008e5a34
                                                            0x008e5a12
                                                            0x00000000
                                                            0x008e5a12
                                                            0x008e59c8
                                                            0x008e59c8
                                                            0x008e59cb
                                                            0x008e59cb
                                                            0x008e59cf
                                                            0x008e59d2
                                                            0x008e59d3
                                                            0x008e59d6
                                                            0x00000000
                                                            0x008e598c

                                                            APIs
                                                            • CompareStringW.KERNEL32(00000000,00000000,0090A500,000000FF,feclient.dll,000000FF,00000000,00000000,?,?,?,008E6548,?,00000001,?,00000000), ref: 008E59BD
                                                            Strings
                                                            • Failed to copy target product code., xrefs: 008E5AEE
                                                            • Failed to insert execute action., xrefs: 008E5A12
                                                            • Failed to plan action for target product., xrefs: 008E5A68
                                                            • Failed grow array of ordered patches., xrefs: 008E5A56
                                                            • feclient.dll, xrefs: 008E59B3, 008E5ADB
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString
                                                            • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.$feclient.dll
                                                            • API String ID: 1825529933-3477540455
                                                            • Opcode ID: 8ab6c27edadb800e8961bba3fe6930eefb8358f56236cc0e73984d23fa32c6f9
                                                            • Instruction ID: 59dcefab71462b7f6a14d272c8a8fb2992d1e3e673a52aa5697c74dfe345fb51
                                                            • Opcode Fuzzy Hash: 8ab6c27edadb800e8961bba3fe6930eefb8358f56236cc0e73984d23fa32c6f9
                                                            • Instruction Fuzzy Hash: 108125B560079AEFCB14CF59C880AAA77A5FF09328F15866AEC159B352D730EC51CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00905B40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 129fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 52%
                                                            			E00905B40(void* __ecx, intOrPtr _a4, void* _a8, long _a12, void* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				signed int _v8;
				signed int _v12;
				signed int _t47;
				intOrPtr* _t48;
				void* _t52;
				void* _t58;
				signed int _t59;
				intOrPtr* _t62;
				signed short _t65;

				_t60 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t62 = _a12;
				_t65 = E0090412E(__ecx, _a8,  *_t62,  *((intOrPtr*)(_t62 + 4)), 0, 0);
				if(_t65 >= 0) {
					while(1) {
						L2:
						_push( &_v8);
						_push(_a32);
						_push(_a28);
						_push(_a4);
						if( *0x92a990() == 0) {
							break;
						}
						if(_v8 != 0) {
							_t58 = 0;
							_a12 = _a12 & 0;
							while(WriteFile(_a8, _a28 + _t58, _v8 - _t58,  &_a12, 0) != 0) {
								_t58 = _t58 + _a12;
								if(_a12 == 0 || _t58 >= _v8) {
									 *_t62 =  *_t62 + _t58;
									_t47 = 0;
									asm("adc [edi+0x4], eax");
									if(_a16 != 0xffffffff) {
										_t59 = _t47;
										_v12 = _t47;
										if(E0090412E(_t60, _a16, _t47, _t47, _t47, _t47) >= 0) {
											do {
												_push(0);
												_push( &_v12);
												_t52 = 8;
												WriteFile(_a16, _t62 + _t59 * 8, _t52 - _t59, ??, ??);
												_t59 = _t59 + _v12;
											} while (_v12 != 0 && _t59 < 8);
										}
									}
									_t48 = _a36;
									if(_t48 == 0 ||  *_t48 == 0) {
										L15:
										if(_v8 != 0) {
											goto L2;
										} else {
										}
									} else {
										_t65 = E0090547D(_t48,  *_t62,  *((intOrPtr*)(_t62 + 4)), _a20, _a24, _a8);
										if(_t65 >= 0) {
											goto L15;
										}
									}
								} else {
									continue;
								}
								goto L28;
							}
							_t65 = GetLastError();
							__eflags = _t65;
							if(__eflags > 0) {
								_t65 = _t65 & 0x0000ffff | 0x80070000;
								__eflags = _t65;
							}
							if(__eflags >= 0) {
								_t65 = 0x80004005;
							}
							_push(_t65);
							_push(0x1a6);
							L27:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp");
							E008C38BA(_t39);
						}
						L28:
						goto L29;
					}
					_t65 = GetLastError();
					__eflags = _t65;
					if(__eflags > 0) {
						_t65 = _t65 & 0x0000ffff | 0x80070000;
						__eflags = _t65;
					}
					if(__eflags >= 0) {
						_t65 = 0x80004005;
					}
					_push(_t65);
					_push(0x19a);
					goto L27;
				}
				L29:
				return _t65;
			}












                                                            0x00905b40
                                                            0x00905b43
                                                            0x00905b44
                                                            0x00905b45
                                                            0x00905b4b
                                                            0x00905b5f
                                                            0x00905b63
                                                            0x00905b6a
                                                            0x00905b6a
                                                            0x00905b6d
                                                            0x00905b6e
                                                            0x00905b71
                                                            0x00905b74
                                                            0x00905b7f
                                                            0x00000000
                                                            0x00000000
                                                            0x00905b89
                                                            0x00905b8f
                                                            0x00905b91
                                                            0x00905b94
                                                            0x00905bb7
                                                            0x00905bbe
                                                            0x00905bc5
                                                            0x00905bc9
                                                            0x00905bca
                                                            0x00905bd1
                                                            0x00905bda
                                                            0x00905bdc
                                                            0x00905be6
                                                            0x00905be8
                                                            0x00905be8
                                                            0x00905bed
                                                            0x00905bf0
                                                            0x00905bfb
                                                            0x00905c01
                                                            0x00905c04
                                                            0x00905be8
                                                            0x00905be6
                                                            0x00905c0f
                                                            0x00905c14
                                                            0x00905c35
                                                            0x00905c39
                                                            0x00000000
                                                            0x00000000
                                                            0x00905c3f
                                                            0x00905c1b
                                                            0x00905c2f
                                                            0x00905c33
                                                            0x00000000
                                                            0x00000000
                                                            0x00905c33
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00905bbe
                                                            0x00905c47
                                                            0x00905c49
                                                            0x00905c4b
                                                            0x00905c50
                                                            0x00905c56
                                                            0x00905c56
                                                            0x00905c58
                                                            0x00905c5a
                                                            0x00905c5a
                                                            0x00905c5f
                                                            0x00905c60
                                                            0x00905c8b
                                                            0x00905c8b
                                                            0x00905c90
                                                            0x00905c90
                                                            0x00905c95
                                                            0x00000000
                                                            0x00905c95
                                                            0x00905c6d
                                                            0x00905c6f
                                                            0x00905c71
                                                            0x00905c76
                                                            0x00905c7c
                                                            0x00905c7c
                                                            0x00905c7e
                                                            0x00905c80
                                                            0x00905c80
                                                            0x00905c85
                                                            0x00905c86
                                                            0x00000000
                                                            0x00905c86
                                                            0x00905c96
                                                            0x00905c9b

                                                            APIs
                                                              • Part of subcall function 0090412E: SetFilePointerEx.KERNEL32(?,?,?,?,?,00000000,?,?,?,008D8651,00000000,00000000,00000000,00000000,00000000), ref: 00904146
                                                              • Part of subcall function 0090412E: GetLastError.KERNEL32(?,?,?,008D8651,00000000,00000000,00000000,00000000,00000000), ref: 00904150
                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,009053FE,?,?,?,?,?,?,?,00010000,?), ref: 00905BA9
                                                            • WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,009053FE,?,?,?,?), ref: 00905BFB
                                                            • GetLastError.KERNEL32(?,009053FE,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 00905C41
                                                            • GetLastError.KERNEL32(?,009053FE,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 00905C67
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLast$Write$Pointer
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 133221148-3014452495
                                                            • Opcode ID: 986d4d2d8032275162de4926f3847b9764ec8cf14b282eadc15c0794c813dfbb
                                                            • Instruction ID: b31721b8cb77bba9bac5d1a24bbf7c2d2fcfd1241d0ad91d8d8a7ecf51c4abdb
                                                            • Opcode Fuzzy Hash: 986d4d2d8032275162de4926f3847b9764ec8cf14b282eadc15c0794c813dfbb
                                                            • Instruction Fuzzy Hash: 28418C7290072ABFEB218E94CD44BAB7BA8EF04754F160125BD40E61D0D374DDA0DFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FFBC6 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 63%
                                                            			E008FFBC6(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				short _v528;
				short _v1048;
				char _v1052;
				struct HINSTANCE__* _v1056;
				struct HINSTANCE__* _v1060;
				long _v1064;
				signed int _t25;
				long _t29;
				intOrPtr _t46;
				intOrPtr _t47;
				void* _t52;
				void* _t53;
				void* _t54;
				char* _t56;
				void* _t61;
				unsigned int _t62;
				unsigned int _t64;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t72;
				intOrPtr _t74;
				void* _t75;
				signed int _t76;
				void* _t77;

				_t68 = __edx;
				_t25 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t25 ^ _t76;
				_push(__ebx);
				_push(__esi);
				_t74 =  *0x92a77c; // 0x925ac8
				_push(__edi);
				_v1064 = 0x104;
				_v1060 = 0;
				_v1056 = 0;
				_v1052 = 0;
				_t29 = GetModuleFileNameW(0,  &_v528, 0x104);
				_t70 = 0x208;
				if(_t29 == 0) {
					E008EF600(0x208,  &_v528, 0, 0x208);
					_t77 = _t77 + 0xc;
				}
				if(E00904289( &_v528,  &_v1060,  &_v1056) < 0) {
					_v1060 = 0;
					_v1056 = 0;
				}
				if(GetComputerNameW( &_v1048,  &_v1064) != 0) {
					L7:
					E00907E99(_t70, _t83,  &_v1052, 0);
					_push(_v1052);
					_push("=== Logging started: %ls ===");
					_t71 = 2;
					_push(_t71);
					E008FFFF0();
					_t62 = _v1056;
					_push(_t62 & 0x0000ffff);
					_push(_t62 >> 0x10);
					_t64 = _v1060;
					_push(_t64 & 0x0000ffff);
					_push(_t64 >> 0x10);
					E008FFFF0(_t71, "Executable: %ls v%d.%d.%d.%d",  &_v528);
					E008FFFF0(_t71, "Computer  : %ls",  &_v1048);
					_t46 =  *0x92a778; // 0x3
					_t47 = _t46;
					if(_t47 == 0) {
						_t74 =  *0x92a790; // 0x925af4
					} else {
						_t52 = _t47 - 1;
						if(_t52 == 0) {
							_t74 =  *0x92a780; // 0x925ad0
						} else {
							_t53 = _t52 - 1;
							if(_t53 == 0) {
								_t74 =  *0x92a784; // 0x925ad8
							} else {
								_t54 = _t53 - 1;
								if(_t54 == 0) {
									_t74 =  *0x92a788; // 0x925ae4
								} else {
									if(_t54 == 1) {
										_t74 =  *0x92a78c; // 0x925aec
									}
								}
							}
						}
					}
					E008FFFF0(_t71, "--- logging level: %hs ---", _t74);
					_pop(_t72);
					_pop(_t75);
					_pop(_t61);
					if(_v1052 != 0) {
						E008C2762(_v1052);
					}
					return E008EDD1F(_t61, _v8 ^ _t76, _t68, _t72, _t75);
				} else {
					_t56 =  &_v1048;
					do {
						 *_t56 = 0;
						_t56 = _t56 + 1;
						_t70 = _t70 - 1;
						_t83 = _t70;
					} while (_t70 != 0);
					goto L7;
				}
			}





























                                                            0x008ffbc6
                                                            0x008ffbcf
                                                            0x008ffbd6
                                                            0x008ffbd9
                                                            0x008ffbda
                                                            0x008ffbdb
                                                            0x008ffbe6
                                                            0x008ffbe8
                                                            0x008ffbf6
                                                            0x008ffbfe
                                                            0x008ffc04
                                                            0x008ffc0a
                                                            0x008ffc10
                                                            0x008ffc17
                                                            0x008ffc22
                                                            0x008ffc27
                                                            0x008ffc27
                                                            0x008ffc46
                                                            0x008ffc48
                                                            0x008ffc4e
                                                            0x008ffc4e
                                                            0x008ffc6a
                                                            0x008ffc7a
                                                            0x008ffc82
                                                            0x008ffc87
                                                            0x008ffc8d
                                                            0x008ffc94
                                                            0x008ffc95
                                                            0x008ffc96
                                                            0x008ffc9b
                                                            0x008ffca4
                                                            0x008ffca8
                                                            0x008ffca9
                                                            0x008ffcb2
                                                            0x008ffcbc
                                                            0x008ffcc4
                                                            0x008ffcd6
                                                            0x008ffcdb
                                                            0x008ffce3
                                                            0x008ffce5
                                                            0x008ffd1b
                                                            0x008ffce7
                                                            0x008ffce7
                                                            0x008ffcea
                                                            0x008ffd13
                                                            0x008ffcec
                                                            0x008ffcec
                                                            0x008ffcef
                                                            0x008ffd0b
                                                            0x008ffcf1
                                                            0x008ffcf1
                                                            0x008ffcf4
                                                            0x008ffd03
                                                            0x008ffcf6
                                                            0x008ffcf9
                                                            0x008ffcfb
                                                            0x008ffcfb
                                                            0x008ffcf9
                                                            0x008ffcf4
                                                            0x008ffcef
                                                            0x008ffcea
                                                            0x008ffd28
                                                            0x008ffd37
                                                            0x008ffd38
                                                            0x008ffd39
                                                            0x008ffd3a
                                                            0x008ffd42
                                                            0x008ffd42
                                                            0x008ffd54
                                                            0x008ffc6c
                                                            0x008ffc6c
                                                            0x008ffc72
                                                            0x008ffc72
                                                            0x008ffc74
                                                            0x008ffc75
                                                            0x008ffc75
                                                            0x008ffc75
                                                            0x00000000
                                                            0x008ffc72

                                                            APIs
                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 008FFC0A
                                                            • GetComputerNameW.KERNEL32 ref: 008FFC62
                                                            Strings
                                                            • Executable: %ls v%d.%d.%d.%d, xrefs: 008FFCBE
                                                            • === Logging started: %ls ===, xrefs: 008FFC8D
                                                            • --- logging level: %hs ---, xrefs: 008FFD22
                                                            • Computer : %ls, xrefs: 008FFCD0
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Name$ComputerFileModule
                                                            • String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d
                                                            • API String ID: 2577110986-3153207428
                                                            • Opcode ID: d808704e4e985fc23b89d4a17c76ffa52e5806d803c0d9c8a58b484e2e71599f
                                                            • Instruction ID: 08c72e804344e0a7d0882ce258ace86f755d6f116374d859aed379a98967cc9b
                                                            • Opcode Fuzzy Hash: d808704e4e985fc23b89d4a17c76ffa52e5806d803c0d9c8a58b484e2e71599f
                                                            • Instruction Fuzzy Hash: 62413DF290012C9BCB209B78DC85ABA77BCFF55314F1041B9FB05E3152D630AE859AA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008DD2BA Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 21%
                                                            			E008DD2BA(void* __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr* _t18;
				void* _t57;
				intOrPtr _t58;
				void* _t60;
				void* _t61;
				void* _t64;

				_v8 = _v8 | 0xffffffff;
				_t58 = _a4;
				_t18 =  *((intOrPtr*)(_t58 + 0xc8));
				_t61 = E008CD644(_t58 + 0xb8, 1,  *((intOrPtr*)( *_t18 + 0x74))(_t18, _t57, _t60, __ecx));
				if(_t61 >= 0) {
					_push(__ebx);
					_t41 = _t58 + 0x4a0;
					if(E008D4D1A(_t58 + 0x4a0, __edx, _t58 + 0x4a0, _t58 + 0x4a4) >= 0) {
						if(E008D4E6A(_t41, 1,  &_v8) >= 0) {
							_push(0x2000000a);
							_push(2);
							E008C563D();
							while(1) {
								_t64 = E008D5053( *((intOrPtr*)(_t58 + 0x49c)), _t41, 1, _a8);
								if(_t64 >= 0) {
									break;
								}
								if(_t64 != 0x800704c7) {
									L13:
									if(_t64 < 0) {
										goto L14;
									}
								} else {
									_t64 = 0x80070642;
									if(E008CD7FC(0x80070642,  *((intOrPtr*)(_t58 + 0xc8)), 0, 0, 0x80070642, 0, 0x15, 0) == 4) {
										continue;
									} else {
										L14:
										_push("Failed to elevate.");
										goto L16;
									}
								}
								goto L17;
							}
							_push(0x2000000b);
							_push(2);
							E008C563D();
							_t64 = E008D545D(_t41);
							if(_t64 < 0) {
								_push("Failed to connect to elevated child process.");
								goto L16;
							} else {
								_push(0x2000000c);
								_push(2);
								E008C563D();
								goto L13;
							}
						} else {
							_push("Failed to create pipe and cache pipe.");
							goto L16;
						}
					} else {
						_push("Failed to create pipe name and client token.");
						L16:
						_push(_t64);
						E008FFB09();
					}
					L17:
				} else {
					E008C38BA(_t21, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\elevation.cpp", 0x101, _t61);
					_push("UX aborted elevation requirement.");
					_push(_t61);
					E008FFB09();
				}
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_t64 < 0) {
					E008D4CA8(_t58 + 0x4a0);
				}
				return _t64;
			}










                                                            0x008dd2be
                                                            0x008dd2c4
                                                            0x008dd2c7
                                                            0x008dd2e2
                                                            0x008dd2e6
                                                            0x008dd30a
                                                            0x008dd312
                                                            0x008dd322
                                                            0x008dd33e
                                                            0x008dd34a
                                                            0x008dd34f
                                                            0x008dd351
                                                            0x008dd358
                                                            0x008dd369
                                                            0x008dd36d
                                                            0x00000000
                                                            0x00000000
                                                            0x008dd375
                                                            0x008dd3c1
                                                            0x008dd3c3
                                                            0x00000000
                                                            0x00000000
                                                            0x008dd377
                                                            0x008dd38b
                                                            0x008dd395
                                                            0x00000000
                                                            0x008dd397
                                                            0x008dd3c5
                                                            0x008dd3c5
                                                            0x00000000
                                                            0x008dd3c5
                                                            0x008dd395
                                                            0x00000000
                                                            0x008dd375
                                                            0x008dd399
                                                            0x008dd39e
                                                            0x008dd3a0
                                                            0x008dd3ad
                                                            0x008dd3b1
                                                            0x008dd3cc
                                                            0x00000000
                                                            0x008dd3b3
                                                            0x008dd3b3
                                                            0x008dd3b8
                                                            0x008dd3ba
                                                            0x00000000
                                                            0x008dd3c0
                                                            0x008dd340
                                                            0x008dd340
                                                            0x00000000
                                                            0x008dd340
                                                            0x008dd324
                                                            0x008dd324
                                                            0x008dd3d1
                                                            0x008dd3d1
                                                            0x008dd3d2
                                                            0x008dd3d8
                                                            0x008dd3d9
                                                            0x008dd2e8
                                                            0x008dd2f3
                                                            0x008dd2f8
                                                            0x008dd2fd
                                                            0x008dd2fe
                                                            0x008dd304
                                                            0x008dd3de
                                                            0x008dd3e3
                                                            0x008dd3e9
                                                            0x008dd3e9
                                                            0x008dd3ef
                                                            0x008dd3f8
                                                            0x008dd3f8
                                                            0x008dd402

                                                            APIs
                                                            • CloseHandle.KERNEL32(00000000,?,?,00000001,0090A500,?,00000001,000000FF,?,?,775FA770,00000000,00000001,00000000,?,008D73D9), ref: 008DD3E3
                                                            Strings
                                                            • Failed to create pipe name and client token., xrefs: 008DD324
                                                            • Failed to elevate., xrefs: 008DD3C5
                                                            • c:\agent\_work\66\s\src\burn\engine\elevation.cpp, xrefs: 008DD2EE
                                                            • Failed to create pipe and cache pipe., xrefs: 008DD340
                                                            • UX aborted elevation requirement., xrefs: 008DD2F8
                                                            • Failed to connect to elevated child process., xrefs: 008DD3CC
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle
                                                            • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$c:\agent\_work\66\s\src\burn\engine\elevation.cpp
                                                            • API String ID: 2962429428-2367031576
                                                            • Opcode ID: b7d42a487329ff78a48ea741e9f1476e928e37ff439a4ad3739db9a7a9a10d1b
                                                            • Instruction ID: 164ea83f8e7430e5b0c52be215c20826390e31e3fee6aac0c2d82d4a9c14e298
                                                            • Opcode Fuzzy Hash: b7d42a487329ff78a48ea741e9f1476e928e37ff439a4ad3739db9a7a9a10d1b
                                                            • Instruction Fuzzy Hash: 47312B72B41726BBE719A668DC42FAA675CFF00724F100317F905E6381EAB0ED4086D7
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00908C74 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00908C74(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t58;
				void* _t60;

				_t58 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v24 = 0;
				_t60 = E00900823(_a4,  *0x92a7e0, 0x20019,  &_v16);
				if(_t60 == 0x80070002 || _t60 < 0) {
					L17:
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _t60;
				} else {
					_t60 = E00900823(_v16, _a8, 0x20019,  &_v8);
					if(_t60 != 0x80070002 && _t60 >= 0) {
						_t60 = E00900823(_v8,  *0x92a7e4, 0x20019,  &_v12);
						if(_t60 != 0x80070002 && _t60 >= 0) {
							_t60 = E00900517(_t58, _v12, _a12, 0, 1);
							if(_t60 < 0) {
								goto L17;
							}
							_t60 = E00900886(_v12,  &_v20, 0);
							if(_t60 >= 0 && _v20 <= 0) {
								if(_v12 != 0) {
									RegCloseKey(_v12);
									_v12 = 0;
								}
								_t60 = E00900517(_t58, _v8,  *0x92a7e4, 0, 0);
								if(_t60 >= 0) {
									_t60 = E00900886(_v8, 0,  &_v24);
									if(_t60 >= 0 && _v24 == 0) {
										if(_v8 != 0) {
											RegCloseKey(_v8);
											_v8 = 0;
										}
										_t60 = E00900517(_t58, _v16, _a8, 0, 0);
									}
								}
							}
						}
					}
					goto L17;
				}
			}










                                                            0x00908c74
                                                            0x00908c8e
                                                            0x00908c94
                                                            0x00908c97
                                                            0x00908c9a
                                                            0x00908c9d
                                                            0x00908cab
                                                            0x00908cb3
                                                            0x00908d9b
                                                            0x00908d9e
                                                            0x00908da3
                                                            0x00908da5
                                                            0x00908da5
                                                            0x00908dab
                                                            0x00908db0
                                                            0x00908db2
                                                            0x00908db2
                                                            0x00908db8
                                                            0x00908dbd
                                                            0x00908dbd
                                                            0x00908dc5
                                                            0x00908cc1
                                                            0x00908cd5
                                                            0x00908cdd
                                                            0x00908d02
                                                            0x00908d0a
                                                            0x00908d26
                                                            0x00908d2a
                                                            0x00000000
                                                            0x00000000
                                                            0x00908d39
                                                            0x00908d3d
                                                            0x00908d47
                                                            0x00908d4c
                                                            0x00908d4e
                                                            0x00908d4e
                                                            0x00908d61
                                                            0x00908d65
                                                            0x00908d74
                                                            0x00908d78
                                                            0x00908d82
                                                            0x00908d87
                                                            0x00908d89
                                                            0x00908d89
                                                            0x00908d99
                                                            0x00908d99
                                                            0x00908d78
                                                            0x00908d65
                                                            0x00908d3d
                                                            0x00908d0a
                                                            0x00000000
                                                            0x00908cdd

                                                            APIs
                                                              • Part of subcall function 00900823: RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000001,0092AA7C,00000000,?,00904FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00900837
                                                            • RegCloseKey.ADVAPI32(00000001,00000001,crypt32.dll,00000000,00000001,0090A500,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 00908D4C
                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,crypt32.dll,00000000,00000001,0090A500,00000000,00000001,00000000,00020019), ref: 00908D87
                                                            • RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000,00000000,crypt32.dll), ref: 00908DA3
                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,crypt32.dll), ref: 00908DB0
                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,crypt32.dll), ref: 00908DBD
                                                              • Part of subcall function 00900886: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00908D39,00000001), ref: 0090089E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Close$InfoOpenQuery
                                                            • String ID: crypt32.dll
                                                            • API String ID: 796878624-1661610138
                                                            • Opcode ID: a02cb300760769d9605d234f1e33b633c4009a3759f92115601dd5d930ec40c9
                                                            • Instruction ID: 7047f21e893311b8745ceac9af83d3ef6139b8865fe57a129668b86fd957b75c
                                                            • Opcode Fuzzy Hash: a02cb300760769d9605d234f1e33b633c4009a3759f92115601dd5d930ec40c9
                                                            • Instruction Fuzzy Hash: A9415B72D0022DFFCF11AF949D81A9EFAB9EF54750F11466AFA40761E0D7314E409A90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00903843 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00903843(WCHAR* _a4, WCHAR* _a8, int _a12) {
				signed short _t13;
				signed int _t14;
				signed int _t15;
				void* _t18;
				signed short _t19;
				int _t22;
				signed short _t23;
				signed short _t24;
				signed int _t25;
				WCHAR* _t26;
				void* _t27;
				WCHAR* _t28;
				signed short _t29;

				_t22 = _a12;
				_t26 = _a8;
				_t29 = 0;
				if(CopyFileW(_a4, _t26, 0 | _t22 == 0x00000000) != 0) {
					L22:
					return _t29;
				}
				_t13 = GetLastError();
				if(_t22 != 0 || _t13 != 0x50 && _t13 != 0xb7) {
					__eflags = _t13 - 3;
					if(_t13 != 3) {
						__eflags = _t13;
						if(_t13 > 0) {
							_t29 = _t13 & 0x0000ffff | 0x80070000;
							__eflags = _t29;
						} else {
							_t29 = _t13;
						}
						goto L22;
					}
					_t14 =  *_t26 & 0x0000ffff;
					_t23 = _t29;
					_t24 = _t26;
					__eflags = _t14;
					if(_t14 == 0) {
						L18:
						_t29 = 0x80070003;
					} else {
						_t25 = _t14;
						_t27 = 0x5c;
						do {
							__eflags = _t25 - _t27;
							if(_t25 == _t27) {
								_t23 = _t24;
							}
							_t24 = _t24 + 2;
							_t15 =  *_t24 & 0x0000ffff;
							_t25 = _t15;
							__eflags = _t15;
						} while (_t15 != 0);
						_t28 = _a8;
						__eflags = _t23;
						if(_t23 == 0) {
							goto L18;
						}
						 *_t23 = 0;
						_t29 = E008C415F(_t28, _t29);
						_t18 = 0x5c;
						 *_t23 = _t18;
						__eflags = _t29;
						if(_t29 >= 0) {
							_t19 = CopyFileW(_a4, _t28, _a12);
							__eflags = _t19;
							if(_t19 == 0) {
								_t29 = GetLastError();
								__eflags = _t29;
								if(__eflags > 0) {
									_t29 = _t29 & 0x0000ffff | 0x80070000;
									__eflags = _t29;
								}
								if(__eflags < 0) {
									E008C38BA(_t20, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x454, _t29);
								}
							}
						}
					}
				} else {
					_t29 = 1;
				}
			}
















                                                            0x00903847
                                                            0x0090384e
                                                            0x00903851
                                                            0x00903865
                                                            0x0090392b
                                                            0x00903930
                                                            0x00903930
                                                            0x0090386b
                                                            0x00903873
                                                            0x00903889
                                                            0x0090388c
                                                            0x00903919
                                                            0x0090391b
                                                            0x00903924
                                                            0x00903924
                                                            0x0090391d
                                                            0x0090391d
                                                            0x0090391d
                                                            0x00000000
                                                            0x0090391b
                                                            0x00903892
                                                            0x00903895
                                                            0x00903897
                                                            0x00903899
                                                            0x0090389c
                                                            0x00903912
                                                            0x00903912
                                                            0x0090389e
                                                            0x009038a0
                                                            0x009038a2
                                                            0x009038a3
                                                            0x009038a3
                                                            0x009038a6
                                                            0x009038a8
                                                            0x009038a8
                                                            0x009038aa
                                                            0x009038ad
                                                            0x009038b0
                                                            0x009038b2
                                                            0x009038b2
                                                            0x009038b7
                                                            0x009038ba
                                                            0x009038bc
                                                            0x00000000
                                                            0x00000000
                                                            0x009038c2
                                                            0x009038ca
                                                            0x009038ce
                                                            0x009038cf
                                                            0x009038d2
                                                            0x009038d4
                                                            0x009038dd
                                                            0x009038e3
                                                            0x009038e5
                                                            0x009038ed
                                                            0x009038ef
                                                            0x009038f1
                                                            0x009038f6
                                                            0x009038fc
                                                            0x009038fc
                                                            0x009038fe
                                                            0x0090390b
                                                            0x0090390b
                                                            0x009038fe
                                                            0x009038e5
                                                            0x009038d4
                                                            0x00903881
                                                            0x00903883
                                                            0x00903883

                                                            APIs
                                                            • CopyFileW.KERNEL32(00000000,008C4DFD,00000000,?,?,00000000,?,0090395E,00000000,008C4DFD,00000000,00000000,?,008D84D1,?,?), ref: 0090385D
                                                            • GetLastError.KERNEL32(?,0090395E,00000000,008C4DFD,00000000,00000000,?,008D84D1,?,?,00000001,00000003,000007D0,?,?,?), ref: 0090386B
                                                            • CopyFileW.KERNEL32(00000000,008C4DFD,00000000,008C4DFD,00000000,?,0090395E,00000000,008C4DFD,00000000,00000000,?,008D84D1,?,?,00000001), ref: 009038DD
                                                            • GetLastError.KERNEL32(?,0090395E,00000000,008C4DFD,00000000,00000000,?,008D84D1,?,?,00000001,00000003,000007D0,?,?,?), ref: 009038E7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CopyErrorFileLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 374144340-1324176156
                                                            • Opcode ID: d5b66628b4e2de3b5ede2ab70f82602d83ccaaf558ed11b479078b2dab34cbbe
                                                            • Instruction ID: e23bd368ed39827a4dac2741afc35de033b42749a7d9af9e37e0e33757f71bde
                                                            • Opcode Fuzzy Hash: d5b66628b4e2de3b5ede2ab70f82602d83ccaaf558ed11b479078b2dab34cbbe
                                                            • Instruction Fuzzy Hash: BF212B37B10732DFDB241B968C40B37669CEF50760B14C125FD18EB190EAA4CE0152D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C7337 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 91COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 42%
                                                            			E008C7337(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, signed short _a12) {
				signed int _v8;
				signed int _v12;
				void* _t29;
				char* _t38;
				signed int _t46;
				void* _t49;

				_t41 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t29 = E008C5DA8(_t41, _a4, _a8,  &_v12);
				_t46 = _v12;
				_t49 = _t29;
				if(_t49 < 0 ||  *((intOrPtr*)(_t46 + 0x18)) != 0) {
					if(_t49 == 0x80070490) {
						goto L18;
					}
					if(_t49 >= 0) {
						if( *((intOrPtr*)(_t46 + 0x18)) != 2 ||  *((intOrPtr*)(_t46 + 0x2c)) != 0 ||  *((intOrPtr*)(_t46 + 0x24)) != 0) {
							_t24 = _t46 + 8; // 0x8
							_t49 = E008E0132(_t24, _a12);
							if(_t49 >= 0) {
								goto L18;
							}
							_push(_a8);
							_push("Failed to get value as string for variable: %ls");
							L17:
							_push(_t49);
							E008FFB09();
						} else {
							_t16 = _t46 + 8; // 0x8
							_t49 = E008E0132(_t16,  &_v8);
							if(_t49 >= 0) {
								_t49 = E008C57A7(_a4, _v8, _a12, 0, 0);
								if(_t49 < 0) {
									_t38 = L"*****";
									if( *((intOrPtr*)(_t46 + 0x20)) == 0) {
										_t38 =  *(_t46 + 8);
									}
									_push(_a8);
									E008FFB09(_t49, "Failed to format value \'%ls\' of variable: %ls", _t38);
								}
							} else {
								_push("Failed to get unformatted string.");
								_push(_t49);
								E008FFB09();
							}
						}
						goto L18;
					}
					_push(_a8);
					_push("Failed to get variable: %ls");
					goto L17;
				} else {
					_t49 = 0x80070490;
					L18:
					LeaveCriticalSection(_a4);
					E008C287D(_v8);
					return _t49;
				}
			}









                                                            0x008c7337
                                                            0x008c733a
                                                            0x008c733b
                                                            0x008c733c
                                                            0x008c7340
                                                            0x008c7349
                                                            0x008c7359
                                                            0x008c735e
                                                            0x008c7361
                                                            0x008c7365
                                                            0x008c737d
                                                            0x00000000
                                                            0x00000000
                                                            0x008c7385
                                                            0x008c7398
                                                            0x008c7405
                                                            0x008c740e
                                                            0x008c7412
                                                            0x00000000
                                                            0x00000000
                                                            0x008c7414
                                                            0x008c7417
                                                            0x008c741c
                                                            0x008c741c
                                                            0x008c741d
                                                            0x008c73a6
                                                            0x008c73a9
                                                            0x008c73b3
                                                            0x008c73b7
                                                            0x008c73da
                                                            0x008c73de
                                                            0x008c73e4
                                                            0x008c73e9
                                                            0x008c73eb
                                                            0x008c73eb
                                                            0x008c73ee
                                                            0x008c73f8
                                                            0x008c73fd
                                                            0x008c73b9
                                                            0x008c73b9
                                                            0x008c73be
                                                            0x008c73bf
                                                            0x008c73c5
                                                            0x008c73b7
                                                            0x00000000
                                                            0x008c7398
                                                            0x008c7387
                                                            0x008c738a
                                                            0x00000000
                                                            0x008c736d
                                                            0x008c736d
                                                            0x008c7425
                                                            0x008c7428
                                                            0x008c7431
                                                            0x008c743b
                                                            0x008c743b

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,008C5966,00000100,00000100,00000000,?,00000001,00000000,00000100), ref: 008C7349
                                                            • LeaveCriticalSection.KERNEL32(00000000,00000000,00000100,00000000,?,?,?,008C5966,00000100,00000100,00000000,?,00000001,00000000,00000100), ref: 008C7428
                                                            Strings
                                                            • Failed to format value '%ls' of variable: %ls, xrefs: 008C73F2
                                                            • Failed to get variable: %ls, xrefs: 008C738A
                                                            • Failed to get unformatted string., xrefs: 008C73B9
                                                            • Failed to get value as string for variable: %ls, xrefs: 008C7417
                                                            • *****, xrefs: 008C73E4, 008C73F1
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                            • API String ID: 3168844106-2873099529
                                                            • Opcode ID: 7b80d1df3d791e2301aa13f9e09ad1a7c80143928c45a4ce4909b55634de1dc3
                                                            • Instruction ID: ffedbf071faa9c0b7ba517fa2e7df4f46152941bbfc22a929bff1fe48e690b64
                                                            • Opcode Fuzzy Hash: 7b80d1df3d791e2301aa13f9e09ad1a7c80143928c45a4ce4909b55634de1dc3
                                                            • Instruction Fuzzy Hash: 3D316D3290461ABBCF226E64CC05F9ABA74FF14328F104169F900E6290D375EAA1DFC5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00908039 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 76timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 39%
                                                            			E00908039(void* __ebx, signed int __edx, intOrPtr _a4, struct _SYSTEMTIME* _a8, intOrPtr _a12) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				struct _TIME_ZONE_INFORMATION _v196;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t39;
				void* _t59;
				signed int _t60;
				intOrPtr _t65;
				struct _SYSTEMTIME* _t66;
				signed int _t67;

				_t63 = __edx;
				_t59 = __ebx;
				_t30 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t30 ^ _t67;
				_t66 = _a8;
				_t65 = _a4;
				if(_a12 == 0) {
					GetTimeZoneInformation( &_v196);
					SystemTimeToTzSpecificLocalTime( &_v196, _t66,  &_v24);
					asm("cdq");
					_t39 = (_v196.Bias ^ _t63) - _t63;
					_t60 = 0x3c;
					_t63 = _t39 % _t60;
					_push(_t39 % _t60);
					_push(_t39 / _t60);
					_push(0x2b + (0 | _v196.Bias > 0x00000000) * 2);
					_push(_v24.wSecond & 0x0000ffff);
					_push(_v24.wMinute & 0x0000ffff);
					_push(_v24.wHour & 0x0000ffff);
					_push(_v24.wDay & 0x0000ffff);
					_push(_v24.wMonth & 0x0000ffff);
					E008C2022(_t65, L"%04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u", _v24.wYear & 0x0000ffff);
				} else {
					_push(_t66->wSecond & 0x0000ffff);
					_push(_t66->wMinute & 0x0000ffff);
					_push(_t66->wHour & 0x0000ffff);
					_push(_t66->wDay & 0x0000ffff);
					_push(_t66->wMonth & 0x0000ffff);
					E008C2022(_t65, L"%04hu-%02hu-%02huT%02hu:%02hu:%02huZ", _t66->wYear & 0x0000ffff);
				}
				return E008EDD1F(_t59, _v8 ^ _t67, _t63, _t65, _t66);
			}















                                                            0x00908039
                                                            0x00908039
                                                            0x00908042
                                                            0x00908049
                                                            0x00908051
                                                            0x00908055
                                                            0x00908058
                                                            0x0090808e
                                                            0x009080a0
                                                            0x009080ac
                                                            0x009080af
                                                            0x009080b5
                                                            0x009080b6
                                                            0x009080b8
                                                            0x009080b9
                                                            0x009080cc
                                                            0x009080d1
                                                            0x009080d6
                                                            0x009080db
                                                            0x009080e0
                                                            0x009080e5
                                                            0x009080f1
                                                            0x0090805a
                                                            0x0090805e
                                                            0x00908063
                                                            0x00908068
                                                            0x0090806d
                                                            0x00908072
                                                            0x0090807d
                                                            0x00908082
                                                            0x00908106

                                                            APIs
                                                            • GetTimeZoneInformation.KERNEL32(?,00000001,00000000), ref: 0090808E
                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 009080A0
                                                            Strings
                                                            • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 00908077
                                                            • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 009080EB
                                                            • feclient.dll, xrefs: 00908068
                                                            • crypt32.dll, xrefs: 0090805E
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Time$InformationLocalSpecificSystemZone
                                                            • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ$crypt32.dll$feclient.dll
                                                            • API String ID: 1772835396-1985132828
                                                            • Opcode ID: cd6e0fadaa62bfc6c014f67d904d87a659a6cf2393a44b236fcb48741f220a96
                                                            • Instruction ID: 6638ecff886721bf2578a4cd717e11eb2577358b595887980535487ccd4b2c56
                                                            • Opcode Fuzzy Hash: cd6e0fadaa62bfc6c014f67d904d87a659a6cf2393a44b236fcb48741f220a96
                                                            • Instruction Fuzzy Hash: CA21DAA6901128AED720DB999C05FBBB3FCEB48711F104456B955D2180E63CAA85D771
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D6A0F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 52%
                                                            			E008D6A0F(WCHAR* _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				struct _SECURITY_ATTRIBUTES _v16;
				void** _t18;
				void* _t21;
				void* _t22;

				_t18 = _a8;
				_t22 = 0;
				_v16.bInheritHandle = 1;
				 *_t18 =  *_t18 | 0xffffffff;
				_v16.nLength = 0;
				_v16.lpSecurityDescriptor = 0;
				_t21 = CreateFileW(_a4, 0x80000000, 5,  &_v16, 3, 0x80, 0);
				if(_t21 == 0xffffffff) {
					L10:
					return _t22;
				}
				_push(_t21);
				_push(L"burn.filehandle.self");
				_t22 = E008C2064(_a12, L"%ls -%ls=%u",  *_a12);
				if(_t22 >= 0) {
					_t14 = _a16;
					if(_a16 == 0) {
						L7:
						 *_t18 = _t21;
						_t21 = _t21 | 0xffffffff;
						L8:
						if(_t21 != 0xffffffff) {
							CloseHandle(_t21);
						}
						goto L10;
					}
					_push(_t21);
					_push(L"burn.filehandle.self");
					_t22 = E008C2022(_t14, L"%ls -%ls=%u",  *_t14);
					if(_t22 >= 0) {
						goto L7;
					}
					_push("Failed to append the file handle to the obfuscated command line.");
					L3:
					_push(_t22);
					E008FFB09();
					goto L8;
				}
				_push("Failed to append the file handle to the command line.");
				goto L3;
			}







                                                            0x008d6a16
                                                            0x008d6a1e
                                                            0x008d6a20
                                                            0x008d6a27
                                                            0x008d6a3d
                                                            0x008d6a40
                                                            0x008d6a49
                                                            0x008d6a4e
                                                            0x008d6aba
                                                            0x008d6abf
                                                            0x008d6abf
                                                            0x008d6a53
                                                            0x008d6a54
                                                            0x008d6a66
                                                            0x008d6a6d
                                                            0x008d6a7e
                                                            0x008d6a83
                                                            0x008d6aa8
                                                            0x008d6aa8
                                                            0x008d6aaa
                                                            0x008d6aad
                                                            0x008d6ab0
                                                            0x008d6ab3
                                                            0x008d6ab3
                                                            0x00000000
                                                            0x008d6ab0
                                                            0x008d6a85
                                                            0x008d6a86
                                                            0x008d6a98
                                                            0x008d6a9f
                                                            0x00000000
                                                            0x00000000
                                                            0x008d6aa1
                                                            0x008d6a74
                                                            0x008d6a74
                                                            0x008d6a75
                                                            0x00000000
                                                            0x008d6a7b
                                                            0x008d6a6f
                                                            0x00000000

                                                            APIs
                                                            • CreateFileW.KERNEL32(?,80000000,00000005,?,00000003,00000080,00000000,?,00000000,?,?,?), ref: 008D6A43
                                                            • CloseHandle.KERNEL32(00000000), ref: 008D6AB3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateFileHandle
                                                            • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self
                                                            • API String ID: 3498533004-3263533295
                                                            • Opcode ID: 0c2f5e62b622dbc474fad3d5fb05e65b34e0185e2c261a6a9a2dc69d0746145d
                                                            • Instruction ID: e859696873b40e765d7c3a7017e0621e13bcd4aea3f9475cdf57f93f4b9f2bee
                                                            • Opcode Fuzzy Hash: 0c2f5e62b622dbc474fad3d5fb05e65b34e0185e2c261a6a9a2dc69d0746145d
                                                            • Instruction Fuzzy Hash: F5119631741229AFCB219AA99C05F9A3B68FB45B74F114316F960F62D1E27085118691
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D49FF Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 67fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 66%
                                                            			E008D49FF(void* __ecx, void* __eflags, void* _a4, intOrPtr _a8, intOrPtr _a12, long _a16) {
				signed short _v8;
				long _v12;
				signed short _t26;
				long _t34;
				signed short _t37;

				_t34 = 0;
				_v12 = 0;
				_v8 = 0;
				_t37 = E008D45CE(__eflags, _a8, _a12, _a16,  &_v12,  &_v8);
				if(_t37 >= 0) {
					_a16 = 0;
					__eflags = _v8;
					if(_v8 > 0) {
						while(1) {
							_t26 = WriteFile(_a4, _v12, _v8 - _t34,  &_a16, 0);
							__eflags = _t26;
							if(_t26 == 0) {
								break;
							}
							_t34 = _t34 + _a16;
							__eflags = _t34 - _v8;
							if(_t34 < _v8) {
								continue;
							} else {
							}
							goto L12;
						}
						_t37 = GetLastError();
						__eflags = _t37;
						if(__eflags > 0) {
							_t37 = _t37 & 0x0000ffff | 0x80070000;
							__eflags = _t37;
						}
						if(__eflags >= 0) {
							_t37 = 0x80004005;
						}
						E008C38BA(_t27, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x2f0, _t37);
						_push("Failed to write message type to pipe.");
						goto L11;
					}
				} else {
					_push("Failed to allocate message to write.");
					L11:
					_push(_t37);
					E008FFB09();
				}
				L12:
				if(_v12 != 0) {
					E008C3AA4(_v12);
				}
				return _t37;
			}








                                                            0x008d4a09
                                                            0x008d4a0f
                                                            0x008d4a16
                                                            0x008d4a24
                                                            0x008d4a28
                                                            0x008d4a31
                                                            0x008d4a34
                                                            0x008d4a37
                                                            0x008d4a39
                                                            0x008d4a4b
                                                            0x008d4a51
                                                            0x008d4a53
                                                            0x00000000
                                                            0x00000000
                                                            0x008d4a55
                                                            0x008d4a58
                                                            0x008d4a5b
                                                            0x00000000
                                                            0x00000000
                                                            0x008d4a5d
                                                            0x00000000
                                                            0x008d4a5b
                                                            0x008d4a65
                                                            0x008d4a67
                                                            0x008d4a69
                                                            0x008d4a6e
                                                            0x008d4a74
                                                            0x008d4a74
                                                            0x008d4a76
                                                            0x008d4a78
                                                            0x008d4a78
                                                            0x008d4a88
                                                            0x008d4a8d
                                                            0x00000000
                                                            0x008d4a8d
                                                            0x008d4a2a
                                                            0x008d4a2a
                                                            0x008d4a92
                                                            0x008d4a92
                                                            0x008d4a93
                                                            0x008d4a99
                                                            0x008d4a9a
                                                            0x008d4a9e
                                                            0x008d4aa3
                                                            0x008d4aa3
                                                            0x008d4aad

                                                            APIs
                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,0090A500,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,008D5322), ref: 008D4A4B
                                                            Strings
                                                            • Failed to write message type to pipe., xrefs: 008D4A8D
                                                            • c:\agent\_work\66\s\src\burn\engine\pipe.cpp, xrefs: 008D4A83
                                                            • @Mqt, xrefs: 008D4A5F
                                                            • Failed to allocate message to write., xrefs: 008D4A2A
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FileWrite
                                                            • String ID: @Mqt$Failed to allocate message to write.$Failed to write message type to pipe.$c:\agent\_work\66\s\src\burn\engine\pipe.cpp
                                                            • API String ID: 3934441357-223207841
                                                            • Opcode ID: d1182979256173b39da078a5644b60ce8a2f0894510852edb7c13be56ea4dd75
                                                            • Instruction ID: 4982f78348c79638589598211b188bbca9d3ec7503a9940c67e7316a9a90af99
                                                            • Opcode Fuzzy Hash: d1182979256173b39da078a5644b60ce8a2f0894510852edb7c13be56ea4dd75
                                                            • Instruction Fuzzy Hash: 29116D72A8022EBFCB21DF95DD05ADE7BB9FF40750F114266B900F6250E6309E50D6A5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D80F6 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,008D8CEE,0000001A,?,?,00000000,00000000), ref: 008D813F
                                                            • GetLastError.KERNEL32(?,?,008D8CEE,0000001A,?,?,00000000,00000000,?,?,?), ref: 008D8149
                                                            Strings
                                                            • @Mqt, xrefs: 008D8149
                                                            • c:\agent\_work\66\s\src\burn\engine\cache.cpp, xrefs: 008D811D, 008D816D
                                                            • Failed to allocate memory for well known SID., xrefs: 008D8127
                                                            • Failed to create well known SID., xrefs: 008D8177
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocateCreateErrorKnownLastProcessWell
                                                            • String ID: @Mqt$Failed to allocate memory for well known SID.$Failed to create well known SID.$c:\agent\_work\66\s\src\burn\engine\cache.cpp
                                                            • API String ID: 2186923214-833758031
                                                            • Opcode ID: 2b0e89f3acb9fc20150a99434be6cd2d4516e8335f4df511e02f8b0009c94c40
                                                            • Instruction ID: d01e20e7728efc546c4171ddc6177a2e223e3eb15faced8d664f2345c90d1ed8
                                                            • Opcode Fuzzy Hash: 2b0e89f3acb9fc20150a99434be6cd2d4516e8335f4df511e02f8b0009c94c40
                                                            • Instruction Fuzzy Hash: 2C010C37641729BAD6216A548C07F9B6B7CEF81B74F11421ABE00FB381ED74CD4681E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F89AF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008F89AF(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E008F8973(_t45, 7);
					E008F8973(_t45 + 0x1c, 7);
					E008F8973(_t45 + 0x38, 0xc);
					E008F8973(_t45 + 0x68, 0xc);
					E008F8973(_t45 + 0x98, 2);
					E008F5CE8( *((intOrPtr*)(_t45 + 0xa0)));
					E008F5CE8( *((intOrPtr*)(_t45 + 0xa4)));
					E008F5CE8( *((intOrPtr*)(_t45 + 0xa8)));
					E008F8973(_t45 + 0xb4, 7);
					E008F8973(_t45 + 0xd0, 7);
					E008F8973(_t45 + 0xec, 0xc);
					E008F8973(_t45 + 0x11c, 0xc);
					E008F8973(_t45 + 0x14c, 2);
					E008F5CE8( *((intOrPtr*)(_t45 + 0x154)));
					E008F5CE8( *((intOrPtr*)(_t45 + 0x158)));
					E008F5CE8( *((intOrPtr*)(_t45 + 0x15c)));
					return E008F5CE8( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                            0x008f89b5
                                                            0x008f89ba
                                                            0x008f89c3
                                                            0x008f89ce
                                                            0x008f89d9
                                                            0x008f89e4
                                                            0x008f89f2
                                                            0x008f89fd
                                                            0x008f8a08
                                                            0x008f8a13
                                                            0x008f8a21
                                                            0x008f8a2f
                                                            0x008f8a40
                                                            0x008f8a4e
                                                            0x008f8a5c
                                                            0x008f8a67
                                                            0x008f8a72
                                                            0x008f8a7d
                                                            0x00000000
                                                            0x008f8a8d
                                                            0x008f8a92

                                                            APIs
                                                              • Part of subcall function 008F8973: _free.LIBCMT ref: 008F899C
                                                            • _free.LIBCMT ref: 008F89FD
                                                              • Part of subcall function 008F5CE8: HeapFree.KERNEL32(00000000,00000000,?,008F89A1,?,00000000,?,00000000,?,008F89C8,?,00000007,?,?,008F8E2A,?), ref: 008F5CFE
                                                              • Part of subcall function 008F5CE8: GetLastError.KERNEL32(?,?,008F89A1,?,00000000,?,00000000,?,008F89C8,?,00000007,?,?,008F8E2A,?,?), ref: 008F5D10
                                                            • _free.LIBCMT ref: 008F8A08
                                                            • _free.LIBCMT ref: 008F8A13
                                                            • _free.LIBCMT ref: 008F8A67
                                                            • _free.LIBCMT ref: 008F8A72
                                                            • _free.LIBCMT ref: 008F8A7D
                                                            • _free.LIBCMT ref: 008F8A88
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 48635352fcdb93915df3ba2fc5eddb2e5b53a02fac6a758a8558f49e26154fd7
                                                            • Instruction ID: e1f97a4e4969ce2a4ac8c6a466f86a031ca73c0c79f87022d000fb8968a1f5e9
                                                            • Opcode Fuzzy Hash: 48635352fcdb93915df3ba2fc5eddb2e5b53a02fac6a758a8558f49e26154fd7
                                                            • Instruction Fuzzy Hash: 7E11FE71640B08E7D620BBB4CC06FEF7B9CFF04700F80481AB39AE6052DAA5A6059657
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D45CE Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 63%
                                                            			E008D45CE(void* __eflags, char _a4, signed int _a8, signed int _a12, intOrPtr* _a16, intOrPtr* _a20) {
				signed int _t18;
				intOrPtr _t32;
				intOrPtr _t37;
				void* _t38;

				_t38 = 0;
				asm("sbb eax, eax");
				_t18 =  ~_a8 & _a12;
				_a12 = _t18;
				_t4 = _t18 + 8; // 0x90a508
				_t37 = _t4;
				_t32 = E008C39DF(_t37, 0);
				if(_t32 != 0) {
					E008C3C78(_t32, _t37,  &_a4, 4);
					_t7 = _t37 - 4; // 0x90a504
					_t8 = _t32 + 4; // 0x4
					E008C3C78(_t8, _t7,  &_a12, 4);
					if(_a12 != 0) {
						_t11 = _t37 - 8; // 0x90a500
						_t13 = _t32 + 8; // 0x8
						E008C3C78(_t13, _t11, _a8, _a12);
					}
					 *_a20 = _t37;
					 *_a16 = _t32;
				} else {
					_t38 = 0x8007000e;
					E008C38BA(_t19, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\pipe.cpp", 0x2be, 0x8007000e);
					_push("Failed to allocate memory for message.");
					_push(0x8007000e);
					E008FFB09();
				}
				return _t38;
			}







                                                            0x008d45d6
                                                            0x008d45db
                                                            0x008d45dd
                                                            0x008d45e1
                                                            0x008d45e4
                                                            0x008d45e4
                                                            0x008d45ed
                                                            0x008d45f1
                                                            0x008d461f
                                                            0x008d462a
                                                            0x008d462e
                                                            0x008d4632
                                                            0x008d463d
                                                            0x008d4642
                                                            0x008d4649
                                                            0x008d464d
                                                            0x008d4652
                                                            0x008d4658
                                                            0x008d465d
                                                            0x008d45f3
                                                            0x008d45f3
                                                            0x008d4603
                                                            0x008d4608
                                                            0x008d460d
                                                            0x008d460e
                                                            0x008d4614
                                                            0x008d4665

                                                            APIs
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • _memcpy_s.LIBCMT ref: 008D461F
                                                            • _memcpy_s.LIBCMT ref: 008D4632
                                                            • _memcpy_s.LIBCMT ref: 008D464D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _memcpy_s$Heap$AllocateProcess
                                                            • String ID: Failed to allocate memory for message.$c:\agent\_work\66\s\src\burn\engine\pipe.cpp$crypt32.dll
                                                            • API String ID: 886498622-1118502555
                                                            • Opcode ID: 64520f48a43cb4a521a09e9bd2c374196c7bece4aaae75ab0d8f16da735baf5f
                                                            • Instruction ID: 3ddae95a45a5ba78b2acbf1322388268cdd8c449514a138887767b6430f2dad1
                                                            • Opcode Fuzzy Hash: 64520f48a43cb4a521a09e9bd2c374196c7bece4aaae75ab0d8f16da735baf5f
                                                            • Instruction Fuzzy Hash: 8E118FB260020EBBDB019EA4DC82DEB77ACFF15714B00852ABA11DB241E675DA5587E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 009034C7 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E009034C7(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				struct _SHELLEXECUTEINFOW _v64;
				void* _t35;
				intOrPtr* _t41;
				signed short _t42;
				signed short _t46;

				_v64.hwnd = _a24;
				_v64.lpVerb = _a12;
				_v64.lpFile = _a4;
				_v64.lpParameters = _a8;
				_v64.lpDirectory = _a16;
				_t42 = 0;
				_v64.nShow = _a20;
				_v64.hInstApp = 0;
				_v64.lpIDList = 0;
				_v64.lpClass = 0;
				_v64.hkeyClass = 0;
				_v64.dwHotKey = 0;
				_v64.hIcon = 0;
				_v64.hProcess = 0;
				_v64.cbSize = 0x3c;
				_v64.fMask = 0x540;
				if(ShellExecuteExW( &_v64) != 0) {
					_t41 = _a28;
					if(_t41 == 0) {
						goto L6;
					} else {
						 *_t41 = _v64.hProcess;
						_t35 = 0;
						_v64.hProcess = 0;
					}
				} else {
					_t42 = GetLastError();
					if(_t42 > 0) {
						_t42 = _t42 & 0x0000ffff | 0x80070000;
						_t46 = _t42;
					}
					if(_t46 >= 0) {
						_t42 = 0x80004005;
					}
					E008C38BA(_t39, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\shelutil.cpp", 0x3a, _t42);
					L6:
					_t35 = _v64.hProcess;
				}
				if(_t35 != 0) {
					CloseHandle(_t35);
				}
				return _t42;
			}








                                                            0x009034d0
                                                            0x009034d6
                                                            0x009034dc
                                                            0x009034e2
                                                            0x009034e8
                                                            0x009034ef
                                                            0x009034f1
                                                            0x009034f7
                                                            0x009034fb
                                                            0x009034fe
                                                            0x00903501
                                                            0x00903504
                                                            0x00903507
                                                            0x0090350a
                                                            0x0090350d
                                                            0x00903514
                                                            0x00903523
                                                            0x00903565
                                                            0x0090356a
                                                            0x00000000
                                                            0x0090356c
                                                            0x0090356f
                                                            0x00903571
                                                            0x00903573
                                                            0x00903573
                                                            0x00903525
                                                            0x0090352b
                                                            0x0090352f
                                                            0x00903534
                                                            0x0090353a
                                                            0x0090353a
                                                            0x0090353c
                                                            0x0090353e
                                                            0x0090353e
                                                            0x0090354b
                                                            0x00903550
                                                            0x00903550
                                                            0x00903550
                                                            0x00903555
                                                            0x00903558
                                                            0x00903558
                                                            0x00903562

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseErrorExecuteHandleLastShell
                                                            • String ID: <$@Mqt$c:\agent\_work\66\s\src\libs\dutil\shelutil.cpp
                                                            • API String ID: 3023784893-1817072648
                                                            • Opcode ID: 884e46b6ed555607ec4c62400d1d97005afbcdb4441c484e1a484589b5a34850
                                                            • Instruction ID: 4f8ef739088061cd6e31bdf2eeb0f5b4843d526532aa9723b2e16e30cbf12677
                                                            • Opcode Fuzzy Hash: 884e46b6ed555607ec4c62400d1d97005afbcdb4441c484e1a484589b5a34850
                                                            • Instruction Fuzzy Hash: C921A5B5E11229AFCB10CF99D944ADEBBF8BF08754F10811AF919E7350E3749A019B90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00903984 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E00903984(void* __ecx, void* __eflags, WCHAR* _a4) {
				signed char _v8;
				signed short _t13;
				signed short _t22;
				signed short _t31;

				_v8 = _v8 | 0xffffffff;
				_t22 = 0;
				if(E00903C72(_a4,  &_v8) != 0) {
					if((_v8 & 0x00000007) == 0 || SetFileAttributesW(_a4, 0x80) != 0) {
						L7:
						_t13 = DeleteFileW(_a4);
						__eflags = _t13;
						if(_t13 == 0) {
							_t22 = GetLastError();
							__eflags = _t22;
							if(__eflags > 0) {
								_t22 = _t22 & 0x0000ffff | 0x80070000;
								__eflags = _t22;
							}
							if(__eflags < 0) {
								_push(_t22);
								_push(0x5ca);
								goto L12;
							}
						}
					} else {
						_t22 = GetLastError();
						if(_t22 > 0) {
							_t22 = _t22 & 0x0000ffff | 0x80070000;
							_t31 = _t22;
						}
						if(_t31 >= 0) {
							goto L7;
						} else {
							_push(_t22);
							_push(0x5c4);
							L12:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp");
							E008C38BA(_t14);
						}
					}
				}
				return _t22;
			}







                                                            0x00903988
                                                            0x00903994
                                                            0x0090399d
                                                            0x009039a9
                                                            0x009039da
                                                            0x009039dd
                                                            0x009039e3
                                                            0x009039e5
                                                            0x009039ed
                                                            0x009039ef
                                                            0x009039f1
                                                            0x009039f6
                                                            0x009039f8
                                                            0x009039f8
                                                            0x009039fa
                                                            0x009039fc
                                                            0x009039fd
                                                            0x00000000
                                                            0x009039fd
                                                            0x009039fa
                                                            0x009039bd
                                                            0x009039c3
                                                            0x009039c7
                                                            0x009039cc
                                                            0x009039ce
                                                            0x009039ce
                                                            0x009039d0
                                                            0x00000000
                                                            0x009039d2
                                                            0x009039d2
                                                            0x009039d3
                                                            0x00903a02
                                                            0x00903a02
                                                            0x00903a07
                                                            0x00903a07
                                                            0x009039d0
                                                            0x00903a0c
                                                            0x00903a11

                                                            APIs
                                                              • Part of subcall function 00903C72: FindFirstFileW.KERNEL32(008E8F6B,?,00000100,00000000,00000000), ref: 00903CAD
                                                              • Part of subcall function 00903C72: FindClose.KERNEL32(00000000), ref: 00903CB9
                                                            • SetFileAttributesW.KERNEL32(008E8F6B,00000080,00000000,008E8F6B,000000FF,00000000,?,?,008E8F6B), ref: 009039B3
                                                            • GetLastError.KERNEL32(?,?,008E8F6B), ref: 009039BD
                                                            • DeleteFileW.KERNEL32(008E8F6B,00000000,008E8F6B,000000FF,00000000,?,?,008E8F6B), ref: 009039DD
                                                            • GetLastError.KERNEL32(?,?,008E8F6B), ref: 009039E7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 3967264933-1324176156
                                                            • Opcode ID: 26c29870a5aa73085e907e1a17f41d96cad098bb783e536f82b3be455736d001
                                                            • Instruction ID: 9dbe81e726a5946c92b86530630730d64f466c79892922d4b089c5eed76cb0a8
                                                            • Opcode Fuzzy Hash: 26c29870a5aa73085e907e1a17f41d96cad098bb783e536f82b3be455736d001
                                                            • Instruction Fuzzy Hash: 4701DE32B0173ABFD7214B698D06B5B7EACAF007A1F018210FC99FA2D0D264CE0095D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F59AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 82%
                                                            			E008F59AD(void* __ecx) {
				void* __ebx;
				void* __edi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x92a060; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E008F71F5(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E008F82DC(_t10, _t13, _t16, __eflags,  *0x92a060, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E008F579B(_t13, _t16, 0x92b0fc);
							E008F5CE8(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E008F5CE8();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E008F8286(0, _t11, _t15, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}













                                                            0x008f59ad
                                                            0x008f59b8
                                                            0x008f59ba
                                                            0x008f59bc
                                                            0x008f59c1
                                                            0x008f59c4
                                                            0x008f59d2
                                                            0x008f59de
                                                            0x008f59e1
                                                            0x008f59e4
                                                            0x008f59f6
                                                            0x008f59fb
                                                            0x008f59fd
                                                            0x008f5a08
                                                            0x008f5a0e
                                                            0x008f5a16
                                                            0x008f5a18
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f59ff
                                                            0x008f59ff
                                                            0x00000000
                                                            0x008f59ff
                                                            0x008f59e6
                                                            0x008f59e6
                                                            0x008f59e7
                                                            0x008f59e7
                                                            0x008f5a1a
                                                            0x008f5a1b
                                                            0x008f5a1b
                                                            0x008f59c6
                                                            0x008f59cc
                                                            0x008f59d0
                                                            0x008f5a23
                                                            0x008f5a24
                                                            0x008f5a2a
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f59d0
                                                            0x008f5a31

                                                            APIs
                                                            • GetLastError.KERNEL32(?,00000100,00000000,008F372D,008C3CE2,775FA770,00000000,?), ref: 008F59B2
                                                            • _free.LIBCMT ref: 008F59E7
                                                            • _free.LIBCMT ref: 008F5A0E
                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 008F5A1B
                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 008F5A24
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free
                                                            • String ID: @Mqt
                                                            • API String ID: 3170660625-2740872224
                                                            • Opcode ID: a106acf4fc98fd774b122d96ef0393b0b29b9b8a79b1e76a959b4543236468d6
                                                            • Instruction ID: e64e1d512738b5f72f5d81f19dcedadf14725bbbb19a7350defaa30ece1ec4d4
                                                            • Opcode Fuzzy Hash: a106acf4fc98fd774b122d96ef0393b0b29b9b8a79b1e76a959b4543236468d6
                                                            • Instruction Fuzzy Hash: 5201F433268F1DABC712673CAC86D7B2A69FBC27747210225F715E2192EF708D1151B2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 009002EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53synchronizationCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 81%
                                                            			E009002EC(void* _a4, long _a8, long* _a12) {
				long _t8;
				signed short _t10;
				signed short _t16;
				signed short _t21;

				_t16 = 0;
				_t8 = WaitForSingleObject(_a4, _a8);
				_a8 = _t8;
				if(_t8 != 0xffffffff) {
					__eflags = _t8 - 0x102;
					if(_t8 != 0x102) {
						_t10 = GetExitCodeProcess(_a4,  &_a8);
						__eflags = _t10;
						if(_t10 != 0) {
							 *_a12 = _a8;
						} else {
							_t16 = GetLastError();
							__eflags = _t16;
							if(__eflags > 0) {
								_t16 = _t16 & 0x0000ffff | 0x80070000;
								__eflags = _t16;
							}
							if(__eflags >= 0) {
								_t16 = 0x80004005;
							}
							_push(_t16);
							_push(0x12a);
							goto L6;
						}
					} else {
						_t16 = 0x80070102;
					}
				} else {
					_t16 = GetLastError();
					if(_t16 > 0) {
						_t16 = _t16 & 0x0000ffff | 0x80070000;
						_t21 = _t16;
					}
					if(_t21 >= 0) {
						_t16 = 0x80004005;
					}
					_push(_t16);
					_push(0x121);
					L6:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\procutil.cpp");
					E008C38BA(_t12);
				}
				return _t16;
			}







                                                            0x009002f3
                                                            0x009002f8
                                                            0x009002fe
                                                            0x00900304
                                                            0x00900336
                                                            0x0090033b
                                                            0x0090034b
                                                            0x00900351
                                                            0x00900353
                                                            0x00900381
                                                            0x00900355
                                                            0x0090035b
                                                            0x0090035d
                                                            0x0090035f
                                                            0x00900364
                                                            0x0090036a
                                                            0x0090036a
                                                            0x0090036c
                                                            0x0090036e
                                                            0x0090036e
                                                            0x00900373
                                                            0x00900374
                                                            0x00000000
                                                            0x00900374
                                                            0x0090033d
                                                            0x0090033d
                                                            0x0090033d
                                                            0x00900306
                                                            0x0090030c
                                                            0x00900310
                                                            0x00900315
                                                            0x0090031b
                                                            0x0090031b
                                                            0x0090031d
                                                            0x0090031f
                                                            0x0090031f
                                                            0x00900324
                                                            0x00900325
                                                            0x0090032a
                                                            0x0090032a
                                                            0x0090032f
                                                            0x0090032f
                                                            0x00900387

                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,008C4F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?), ref: 009002F8
                                                            • GetLastError.KERNEL32(?,008C4F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00900306
                                                            • GetExitCodeProcess.KERNEL32 ref: 0090034B
                                                            • GetLastError.KERNEL32(?,008C4F5D,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00900355
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$CodeExitObjectProcessSingleWait
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\procutil.cpp
                                                            • API String ID: 590199018-3090323974
                                                            • Opcode ID: 0fa63e0d3734a36fdff2dfa556eed4046090a7d6f2ed06c95ffd164743daf8f5
                                                            • Instruction ID: f5a91aabc26f0e844fe7197132cbe857ac0668eabe89691fef75396ddd49e47c
                                                            • Opcode Fuzzy Hash: 0fa63e0d3734a36fdff2dfa556eed4046090a7d6f2ed06c95ffd164743daf8f5
                                                            • Instruction Fuzzy Hash: 7601C83794423AAFC7325A549C0979E7A98EF447B0F028121FD98AF2D0E239CC0096D5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F9A87 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 71%
                                                            			E008F9A87(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				void* _t80;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				void* _t98;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E008FC065(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t98);
					_pop(_t103);
					_pop(_t80);
					return E008EDD1F(_t80, _v8 ^ _t105, _t95, _t98, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E008F8BF5(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E008F8397(_t81, _t85, _v12, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E008F8BF5(_t100);
									goto L36;
								}
								_t62 = E008F8397(_t81, _t87, _t100, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E008F8BF5(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E008F5D22(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E00909650();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E008F8397(_t81, 0, _t99, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E008F5D22(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E00909650();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}































                                                            0x008f9a8c
                                                            0x008f9a8d
                                                            0x008f9a8e
                                                            0x008f9a95
                                                            0x008f9a9a
                                                            0x008f9aa0
                                                            0x008f9aa6
                                                            0x008f9aac
                                                            0x008f9aaf
                                                            0x008f9aaf
                                                            0x008f9ab2
                                                            0x008f9ab4
                                                            0x008f9ab4
                                                            0x008f9ab2
                                                            0x008f9ab6
                                                            0x008f9abb
                                                            0x008f9ac2
                                                            0x008f9ac5
                                                            0x008f9ac5
                                                            0x008f9ae1
                                                            0x008f9ae7
                                                            0x008f9aec
                                                            0x008f9c7f
                                                            0x008f9c82
                                                            0x008f9c83
                                                            0x008f9c84
                                                            0x008f9c92
                                                            0x008f9af2
                                                            0x008f9af2
                                                            0x008f9af5
                                                            0x008f9afa
                                                            0x008f9afe
                                                            0x008f9b52
                                                            0x008f9b52
                                                            0x008f9b54
                                                            0x008f9b56
                                                            0x008f9c74
                                                            0x008f9c74
                                                            0x008f9c76
                                                            0x008f9c77
                                                            0x00000000
                                                            0x008f9c7d
                                                            0x008f9b67
                                                            0x008f9b6d
                                                            0x008f9b6f
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9b75
                                                            0x008f9b87
                                                            0x008f9b8c
                                                            0x008f9b90
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9b9d
                                                            0x008f9bd7
                                                            0x008f9bda
                                                            0x008f9bdd
                                                            0x008f9bdf
                                                            0x008f9be1
                                                            0x008f9be3
                                                            0x008f9c2f
                                                            0x008f9c2f
                                                            0x008f9c31
                                                            0x008f9c31
                                                            0x008f9c33
                                                            0x008f9c6d
                                                            0x008f9c6e
                                                            0x00000000
                                                            0x008f9c73
                                                            0x008f9c47
                                                            0x008f9c4c
                                                            0x008f9c4e
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9c52
                                                            0x008f9c53
                                                            0x008f9c54
                                                            0x008f9c57
                                                            0x008f9c93
                                                            0x008f9c96
                                                            0x008f9c59
                                                            0x008f9c59
                                                            0x008f9c5a
                                                            0x008f9c5a
                                                            0x008f9c67
                                                            0x008f9c69
                                                            0x008f9c6b
                                                            0x008f9c9c
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9c6b
                                                            0x008f9be5
                                                            0x008f9be8
                                                            0x008f9bea
                                                            0x008f9bec
                                                            0x008f9bee
                                                            0x008f9bf1
                                                            0x008f9bf6
                                                            0x008f9c11
                                                            0x008f9c13
                                                            0x008f9c1d
                                                            0x008f9c1f
                                                            0x008f9c20
                                                            0x008f9c22
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9c24
                                                            0x008f9c2a
                                                            0x008f9c2a
                                                            0x00000000
                                                            0x008f9c2a
                                                            0x008f9bf8
                                                            0x008f9bfa
                                                            0x008f9bfe
                                                            0x008f9c03
                                                            0x008f9c05
                                                            0x008f9c07
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9c09
                                                            0x00000000
                                                            0x008f9c09
                                                            0x008f9b9f
                                                            0x008f9ba4
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9baa
                                                            0x008f9bac
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9bc3
                                                            0x008f9bc8
                                                            0x008f9bcc
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9bd2
                                                            0x008f9b05
                                                            0x008f9b07
                                                            0x008f9b09
                                                            0x008f9b11
                                                            0x008f9b30
                                                            0x008f9b32
                                                            0x008f9b3c
                                                            0x008f9b3e
                                                            0x008f9b3f
                                                            0x008f9b41
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9b47
                                                            0x008f9b4d
                                                            0x008f9b4d
                                                            0x00000000
                                                            0x008f9b4d
                                                            0x008f9b15
                                                            0x008f9b19
                                                            0x008f9b1e
                                                            0x008f9b22
                                                            0x00000000
                                                            0x00000000
                                                            0x008f9b28
                                                            0x00000000
                                                            0x008f9b28

                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008F2C74,008F2C74,?,?,?,008F9CD8,00000001,00000001,BCE85006), ref: 008F9AE1
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008F9CD8,00000001,00000001,BCE85006,?,?,?), ref: 008F9B67
                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,BCE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008F9C61
                                                            • __freea.LIBCMT ref: 008F9C6E
                                                              • Part of subcall function 008F5D22: RtlAllocateHeap.NTDLL(00000000,?,?,?,008F1782,?,0000015D,?,?,?,?,008F2BDB,000000FF,00000000,?,?), ref: 008F5D54
                                                            • __freea.LIBCMT ref: 008F9C77
                                                            • __freea.LIBCMT ref: 008F9C9C
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1414292761-0
                                                            • Opcode ID: 6a728b60fcef826c88fa4307411784546bd0b0911fdc45c9bac9e5c4cd8052df
                                                            • Instruction ID: b6dcc286ef3202aa9e35db6a4a0db6cf4a8c517bff27477affccdbfd5248ccb4
                                                            • Opcode Fuzzy Hash: 6a728b60fcef826c88fa4307411784546bd0b0911fdc45c9bac9e5c4cd8052df
                                                            • Instruction Fuzzy Hash: E051BF7260021EAFDB258F74CC81FBA77AAFB80760F144628FA49D6140EB34DC40D6A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008D8B85 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 121sleepCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E008D8B85(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				char* _t39;
				char* _t41;
				signed int _t48;
				void* _t53;
				intOrPtr _t55;
				void* _t58;
				void* _t59;

				_t53 = __edx;
				_t50 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t55 = _a8;
				_t24 = E008DA279(__ecx, _t55, _a16,  &_v12);
				_t48 = _v12;
				_t58 = _t24;
				if(_t58 >= 0) {
					_push(_t48);
					E008C563D(2, (0 | _a4 != 0x00000000) + 0x2000015f, _a12);
					_t29 = 0x80004005;
					_t59 = 0;
					while(_t59 < 3) {
						if(_t59 != 0) {
							Sleep(0x7d0);
						}
						_t29 = E008C3D4E(_t53, _t48, 7);
						if(_t29 != 0x80070003) {
							_t59 = _t59 + 1;
							if(_t29 < 0) {
								continue;
							}
						}
						break;
					}
					if(_t29 >= 0) {
						_t58 = E008D8951(_t50, _t55, 1,  &_v8);
						if(_t58 >= 0) {
							E008C3D4E(_t53, _v8, 4);
							if(_t58 == 1) {
								_t58 = E008D8951(_t50, _t55, 0,  &_v8);
								if(_t58 >= 0) {
									E008C3D4E(_t53, _v8, 4);
								} else {
									_t39 = "per-machine";
									if(_t55 == 0) {
										_t39 = "per-user";
									}
									_push(_t39);
									_push("Failed to get old %hs package cache root directory.");
									goto L14;
								}
							}
						} else {
							_t41 = "per-machine";
							if(_t55 == 0) {
								_t41 = "per-user";
							}
							_push(_t41);
							_push("Failed to get %hs package cache root directory.");
							L14:
							_push(_t58);
							E008FFB09();
						}
					} else {
						_push(_t29);
						_push(_t48);
						E008C563D(2, (0 | _a4 != 0x00000000) + 0xa0000161, _a12);
						_t58 = 0;
					}
				} else {
					_push("Failed to calculate cache path.");
					_push(_t58);
					E008FFB09();
				}
				if(_t48 != 0) {
					E008C2762(_t48);
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				return _t58;
			}














                                                            0x008d8b85
                                                            0x008d8b85
                                                            0x008d8b88
                                                            0x008d8b89
                                                            0x008d8b8a
                                                            0x008d8b91
                                                            0x008d8b98
                                                            0x008d8ba0
                                                            0x008d8ba5
                                                            0x008d8ba8
                                                            0x008d8bac
                                                            0x008d8bc5
                                                            0x008d8bd4
                                                            0x008d8bdc
                                                            0x008d8be1
                                                            0x008d8be3
                                                            0x008d8bea
                                                            0x008d8bf1
                                                            0x008d8bf1
                                                            0x008d8bfa
                                                            0x008d8c04
                                                            0x008d8c06
                                                            0x008d8c09
                                                            0x00000000
                                                            0x00000000
                                                            0x008d8c09
                                                            0x00000000
                                                            0x008d8c04
                                                            0x008d8c0d
                                                            0x008d8c3c
                                                            0x008d8c40
                                                            0x008d8c66
                                                            0x008d8c6e
                                                            0x008d8c7c
                                                            0x008d8c80
                                                            0x008d8c9d
                                                            0x008d8c82
                                                            0x008d8c82
                                                            0x008d8c89
                                                            0x008d8c8b
                                                            0x008d8c8b
                                                            0x008d8c90
                                                            0x008d8c91
                                                            0x00000000
                                                            0x008d8c91
                                                            0x008d8c80
                                                            0x008d8c42
                                                            0x008d8c42
                                                            0x008d8c49
                                                            0x008d8c4b
                                                            0x008d8c4b
                                                            0x008d8c50
                                                            0x008d8c51
                                                            0x008d8c56
                                                            0x008d8c56
                                                            0x008d8c57
                                                            0x008d8c5c
                                                            0x008d8c0f
                                                            0x008d8c0f
                                                            0x008d8c15
                                                            0x008d8c24
                                                            0x008d8c2c
                                                            0x008d8c2c
                                                            0x008d8bae
                                                            0x008d8bae
                                                            0x008d8bb3
                                                            0x008d8bb4
                                                            0x008d8bba
                                                            0x008d8ca4
                                                            0x008d8ca7
                                                            0x008d8ca7
                                                            0x008d8cb0
                                                            0x008d8cb5
                                                            0x008d8cb5
                                                            0x008d8cc0

                                                            APIs
                                                            • Sleep.KERNEL32(000007D0,00000000,00000000), ref: 008D8BF1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$per-machine$per-user
                                                            • API String ID: 3472027048-398165853
                                                            • Opcode ID: 49a3b9cf4f59e0b268b5c07729a1e3a4460b6f60ee5adaacbc5bbac6e9c4fca4
                                                            • Instruction ID: 32599e8fb591a07a4a2f5de3f85c549350e1c59b6218d687554b434ec9aaa36d
                                                            • Opcode Fuzzy Hash: 49a3b9cf4f59e0b268b5c07729a1e3a4460b6f60ee5adaacbc5bbac6e9c4fca4
                                                            • Instruction Fuzzy Hash: 6D310672A51229FBDB52A6698D43FBF676CFF00750F120266FE00FA241DA74DD4052B2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C22B5 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 118COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E008C22B5(signed int __edx, short** _a4, char* _a8, int _a12, int _a16) {
				int _t18;
				int _t19;
				int _t20;
				int _t21;
				intOrPtr* _t27;
				signed int _t31;
				int _t33;
				char* _t35;
				short** _t36;
				int _t40;
				int _t42;
				unsigned int _t44;
				int _t46;

				_t34 = _a4;
				_t40 = __edx | 0xffffffff;
				_t18 = _a12;
				_t46 = 0;
				_t31 = _t18;
				_t42 = 0;
				if( *_a4 == 0) {
					L4:
					_t35 = _a8;
					__eflags = _t18;
					if(_t18 != 0) {
						__eflags = _t35[_t18];
						if(_t35[_t18] == 0) {
							_t31 = _t18 - 1;
						}
						L15:
						_t19 = _t31 + 1;
						__eflags = _t42 - _t19;
						if(_t42 >= _t19) {
							_t36 = _a4;
							L25:
							_t20 = _a12;
							__eflags = _t20;
							if(_t20 == 0) {
								_t20 = _t20 | 0xffffffff;
								__eflags = _t20;
							}
							_t21 = MultiByteToWideChar(_a16, _t46, _a8, _t20,  *_t36, _t42);
							__eflags = _t21;
							if(_t21 != 0) {
								__eflags = 0;
								( *_a4)[_t31] = 0;
								goto L34;
							} else {
								_t46 = GetLastError();
								__eflags = _t46;
								if(__eflags > 0) {
									_t46 = _t46 & 0x0000ffff | 0x80070000;
									__eflags = _t46;
								}
								if(__eflags >= 0) {
									_t46 = 0x80004005;
								}
								_push(_t46);
								_push(0x22f);
								L11:
								_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\strutil.cpp");
								E008C38BA(_t25);
								L34:
								return _t46;
							}
						}
						_t42 = _t19;
						__eflags = _t42 - 0x7fffffff;
						if(_t42 < 0x7fffffff) {
							_t27 = _a4;
							_push(1);
							_push(_t42 + _t42);
							__eflags =  *_t27 - _t46;
							if( *_t27 == _t46) {
								_t25 = E008C39DF();
							} else {
								_push( *_t27);
								_t25 = E008C3B7C();
							}
							__eflags = _t25;
							if(_t25 != 0) {
								_t36 = _a4;
								 *_t36 = _t25;
								goto L25;
							} else {
								_t46 = 0x8007000e;
								_push(0x8007000e);
								_push(0x228);
								goto L11;
							}
						}
						_t46 = 0x8007000e;
						goto L34;
					}
					_t33 = MultiByteToWideChar(_a16, _t46, _t35, _t40, _t46, _t46);
					__eflags = _t33;
					if(_t33 != 0) {
						_t31 = _t33 - 1;
						goto L15;
					}
					_t46 = GetLastError();
					__eflags = _t46;
					if(__eflags > 0) {
						_t46 = _t46 & 0x0000ffff | 0x80070000;
						__eflags = _t46;
					}
					if(__eflags >= 0) {
						_t46 = 0x80004005;
					}
					_push(_t46);
					_push(0x20c);
					goto L11;
				}
				_t44 = E008C3C5F( *_t34);
				_t40 = _t40 | 0xffffffff;
				if(_t44 != _t40) {
					_t42 = _t44 >> 1;
					__eflags = _t42;
					_t18 = _t31;
					goto L4;
				}
				_t46 = 0x80070057;
				goto L34;
			}
















                                                            0x008c22b8
                                                            0x008c22bb
                                                            0x008c22be
                                                            0x008c22c3
                                                            0x008c22c5
                                                            0x008c22c8
                                                            0x008c22cc
                                                            0x008c22ec
                                                            0x008c22ec
                                                            0x008c22ef
                                                            0x008c22f1
                                                            0x008c233d
                                                            0x008c2341
                                                            0x008c2343
                                                            0x008c2343
                                                            0x008c2346
                                                            0x008c2346
                                                            0x008c2349
                                                            0x008c234b
                                                            0x008c2394
                                                            0x008c2397
                                                            0x008c2397
                                                            0x008c239a
                                                            0x008c239c
                                                            0x008c239e
                                                            0x008c239e
                                                            0x008c239e
                                                            0x008c23ac
                                                            0x008c23b2
                                                            0x008c23b4
                                                            0x008c23e4
                                                            0x008c23e6
                                                            0x00000000
                                                            0x008c23b6
                                                            0x008c23bc
                                                            0x008c23be
                                                            0x008c23c0
                                                            0x008c23c5
                                                            0x008c23cb
                                                            0x008c23cb
                                                            0x008c23cd
                                                            0x008c23cf
                                                            0x008c23cf
                                                            0x008c23d4
                                                            0x008c23d5
                                                            0x008c232b
                                                            0x008c232b
                                                            0x008c2330
                                                            0x008c23ea
                                                            0x008c23f0
                                                            0x008c23f0
                                                            0x008c23b4
                                                            0x008c234d
                                                            0x008c234f
                                                            0x008c2355
                                                            0x008c2361
                                                            0x008c2367
                                                            0x008c2369
                                                            0x008c236a
                                                            0x008c236c
                                                            0x008c2377
                                                            0x008c236e
                                                            0x008c236e
                                                            0x008c2370
                                                            0x008c2370
                                                            0x008c237c
                                                            0x008c237e
                                                            0x008c238d
                                                            0x008c2390
                                                            0x00000000
                                                            0x008c2380
                                                            0x008c2380
                                                            0x008c2385
                                                            0x008c2386
                                                            0x00000000
                                                            0x008c2386
                                                            0x008c237e
                                                            0x008c2357
                                                            0x00000000
                                                            0x008c2357
                                                            0x008c2301
                                                            0x008c2303
                                                            0x008c2305
                                                            0x008c233a
                                                            0x00000000
                                                            0x008c233a
                                                            0x008c230d
                                                            0x008c230f
                                                            0x008c2311
                                                            0x008c2316
                                                            0x008c231c
                                                            0x008c231c
                                                            0x008c231e
                                                            0x008c2320
                                                            0x008c2320
                                                            0x008c2325
                                                            0x008c2326
                                                            0x00000000
                                                            0x008c2326
                                                            0x008c22d5
                                                            0x008c22d7
                                                            0x008c22dc
                                                            0x008c22e8
                                                            0x008c22e8
                                                            0x008c22ea
                                                            0x00000000
                                                            0x008c22ea
                                                            0x008c22de
                                                            0x00000000

                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C22FB
                                                            • GetLastError.KERNEL32(?,00000000,00000000,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C2307
                                                              • Part of subcall function 008C3C5F: GetProcessHeap.KERNEL32(00000000,?,?,008C22D5,?,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C3C67
                                                              • Part of subcall function 008C3C5F: HeapSize.KERNEL32(00000000,?,008C22D5,?,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C3C6E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\strutil.cpp
                                                            • API String ID: 3662877508-178104475
                                                            • Opcode ID: 12e99c2cbd9a349ee7f22d861eb0b6d885300bd482420bdf91abd00ca87a7920
                                                            • Instruction ID: 807b90002caadad732e04dbc749f7b1a63938e940ce2bb4967244213501cf9c1
                                                            • Opcode Fuzzy Hash: 12e99c2cbd9a349ee7f22d861eb0b6d885300bd482420bdf91abd00ca87a7920
                                                            • Instruction Fuzzy Hash: 4E31C2326142AAABD7219E758C44F6A7AB5FF05768F11422CFD15DB3F0E678CC0096D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00903B71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00903B71(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				void* _t34;
				void* _t37;
				signed short* _t39;
				signed int _t42;
				void* _t44;
				void* _t45;
				signed int _t49;
				void* _t50;

				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_t50 = E00903C72(_a4, _a8);
				if(_t50 == 0) {
					L21:
					if(_v12 != 0) {
						E008C272F(_v12, _v8);
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _t50;
				}
				_t34 = E00900823(0x80000002, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager", 1,  &_v16);
				if(_t34 == 0x80070002 || _t34 < 0) {
					L20:
					goto L21;
				} else {
					_t37 = E00900AB4(_v16, L"PendingFileRenameOperations",  &_v12,  &_v8);
					if(_t37 != 0x80070002 && _t37 >= 0) {
						_t49 = 0;
						if(_v8 <= 0) {
							goto L20;
						}
						_a8 = 0x5c;
						_t45 = 0x3f;
						do {
							_t39 =  *(_v12 + _t49 * 4);
							if(_t39 == 0) {
								goto L17;
							}
							_t42 =  *_t39 & 0x0000ffff;
							if(_t42 == 0) {
								goto L17;
							}
							if(_a8 == _t42 && _t45 == _t39[1] && _t45 == _t39[2]) {
								_t44 = 0x5c;
								if(_t44 == _t39[3]) {
									_t39 =  &(_t39[4]);
								}
							}
							if(E008C2DE3( &_v20, _a4, _t39,  &_v20) < 0) {
								goto L20;
							} else {
								if(_v20 == 2) {
									_t50 = 0;
									goto L20;
								}
								_t45 = 0x3f;
							}
							L17:
							_t49 = _t49 + 2;
						} while (_t49 < _v8);
					}
					goto L20;
				}
			}















                                                            0x00903b81
                                                            0x00903b84
                                                            0x00903b87
                                                            0x00903b8a
                                                            0x00903b92
                                                            0x00903b96
                                                            0x00903c4c
                                                            0x00903c4f
                                                            0x00903c57
                                                            0x00903c57
                                                            0x00903c5f
                                                            0x00903c64
                                                            0x00903c64
                                                            0x00903c6f
                                                            0x00903c6f
                                                            0x00903bad
                                                            0x00903bb9
                                                            0x00903c4b
                                                            0x00000000
                                                            0x00903bc7
                                                            0x00903bd7
                                                            0x00903bde
                                                            0x00903be4
                                                            0x00903be9
                                                            0x00000000
                                                            0x00000000
                                                            0x00903bed
                                                            0x00903bf4
                                                            0x00903bf5
                                                            0x00903bf8
                                                            0x00903bfd
                                                            0x00000000
                                                            0x00000000
                                                            0x00903bff
                                                            0x00903c05
                                                            0x00000000
                                                            0x00000000
                                                            0x00903c0b
                                                            0x00903c1b
                                                            0x00903c20
                                                            0x00903c22
                                                            0x00903c22
                                                            0x00903c20
                                                            0x00903c34
                                                            0x00000000
                                                            0x00903c36
                                                            0x00903c3a
                                                            0x00903c49
                                                            0x00000000
                                                            0x00903c49
                                                            0x00903c3e
                                                            0x00903c3e
                                                            0x00903c3f
                                                            0x00903c3f
                                                            0x00903c42
                                                            0x00903c47
                                                            0x00000000
                                                            0x00903bde

                                                            APIs
                                                              • Part of subcall function 00903C72: FindFirstFileW.KERNEL32(008E8F6B,?,00000100,00000000,00000000), ref: 00903CAD
                                                              • Part of subcall function 00903C72: FindClose.KERNEL32(00000000), ref: 00903CB9
                                                            • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 00903C64
                                                              • Part of subcall function 00900823: RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000001,0092AA7C,00000000,?,00904FE0,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00900837
                                                              • Part of subcall function 00900AB4: RegQueryValueExW.KERNEL32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 00900ADC
                                                              • Part of subcall function 00900AB4: RegQueryValueExW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,008D6FDF,00000100,000000B0,00000088,00000410,000002C0), ref: 00900B13
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseFindQueryValue$FileFirstOpen
                                                            • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                            • API String ID: 3397690329-3978359083
                                                            • Opcode ID: 63868b1bf4dbfdb65846603b7c2ac8d9bf1ab0cdc6cc0f5071b12df81658f26c
                                                            • Instruction ID: 05bd7dce82b2992e73cb40b4ddd16493ea38b622aab91ef5ceada27b76767ac8
                                                            • Opcode Fuzzy Hash: 63868b1bf4dbfdb65846603b7c2ac8d9bf1ab0cdc6cc0f5071b12df81658f26c
                                                            • Instruction Fuzzy Hash: 5B317E31D00229AEEF21AF95C841AAEBBBDEF50B50F14C069E981F6191D331DF80DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00908109 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69timeCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E00908109(void* __edx, intOrPtr _a4, struct _FILETIME* _a8) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				signed short _t17;
				struct _FILETIME* _t22;
				void* _t26;
				SYSTEMTIME* _t27;
				signed short _t28;
				signed int _t31;
				signed short _t34;

				_t26 = __edx;
				_t10 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t10 ^ _t31;
				_t27 =  &_v24;
				_t22 = _a8;
				asm("stosd");
				_t28 = 0;
				_push(0);
				_v28 = 0x10;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_push( &_v28);
				_push( &_v24);
				_push(0x4000000b);
				_push(_a4);
				if( *0x92a988() != 0) {
					_t17 = SystemTimeToFileTime( &_v24, _t22);
					__eflags = _t17;
					if(_t17 == 0) {
						_t28 = GetLastError();
						__eflags = _t28;
						if(__eflags > 0) {
							_t28 = _t28 & 0x0000ffff | 0x80070000;
							__eflags = _t28;
						}
						if(__eflags >= 0) {
							_t28 = 0x80004005;
						}
						_push(_t28);
						_push(0x37);
						goto L12;
					}
				} else {
					_t28 = GetLastError();
					if(_t28 > 0) {
						_t28 = _t28 & 0x0000ffff | 0x80070000;
						_t34 = _t28;
					}
					if(_t34 >= 0) {
						_t28 = 0x80004005;
					}
					_push(_t28);
					_push(0x32);
					L12:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\inetutil.cpp");
					E008C38BA(_t20);
				}
				return E008EDD1F(_t22, _v8 ^ _t31, _t26, _t27, _t28);
			}

















                                                            0x00908109
                                                            0x0090810f
                                                            0x00908116
                                                            0x0090811f
                                                            0x00908124
                                                            0x00908127
                                                            0x00908128
                                                            0x0090812a
                                                            0x0090812b
                                                            0x00908132
                                                            0x00908133
                                                            0x00908134
                                                            0x00908138
                                                            0x0090813c
                                                            0x0090813d
                                                            0x00908142
                                                            0x0090814b
                                                            0x00908175
                                                            0x0090817b
                                                            0x0090817d
                                                            0x00908185
                                                            0x00908187
                                                            0x00908189
                                                            0x0090818e
                                                            0x00908194
                                                            0x00908194
                                                            0x00908196
                                                            0x00908198
                                                            0x00908198
                                                            0x0090819d
                                                            0x0090819e
                                                            0x00000000
                                                            0x0090819e
                                                            0x0090814d
                                                            0x00908153
                                                            0x00908157
                                                            0x0090815c
                                                            0x00908162
                                                            0x00908162
                                                            0x00908164
                                                            0x00908166
                                                            0x00908166
                                                            0x0090816b
                                                            0x0090816c
                                                            0x009081a0
                                                            0x009081a0
                                                            0x009081a5
                                                            0x009081a5
                                                            0x009081ba

                                                            APIs
                                                            • GetLastError.KERNEL32 ref: 0090814D
                                                            • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 00908175
                                                            • GetLastError.KERNEL32 ref: 0090817F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastTime$FileSystem
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\inetutil.cpp
                                                            • API String ID: 1528435940-1391240214
                                                            • Opcode ID: 7941bcb8713f99c1c56115678eb1ae81cceeb0fce889f105916481adfc1e9d90
                                                            • Instruction ID: cfea02affa8bbeee5baee97e9ea421a1b880e2fbe8ed61f324add0b55e7b1c28
                                                            • Opcode Fuzzy Hash: 7941bcb8713f99c1c56115678eb1ae81cceeb0fce889f105916481adfc1e9d90
                                                            • Instruction Fuzzy Hash: 83119673A15639AFD720DBA9CD45BAFBBACAF04750F110425AE41F7140E6249D0586E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C9DDA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 53%
                                                            			E008C9DDA(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				void* _t32;
				char _t33;

				_t30 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				if(E008C7303(_a8,  *((intOrPtr*)(_a4 + 0x14)),  &_v8, 0) >= 0) {
					_t32 = E00904289(_v8,  &_v12,  &_v16);
					if(_t32 == 0x80070002 || _t32 == 0x80070003) {
						_push(_v8);
						E008FFFF0(2, "File search: %ls, did not find path: %ls",  *_t30);
						_t33 = 0;
					} else {
						if(_t32 >= 0) {
							_t33 = E008C82F4(_a8,  *((intOrPtr*)(_t30 + 4)), _v16, _v12, 0);
							if(_t33 < 0) {
								_push("Failed to set variable.");
								goto L2;
							}
						} else {
							_push("Failed get file version.");
							goto L2;
						}
					}
				} else {
					_push("Failed to format path string.");
					L2:
					_push(_t33);
					E008FFB09();
				}
				E008C287D(_v8);
				return _t33;
			}








                                                            0x008c9de3
                                                            0x008c9df0
                                                            0x008c9df6
                                                            0x008c9df9
                                                            0x008c9e05
                                                            0x008c9e26
                                                            0x008c9e2e
                                                            0x008c9e62
                                                            0x008c9e6e
                                                            0x008c9e76
                                                            0x008c9e38
                                                            0x008c9e3a
                                                            0x008c9e55
                                                            0x008c9e59
                                                            0x008c9e5b
                                                            0x00000000
                                                            0x008c9e5b
                                                            0x008c9e3c
                                                            0x008c9e3c
                                                            0x00000000
                                                            0x008c9e3c
                                                            0x008c9e3a
                                                            0x008c9e07
                                                            0x008c9e07
                                                            0x008c9e0c
                                                            0x008c9e0c
                                                            0x008c9e0d
                                                            0x008c9e13
                                                            0x008c9e7b
                                                            0x008c9e86

                                                            APIs
                                                            • _MREFOpen@16.MSPDB140-MSVCRT ref: 008C9DFC
                                                            Strings
                                                            • File search: %ls, did not find path: %ls, xrefs: 008C9E67
                                                            • Failed to format path string., xrefs: 008C9E07
                                                            • Failed to set variable., xrefs: 008C9E5B
                                                            • Failed get file version., xrefs: 008C9E3C
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Open@16
                                                            • String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
                                                            • API String ID: 3613110473-2458530209
                                                            • Opcode ID: 11d8438b834f4fb503df2fc9e13e7292c3b7221d842be2daaf20d46710889d1c
                                                            • Instruction ID: 61f0d1158200e7d6f76a3a281553bd7734da1d289bd4cab68e0a95c8d120218f
                                                            • Opcode Fuzzy Hash: 11d8438b834f4fb503df2fc9e13e7292c3b7221d842be2daaf20d46710889d1c
                                                            • Instruction Fuzzy Hash: DD11B172D0012DBECF02AAD89C46EAEBB78FF10354B1041A9F910E6251D671DE10ABC1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C1206 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008C1206(void* __ecx, intOrPtr _a4, intOrPtr* _a8, short*** _a12) {
				int _v8;
				int _v12;
				PWCHAR* _t21;
				signed short _t34;
				signed short _t41;

				_v8 = 0;
				_v12 = 0;
				_t34 = E008C1FF4( &_v8, L"ignored ", 0);
				if(_t34 >= 0) {
					_t34 = E008C1FF4( &_v8, _a4, 0);
					if(_t34 >= 0) {
						_t21 = CommandLineToArgvW(_v8,  &_v12);
						if(_t21 != 0) {
							_t8 =  &(_t21[1]); // 0x4
							 *_a12 = _t8;
							 *_a8 = _v12 - 1;
						} else {
							_t34 = GetLastError();
							if(_t34 > 0) {
								_t34 = _t34 & 0x0000ffff | 0x80070000;
								_t41 = _t34;
							}
							if(_t41 >= 0) {
								_t34 = 0x80004005;
							}
							E008C38BA(_t24, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\apputil.cpp", 0x63, _t34);
						}
					}
				}
				if(_v8 != 0) {
					E008C2762(_v8);
				}
				return _t34;
			}








                                                            0x008c1219
                                                            0x008c121c
                                                            0x008c1224
                                                            0x008c1228
                                                            0x008c1237
                                                            0x008c123b
                                                            0x008c1244
                                                            0x008c124c
                                                            0x008c127b
                                                            0x008c1281
                                                            0x008c128a
                                                            0x008c124e
                                                            0x008c1254
                                                            0x008c1258
                                                            0x008c125d
                                                            0x008c1263
                                                            0x008c1263
                                                            0x008c1265
                                                            0x008c1267
                                                            0x008c1267
                                                            0x008c1274
                                                            0x008c1274
                                                            0x008c124c
                                                            0x008c123b
                                                            0x008c128f
                                                            0x008c1294
                                                            0x008c1294
                                                            0x008c129e

                                                            APIs
                                                            • CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,008C527C,00000000,?), ref: 008C1244
                                                            • GetLastError.KERNEL32(?,?,?,008C527C,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 008C124E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ArgvCommandErrorLastLine
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\apputil.cpp$ignored
                                                            • API String ID: 3459693003-4239442035
                                                            • Opcode ID: 11a9a3b5e2cd86c1eb411610cc7cf728578e47b4175935cf2ffaa9df1fcc923a
                                                            • Instruction ID: 57bd51fb51325ca33bc6de77c6036066549dc69b296f1c39af2a7a961f7bebf2
                                                            • Opcode Fuzzy Hash: 11a9a3b5e2cd86c1eb411610cc7cf728578e47b4175935cf2ffaa9df1fcc923a
                                                            • Instruction Fuzzy Hash: 3411607A901229ABCF21DB99C889E9EBBB8FF45B50B014159F900E7251D770DE0096E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C9A0E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 24%
                                                            			E008C9A0E(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _t25;
				void* _t29;
				void* _t30;

				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t29 = E00903209(_a8, L"Condition",  &_v12);
				if(_t29 != 1) {
					if(_t29 >= 0) {
						_t30 = E00902D56(_v12,  &_v8);
						if(_t30 >= 0) {
							_t30 = E008C229E(_a4, _v8, 0);
							if(_t30 < 0) {
								_push("Failed to copy condition string from BSTR");
								goto L8;
							}
						} else {
							_push("Failed to get Condition inner text.");
							goto L8;
						}
					} else {
						_push("Failed to select condition node.");
						L8:
						_push(_t30);
						E008FFB09();
					}
				} else {
					_t30 = 0;
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t25 = _v12;
				if(_t25 != 0) {
					 *((intOrPtr*)( *_t25 + 8))(_t25);
				}
				return _t30;
			}








                                                            0x008c9a13
                                                            0x008c9a1a
                                                            0x008c9a2d
                                                            0x008c9a32
                                                            0x008c9a3a
                                                            0x008c9a4f
                                                            0x008c9a53
                                                            0x008c9a69
                                                            0x008c9a6d
                                                            0x008c9a6f
                                                            0x00000000
                                                            0x008c9a6f
                                                            0x008c9a55
                                                            0x008c9a55
                                                            0x00000000
                                                            0x008c9a55
                                                            0x008c9a3c
                                                            0x008c9a3c
                                                            0x008c9a74
                                                            0x008c9a74
                                                            0x008c9a75
                                                            0x008c9a7b
                                                            0x008c9a34
                                                            0x008c9a34
                                                            0x008c9a34
                                                            0x008c9a80
                                                            0x008c9a85
                                                            0x008c9a85
                                                            0x008c9a8b
                                                            0x008c9a90
                                                            0x008c9a95
                                                            0x008c9a95
                                                            0x008c9a9c

                                                            APIs
                                                            • SysFreeString.OLEAUT32(00000000), ref: 008C9A85
                                                            Strings
                                                            • Failed to copy condition string from BSTR, xrefs: 008C9A6F
                                                            • Failed to get Condition inner text., xrefs: 008C9A55
                                                            • Failed to select condition node., xrefs: 008C9A3C
                                                            • Condition, xrefs: 008C9A20
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeString
                                                            • String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.
                                                            • API String ID: 3341692771-3600577998
                                                            • Opcode ID: bb68daa89daa083b9231c308375658fbbcede959796531d40db3c46775bc910f
                                                            • Instruction ID: 35f6a2a5e8b12ca19194c3d79e780f33fbc8ddb18b0d7acf850e86061b952077
                                                            • Opcode Fuzzy Hash: bb68daa89daa083b9231c308375658fbbcede959796531d40db3c46775bc910f
                                                            • Instruction Fuzzy Hash: 78115232940239BFDB15A764DC0AFADBB78FF40714F1142A9F941F6191D771DE409680
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C2078 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54windowCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 93%
                                                            			E008C2078(void* __ecx, intOrPtr _a4, long _a8, signed int _a12, char _a16) {
				short _v8;
				char* _v12;
				long _t20;
				signed short _t29;
				signed short _t34;

				_v12 =  &_a16;
				_v8 = 0;
				_t16 = _a12;
				asm("sbb eax, eax");
				_t20 = FormatMessageW(( ~_a12 & 0x00000800) + 0x11ff, _t16, _a8, 0,  &_v8, 0,  &_v12);
				_v12 = 0;
				if(_t20 != 0) {
					_t29 = E008C229E(_a4, _v8, _t20);
				} else {
					_t29 = GetLastError();
					if(_t29 > 0) {
						_t29 = _t29 & 0x0000ffff | 0x80070000;
						_t34 = _t29;
					}
					if(_t34 >= 0) {
						_t29 = 0x80004005;
					}
					E008C38BA(_t24, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\strutil.cpp", 0x4a9, _t29);
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return _t29;
			}








                                                            0x008c2083
                                                            0x008c208e
                                                            0x008c2092
                                                            0x008c209c
                                                            0x008c20a9
                                                            0x008c20af
                                                            0x008c20b4
                                                            0x008c20f2
                                                            0x008c20b6
                                                            0x008c20bc
                                                            0x008c20c0
                                                            0x008c20c5
                                                            0x008c20cb
                                                            0x008c20cb
                                                            0x008c20cd
                                                            0x008c20cf
                                                            0x008c20cf
                                                            0x008c20df
                                                            0x008c20df
                                                            0x008c20f8
                                                            0x008c20fd
                                                            0x008c20fd
                                                            0x008c2107

                                                            APIs
                                                            • FormatMessageW.KERNEL32(008C42CC,008C54CB,?,00000000,00000000,00000000,?,80070656,?,?,?,008DE5B6,00000000,008C54CB,00000000,80070656), ref: 008C20A9
                                                            • GetLastError.KERNEL32(?,?,?,008DE5B6,00000000,008C54CB,00000000,80070656,?,?,008D4042,008C54CB,?,80070656,00000001,crypt32.dll), ref: 008C20B6
                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,?,008DE5B6,00000000,008C54CB,00000000,80070656,?,?,008D4042,008C54CB), ref: 008C20FD
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\strutil.cpp, xrefs: 008C20DA
                                                            • @Mqt, xrefs: 008C20B6
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\strutil.cpp
                                                            • API String ID: 1365068426-178104475
                                                            • Opcode ID: ae6aab0d5f5e5b17e401bf5f39fa8b21dd3e4c4bb0029f67f685d6b481239336
                                                            • Instruction ID: ce0c9cae2c4280855954fcbfa640f26326cada4682ee5ff862fdef0e2cbc4a93
                                                            • Opcode Fuzzy Hash: ae6aab0d5f5e5b17e401bf5f39fa8b21dd3e4c4bb0029f67f685d6b481239336
                                                            • Instruction Fuzzy Hash: 0C015EB681112AFFDB109B94DD05EDEBABCFB04750F014166BD01E6180E674DE40D6E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F815F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E008F815F(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x92b498 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x9214a8 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0xa7a0e00d
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










                                                            0x008f8164
                                                            0x008f8168
                                                            0x008f816f
                                                            0x008f8173
                                                            0x008f8181
                                                            0x008f8197
                                                            0x008f819b
                                                            0x008f81c4
                                                            0x008f81c6
                                                            0x008f81ca
                                                            0x008f81cd
                                                            0x008f81cd
                                                            0x008f81d3
                                                            0x008f81d5
                                                            0x00000000
                                                            0x008f81d6
                                                            0x008f819d
                                                            0x008f81a6
                                                            0x008f81b5
                                                            0x008f81a8
                                                            0x008f81ab
                                                            0x008f81b1
                                                            0x008f81b1
                                                            0x008f81b9
                                                            0x00000000
                                                            0x008f81bb
                                                            0x008f81be
                                                            0x008f81c0
                                                            0x00000000
                                                            0x008f81c0
                                                            0x008f81b9
                                                            0x008f8175
                                                            0x008f817a
                                                            0x00000000

                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,008F8106,?,00000000,00000000,00000000,?,008F8303,00000006,FlsSetValue), ref: 008F8191
                                                            • GetLastError.KERNEL32(?,008F8106,?,00000000,00000000,00000000,?,008F8303,00000006,FlsSetValue,00921A28,FlsSetValue,00000000,00000364,?,008F59FB), ref: 008F819D
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008F8106,?,00000000,00000000,00000000,?,008F8303,00000006,FlsSetValue,00921A28,FlsSetValue,00000000), ref: 008F81AB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad$ErrorLast
                                                            • String ID: @Mqt
                                                            • API String ID: 3177248105-2740872224
                                                            • Opcode ID: fe2cb8cf48758363ca3665448533a56c2bbd9cc1b5e138a793853fbe09289387
                                                            • Instruction ID: 13e0079091d2a6c310bb4ca52a2fbac52451afbfa62b7b55083e7c78e28e7837
                                                            • Opcode Fuzzy Hash: fe2cb8cf48758363ca3665448533a56c2bbd9cc1b5e138a793853fbe09289387
                                                            • Instruction Fuzzy Hash: 2101D43666932AEFCB214A799C44AB7779CFF167A1B200720EE15D3180DF20D8428AE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 009045C9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E009045C9(void* __ecx, WCHAR* _a4, long _a8, intOrPtr _a12, intOrPtr _a16, void** _a20) {
				void** _t10;
				void* _t13;
				void* _t14;
				signed short _t15;
				signed short _t19;

				_t13 = __ecx;
				_t14 = CreateFileW(_a4, 0x40000000, 1, 0, 2, _a8, 0);
				if(_t14 != 0xffffffff) {
					_t15 = E00904650(_t13, _t14, _a12, _a16);
					if(_t15 >= 0) {
						_t10 = _a20;
						if(_t10 != 0) {
							 *_t10 = _t14;
							_t14 = _t14 | 0xffffffff;
						}
					}
					if(_t14 != 0xffffffff) {
						CloseHandle(_t14);
					}
					L11:
					return _t15;
				}
				_t15 = GetLastError();
				if(_t15 > 0) {
					_t15 = _t15 & 0x0000ffff | 0x80070000;
					_t19 = _t15;
				}
				if(_t19 >= 0) {
					_t15 = 0x80004005;
				}
				E008C38BA(_t11, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x3ca, _t15);
				goto L11;
			}








                                                            0x009045c9
                                                            0x009045e7
                                                            0x009045ec
                                                            0x0090462a
                                                            0x0090462e
                                                            0x00904630
                                                            0x00904635
                                                            0x00904637
                                                            0x00904639
                                                            0x00904639
                                                            0x00904635
                                                            0x0090463f
                                                            0x00904642
                                                            0x00904642
                                                            0x00904649
                                                            0x0090464d
                                                            0x0090464d
                                                            0x009045f4
                                                            0x009045f8
                                                            0x009045fd
                                                            0x00904603
                                                            0x00904603
                                                            0x00904605
                                                            0x00904607
                                                            0x00904607
                                                            0x00904617
                                                            0x00000000

                                                            APIs
                                                            • CreateFileW.KERNEL32(002E0032,40000000,00000001,00000000,00000002,00000080,00000000,008D0458,00000000,?,008CF49C,0090A500,00000080,002E0032,00000000), ref: 009045E1
                                                            • GetLastError.KERNEL32(?,008CF49C,0090A500,00000080,002E0032,00000000,?,008D0458,crypt32.dll,00000094,?,?,?,?,?,00000000), ref: 009045EE
                                                            • CloseHandle.KERNEL32(00000000,00000000,0090A500,008CF49C,?,008CF49C,0090A500,00000080,002E0032,00000000,?,008D0458,crypt32.dll,00000094), ref: 00904642
                                                            Strings
                                                            • @Mqt, xrefs: 009045EE
                                                            • c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp, xrefs: 00904612
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateErrorFileHandleLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 2528220319-1324176156
                                                            • Opcode ID: 9f81363de888d0db7d40a6fb2c79df1dcb7a65f5a34a4c3c61fa85e8d06e5dee
                                                            • Instruction ID: 72190ae38598393c98db8d3cb7c633e5b54adbf2f0ac3b9314bf9857e0720a3c
                                                            • Opcode Fuzzy Hash: 9f81363de888d0db7d40a6fb2c79df1dcb7a65f5a34a4c3c61fa85e8d06e5dee
                                                            • Instruction Fuzzy Hash: BC01D4736412397FDB215A689C05F5B3A689B82B71F020210FF20BB1E0E772CC11A6E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00904199 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49fileCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E00904199(void* __ecx, WCHAR* _a4, intOrPtr _a8) {
				void* _t4;
				void* _t13;
				void* _t15;
				signed short _t17;

				_t13 = __ecx;
				if(_a4 != 0) {
					_t15 = CreateFileW(_a4, 0x80, 1, 0, 3, 0x80, 0);
					__eflags = _t15 - 0xffffffff;
					if(_t15 != 0xffffffff) {
						_t17 = E00904224(_t13, _t15, _a8);
						CloseHandle(_t15);
					} else {
						_t17 = GetLastError();
						__eflags = _t17;
						if(__eflags > 0) {
							_t17 = _t17 & 0x0000ffff | 0x80070000;
							__eflags = _t17;
						}
						if(__eflags >= 0) {
							_t17 = 0x80004005;
						}
						E008C38BA(_t10, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x230, _t17);
					}
				} else {
					_t17 = 0x80070057;
					E008C38BA(_t4, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x22b, 0x80070057);
				}
				return _t17;
			}







                                                            0x00904199
                                                            0x009041a1
                                                            0x009041d3
                                                            0x009041d5
                                                            0x009041d8
                                                            0x00904213
                                                            0x00904216
                                                            0x009041da
                                                            0x009041e0
                                                            0x009041e2
                                                            0x009041e4
                                                            0x009041e9
                                                            0x009041ef
                                                            0x009041ef
                                                            0x009041f1
                                                            0x009041f3
                                                            0x009041f3
                                                            0x00904203
                                                            0x00904203
                                                            0x009041a3
                                                            0x009041a3
                                                            0x009041b3
                                                            0x009041b3
                                                            0x00904221

                                                            APIs
                                                            • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000002C0,00000000,?,008E89B4,00000000,00000088,000002C0,BundleCachePath,00000000), ref: 009041CD
                                                            • GetLastError.KERNEL32(?,008E89B4,00000000,00000088,000002C0,BundleCachePath,00000000,000002C0,BundleVersion,000000B8,000002C0,EngineVersion,000002C0,000000B0), ref: 009041DA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CreateErrorFileLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 1214770103-1324176156
                                                            • Opcode ID: c7485134a3c20faec71d17cc4b8685ed599ee9d775a81d45f2b78c28abb28586
                                                            • Instruction ID: 4a32b875be5d9f54d058fc5dfc5c236b905e8f9651b8e762cf2c6ef7bb3078fd
                                                            • Opcode Fuzzy Hash: c7485134a3c20faec71d17cc4b8685ed599ee9d775a81d45f2b78c28abb28586
                                                            • Instruction Fuzzy Hash: 3401F972784235BFE7312698AC0AF6A29ACEB61B70F114121FF10BA1D1C6B95D0162E5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CD461 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 45%
                                                            			E008CD461(intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr* _t10;
				long _t15;
				long _t18;
				intOrPtr _t19;

				_t19 = _a4;
				_t18 = 0;
				_t2 = _t19 + 0x18; // 0xd0
				EnterCriticalSection(_t2);
				_t3 = _t19 + 0x30; // 0xe8
				_t15 = 1;
				if(InterlockedCompareExchange(_t3, 1, 0) != 0) {
					_t15 = 0;
					_t18 = 0x8007139f;
				}
				_t4 = _t19 + 0x18; // 0xd0
				LeaveCriticalSection(_t4);
				_t10 = _a8;
				if(_t10 != 0) {
					 *_t10 = _t15;
				}
				if(_t18 < 0) {
					E008C38BA(_t10, "c:\\agent\\_work\\66\\s\\src\\burn\\engine\\userexperience.cpp", 0xea, _t18);
					_push("Engine active cannot be changed because it was already in that state.");
					_push(_t18);
					E008FFB09();
				}
				return _t18;
			}







                                                            0x008cd466
                                                            0x008cd46a
                                                            0x008cd46c
                                                            0x008cd470
                                                            0x008cd479
                                                            0x008cd47c
                                                            0x008cd487
                                                            0x008cd489
                                                            0x008cd48b
                                                            0x008cd48b
                                                            0x008cd490
                                                            0x008cd494
                                                            0x008cd49a
                                                            0x008cd49f
                                                            0x008cd4a1
                                                            0x008cd4a1
                                                            0x008cd4a5
                                                            0x008cd4b2
                                                            0x008cd4b7
                                                            0x008cd4bc
                                                            0x008cd4bd
                                                            0x008cd4c3
                                                            0x008cd4ca

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,008D6F37,000000B8,00000000,?,00000000,775FA770), ref: 008CD470
                                                            • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 008CD47F
                                                            • LeaveCriticalSection.KERNEL32(000000D0,?,008D6F37,000000B8,00000000,?,00000000,775FA770), ref: 008CD494
                                                            Strings
                                                            • c:\agent\_work\66\s\src\burn\engine\userexperience.cpp, xrefs: 008CD4AD
                                                            • Engine active cannot be changed because it was already in that state., xrefs: 008CD4B7
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                            • String ID: Engine active cannot be changed because it was already in that state.$c:\agent\_work\66\s\src\burn\engine\userexperience.cpp
                                                            • API String ID: 3376869089-1173769119
                                                            • Opcode ID: 50506ab20bbbc25abc035f91b95f6d5b496f4fe3e2d043bc90503dc7b1f3a18d
                                                            • Instruction ID: 5ad8732856608e2214b1eead38c01bfe9322f0f05ea742b72de1d9ba0211ebc7
                                                            • Opcode Fuzzy Hash: 50506ab20bbbc25abc035f91b95f6d5b496f4fe3e2d043bc90503dc7b1f3a18d
                                                            • Instruction Fuzzy Hash: 06F0FF32308308AFD710AEAAEC84E9733BCFBC5725300403EF605C3281DA78F80482A4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F4189 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 20%
                                                            			E008F4189(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				signed int _t10;
				struct HINSTANCE__** _t12;
				void* _t18;
				void* _t23;
				void* _t24;
				void* _t25;
				intOrPtr* _t26;
				signed int _t27;

				_t10 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t10 ^ _t27;
				_v12 = _v12 & 0x00000000;
				_t12 =  &_v12;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
				if(_t12 != 0) {
					_push(_t25);
					_t26 = GetProcAddress(_v12, "CorExitProcess");
					if(_t26 != 0) {
						 *0x90a3e0(_a4);
						 *_t26();
					}
					_pop(_t25);
				}
				if(_v12 != 0) {
					FreeLibrary(_v12);
				}
				return E008EDD1F(_t18, _v8 ^ _t27, _t23, _t24, _t25);
			}














                                                            0x008f4190
                                                            0x008f4197
                                                            0x008f419a
                                                            0x008f419e
                                                            0x008f41a9
                                                            0x008f41b1
                                                            0x008f41b3
                                                            0x008f41c2
                                                            0x008f41c6
                                                            0x008f41cd
                                                            0x008f41d3
                                                            0x008f41d3
                                                            0x008f41d5
                                                            0x008f41d5
                                                            0x008f41da
                                                            0x008f41df
                                                            0x008f41df
                                                            0x008f41f2

                                                            APIs
                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008F413A,00000000,?,008F40DA,00000000,00927908,0000000C,008F4231,00000000,00000002), ref: 008F41A9
                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008F41BC
                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,008F413A,00000000,?,008F40DA,00000000,00927908,0000000C,008F4231,00000000,00000002), ref: 008F41DF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$mscoree.dll
                                                            • API String ID: 4061214504-1276376045
                                                            • Opcode ID: 061e23bdfa55f3a00b393592492e54607fd1437b81caa9454fcc2225c8939bd7
                                                            • Instruction ID: ce443f9b15a3af5db2f10167630cb9ddad972cca98adc003fc85b78628111d67
                                                            • Opcode Fuzzy Hash: 061e23bdfa55f3a00b393592492e54607fd1437b81caa9454fcc2225c8939bd7
                                                            • Instruction Fuzzy Hash: 12F0AF31A1421CBFCB109FA0DC09BAEBFB4FF44711F004069FC06A2160DB714E84DA81
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008CD88A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 75%
                                                            			E008CD88A(intOrPtr _a4) {
				_Unknown_base(*)()* _t12;
				signed int _t18;
				intOrPtr _t19;
				signed short _t20;

				_t19 = _a4;
				_t20 = 0;
				_t18 =  *(_t19 + 0x10);
				if(_t18 != 0) {
					 *((intOrPtr*)( *_t18 + 8))(_t18);
					 *(_t19 + 0x10) =  *(_t19 + 0x10) & 0;
				}
				if( *(_t19 + 0xc) != _t20) {
					_t12 = GetProcAddress( *(_t19 + 0xc), "BootstrapperApplicationDestroy");
					if(_t12 != 0) {
						 *_t12();
					}
					if(FreeLibrary( *(_t19 + 0xc)) == 0) {
						_t20 = GetLastError();
						if(_t20 > 0) {
							_t20 = _t20 & 0x0000ffff | 0x80070000;
						}
					}
					 *(_t19 + 0xc) =  *(_t19 + 0xc) & 0x00000000;
				}
				return _t20;
			}







                                                            0x008cd88f
                                                            0x008cd892
                                                            0x008cd894
                                                            0x008cd899
                                                            0x008cd89e
                                                            0x008cd8a1
                                                            0x008cd8a1
                                                            0x008cd8a7
                                                            0x008cd8b1
                                                            0x008cd8b9
                                                            0x008cd8bb
                                                            0x008cd8bb
                                                            0x008cd8c8
                                                            0x008cd8d0
                                                            0x008cd8d4
                                                            0x008cd8d9
                                                            0x008cd8d9
                                                            0x008cd8d4
                                                            0x008cd8df
                                                            0x008cd8df
                                                            0x008cd8e8

                                                            APIs
                                                            • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 008CD8B1
                                                            • FreeLibrary.KERNEL32(?,?,008C4920,00000000,?,?,008C54CB,?,?), ref: 008CD8C0
                                                            • GetLastError.KERNEL32(?,008C4920,00000000,?,?,008C54CB,?,?), ref: 008CD8CA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: AddressErrorFreeLastLibraryProc
                                                            • String ID: @Mqt$BootstrapperApplicationDestroy
                                                            • API String ID: 1144718084-3333761507
                                                            • Opcode ID: 05ae98a3bfd3563c12930fb9f9862cce1af92a10796ffa85669aacdebc9eaa99
                                                            • Instruction ID: c72eca9d3a55f74f8b643af5a04106ffbdc39d221fcdb33404efe1be61619482
                                                            • Opcode Fuzzy Hash: 05ae98a3bfd3563c12930fb9f9862cce1af92a10796ffa85669aacdebc9eaa99
                                                            • Instruction Fuzzy Hash: 6FF04F3261072AAFC720AB69D804F26F7B8FF50762B05863DE815D6950C731EC509BD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C89E8 Relevance: 7.6, APIs: 5, Instructions: 117stringCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 65%
                                                            			E008C89E8(void* __ecx, void* __edx, int _a4, short* _a8, short* _a12, intOrPtr* _a16) {
				int _v8;
				short* _t38;
				int _t43;
				int _t46;
				intOrPtr _t49;
				intOrPtr _t53;
				int _t55;
				void* _t57;
				unsigned int _t59;
				void* _t60;
				int _t61;
				int _t67;
				void* _t75;

				_t57 = __edx;
				_t49 = 0;
				_t59 = _a4;
				_v8 = _t59 >> 0x00000011 & 0x00000001;
				_a4 = lstrlenW(_a8);
				_t67 = lstrlenW(_a12);
				if(_t59 > 0x3000a) {
					_t60 = _t59 - 0x3000b;
					if(_t60 == 0) {
						goto L21;
					} else {
						if(_t60 == 1) {
							goto L16;
						} else {
							goto L11;
						}
					}
				} else {
					if(_t59 >= 0x30005) {
						L7:
						_t46 = CompareStringW(0x7f, _v8, _a8, _a4, _a12, _t67);
						asm("cdq");
						_t49 = E008C88A0(_t59, _t46, _t57, 2, _t49, _a16);
					} else {
						if(_t59 < 0x10005) {
							L12:
							_t49 = 0x80070057;
						} else {
							if(_t59 <= 0x1000a) {
								goto L7;
							} else {
								if(_t59 == 0x1000b) {
									L21:
									_t61 = _a4;
									if(_t67 > _t61) {
										L25:
										 *_a16 = _t49;
									} else {
										_t38 = _a8;
										_a4 = _t67;
										while(CompareStringW(0x7f, _v8, _t38, _t67, _a12, _t67) != 2) {
											_t38 =  &(_a8[1]);
											_t55 = _a4 + 1;
											_a8 = _t38;
											_a4 = _t55;
											if(_t55 <= _t61) {
												continue;
											} else {
												goto L25;
											}
											goto L26;
										}
										goto L19;
									}
								} else {
									if(_t59 == 0x1000c) {
										L16:
										if(_a4 < _t67) {
											goto L15;
										} else {
											_push(_t67);
											_push(_a12);
											_push(_t67);
											_push(_a8);
											goto L18;
										}
										goto L20;
									} else {
										_t75 = _t59 - 0x1000d;
										L11:
										if(_t75 == 0) {
											_t43 = _a4;
											if(_t43 < _t67) {
												L15:
												_t53 = _t49;
											} else {
												_push(_t67);
												_push(_a12);
												_push(_t67);
												_push( &(_a8[_t43 - _t67]));
												L18:
												if(CompareStringW(0x7f, _v8, ??, ??, ??, ??) != 2) {
													goto L15;
												} else {
													L19:
													_t53 = 1;
												}
											}
											L20:
											 *_a16 = _t53;
										} else {
											goto L12;
										}
									}
								}
							}
						}
					}
				}
				L26:
				return _t49;
			}
















                                                            0x008c89e8
                                                            0x008c89f4
                                                            0x008c89f7
                                                            0x008c8a05
                                                            0x008c8a0d
                                                            0x008c8a12
                                                            0x008c8a1a
                                                            0x008c8a7b
                                                            0x008c8a81
                                                            0x00000000
                                                            0x008c8a83
                                                            0x008c8a86
                                                            0x00000000
                                                            0x008c8a88
                                                            0x00000000
                                                            0x008c8a88
                                                            0x008c8a86
                                                            0x008c8a1c
                                                            0x008c8a22
                                                            0x008c8a50
                                                            0x008c8a5f
                                                            0x008c8a68
                                                            0x008c8a74
                                                            0x008c8a24
                                                            0x008c8a2a
                                                            0x008c8a8d
                                                            0x008c8a8d
                                                            0x008c8a2c
                                                            0x008c8a32
                                                            0x00000000
                                                            0x008c8a34
                                                            0x008c8a3a
                                                            0x008c8ad6
                                                            0x008c8ad6
                                                            0x008c8adb
                                                            0x008c8b0d
                                                            0x008c8b10
                                                            0x008c8add
                                                            0x008c8add
                                                            0x008c8ae0
                                                            0x008c8ae3
                                                            0x008c8aff
                                                            0x008c8b02
                                                            0x008c8b03
                                                            0x008c8b06
                                                            0x008c8b0b
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c8b0b
                                                            0x00000000
                                                            0x008c8ae3
                                                            0x008c8a40
                                                            0x008c8a46
                                                            0x008c8aaf
                                                            0x008c8ab2
                                                            0x00000000
                                                            0x008c8ab4
                                                            0x008c8ab4
                                                            0x008c8ab5
                                                            0x008c8ab8
                                                            0x008c8ab9
                                                            0x00000000
                                                            0x008c8ab9
                                                            0x00000000
                                                            0x008c8a48
                                                            0x008c8a48
                                                            0x008c8a8b
                                                            0x008c8a8b
                                                            0x008c8a94
                                                            0x008c8a99
                                                            0x008c8aab
                                                            0x008c8aab
                                                            0x008c8a9b
                                                            0x008c8aa0
                                                            0x008c8aa1
                                                            0x008c8aa4
                                                            0x008c8aa8
                                                            0x008c8abc
                                                            0x008c8aca
                                                            0x00000000
                                                            0x008c8acc
                                                            0x008c8acc
                                                            0x008c8ace
                                                            0x008c8ace
                                                            0x008c8aca
                                                            0x008c8acf
                                                            0x008c8ad2
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008c8a8b
                                                            0x008c8a46
                                                            0x008c8a3a
                                                            0x008c8a32
                                                            0x008c8a2a
                                                            0x008c8a22
                                                            0x008c8b12
                                                            0x008c8b18

                                                            APIs
                                                            • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,008C8BA7,008C96F4,?,008C96F4,?,?,008C96F4,?,?), ref: 008C8A08
                                                            • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,008C8BA7,008C96F4,?,008C96F4,?,?,008C96F4,?,?), ref: 008C8A10
                                                            • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,00000000,?,?,008C8BA7,008C96F4,?,008C96F4,?), ref: 008C8A5F
                                                            • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,008C8BA7,008C96F4,?,008C96F4,?), ref: 008C8AC1
                                                            • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,008C8BA7,008C96F4,?,008C96F4,?), ref: 008C8AEE
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CompareString$lstrlen
                                                            • String ID:
                                                            • API String ID: 1657112622-0
                                                            • Opcode ID: eb3ab9ef7bee0c079f300477b484e8f7b14b1521b81da90c18b233fc9d6709d1
                                                            • Instruction ID: fe3268e1d0052adcaa3bdc4fc31df4060264972fa271297dc1ba112947546854
                                                            • Opcode Fuzzy Hash: eb3ab9ef7bee0c079f300477b484e8f7b14b1521b81da90c18b233fc9d6709d1
                                                            • Instruction Fuzzy Hash: 2C313072644118FFCB158E58CC44EAE3F76FB48394F15841AF919D7210CA75CD90DBA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C74BE Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 31%
                                                            			E008C74BE(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t15;
				void* _t22;

				_t20 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t22 = E008C5DA8(_t20, _a4, _a8,  &_v8);
				_t15 = _v8;
				if(_t22 < 0 ||  *((intOrPtr*)(_t15 + 0x18)) != 0) {
					if(_t22 != 0x80070490) {
						if(_t22 >= 0) {
							_t22 = E008E0132(_t15 + 8, _a12);
							if(_t22 < 0) {
								_push(_a8);
								_push("Failed to get value as string for variable: %ls");
								goto L8;
							}
						} else {
							_push(_a8);
							_push("Failed to get value of variable: %ls");
							L8:
							_push(_t22);
							E008FFB09();
						}
					}
				} else {
					_t22 = 0x80070490;
				}
				LeaveCriticalSection(_a4);
				return _t22;
			}






                                                            0x008c74be
                                                            0x008c74c1
                                                            0x008c74c2
                                                            0x008c74ca
                                                            0x008c74df
                                                            0x008c74e1
                                                            0x008c74e6
                                                            0x008c74fb
                                                            0x008c74ff
                                                            0x008c7517
                                                            0x008c751b
                                                            0x008c751d
                                                            0x008c7520
                                                            0x00000000
                                                            0x008c7520
                                                            0x008c7501
                                                            0x008c7501
                                                            0x008c7504
                                                            0x008c7525
                                                            0x008c7525
                                                            0x008c7526
                                                            0x008c752b
                                                            0x008c74ff
                                                            0x008c74ee
                                                            0x008c74ee
                                                            0x008c74ee
                                                            0x008c7531
                                                            0x008c753b

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(008C53FA,WixBundleOriginalSource,?,?,008DA50A,840F01E8,WixBundleOriginalSource,?,0092AA6C,?,00000000,008C5482,00000001,?,?,008C5482), ref: 008C74CA
                                                            • LeaveCriticalSection.KERNEL32(008C53FA,008C53FA,00000000,00000000,?,?,008DA50A,840F01E8,WixBundleOriginalSource,?,0092AA6C,?,00000000,008C5482,00000001,?), ref: 008C7531
                                                            Strings
                                                            • WixBundleOriginalSource, xrefs: 008C74C6
                                                            • Failed to get value of variable: %ls, xrefs: 008C7504
                                                            • Failed to get value as string for variable: %ls, xrefs: 008C7520
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave
                                                            • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource
                                                            • API String ID: 3168844106-30613933
                                                            • Opcode ID: d944d43e91f83fa4640267759b02109eaf981c9b2c751bdad800486fb398db27
                                                            • Instruction ID: 83135822dce77ab7d1555a8b7cfe536fc783f08348dea2d1ac0cb278739c58be
                                                            • Opcode Fuzzy Hash: d944d43e91f83fa4640267759b02109eaf981c9b2c751bdad800486fb398db27
                                                            • Instruction Fuzzy Hash: B7015A76948129EFCF125E54CC09F9E7A79FF14764F114028FD04EA261D239DA509BD2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F890A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008F890A(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x92a708; // 0x92a700
					if(_t23 != 0) {
						E008F5CE8(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x92a70c; // 0x92b570
					if(_t24 != 0) {
						E008F5CE8(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x92a710; // 0x92b570
					if(_t25 != 0) {
						E008F5CE8(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x92a738; // 0x92a704
					if(_t26 != 0) {
						E008F5CE8(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x92a73c; // 0x92b574
					if(_t27 != 0) {
						return E008F5CE8(_t6);
					}
				}
				return _t6;
			}










                                                            0x008f8910
                                                            0x008f8915
                                                            0x008f8919
                                                            0x008f891f
                                                            0x008f8922
                                                            0x008f8927
                                                            0x008f892b
                                                            0x008f8931
                                                            0x008f8934
                                                            0x008f8939
                                                            0x008f893d
                                                            0x008f8943
                                                            0x008f8946
                                                            0x008f894b
                                                            0x008f894f
                                                            0x008f8955
                                                            0x008f8958
                                                            0x008f895d
                                                            0x008f895e
                                                            0x008f8961
                                                            0x008f8967
                                                            0x00000000
                                                            0x008f896f
                                                            0x008f8967
                                                            0x008f8972

                                                            APIs
                                                            • _free.LIBCMT ref: 008F8922
                                                              • Part of subcall function 008F5CE8: HeapFree.KERNEL32(00000000,00000000,?,008F89A1,?,00000000,?,00000000,?,008F89C8,?,00000007,?,?,008F8E2A,?), ref: 008F5CFE
                                                              • Part of subcall function 008F5CE8: GetLastError.KERNEL32(?,?,008F89A1,?,00000000,?,00000000,?,008F89C8,?,00000007,?,?,008F8E2A,?,?), ref: 008F5D10
                                                            • _free.LIBCMT ref: 008F8934
                                                            • _free.LIBCMT ref: 008F8946
                                                            • _free.LIBCMT ref: 008F8958
                                                            • _free.LIBCMT ref: 008F896A
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 431f64d1d35611060615e66770f4094dab2273f428fe5616ae54c0d35b9cccbd
                                                            • Instruction ID: 6ed6a6f2782605c4d11089fa874c07ede799896a56e9e61639a2304083772756
                                                            • Opcode Fuzzy Hash: 431f64d1d35611060615e66770f4094dab2273f428fe5616ae54c0d35b9cccbd
                                                            • Instruction Fuzzy Hash: 83F0FF33A5870CEB8720EB78E982C3A77EDFB007107954805F345D7511CA70FD81466A
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FCA28 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E008FCA28(void* __ebx, signed int __edx, signed int _a4, void* _a8, signed int _a12) {
				signed int _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				void* __edi;
				void* __esi;
				signed int _t62;
				intOrPtr _t66;
				signed char _t68;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t77;
				intOrPtr _t79;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				signed int _t106;
				signed int _t107;
				signed int _t109;
				intOrPtr _t111;
				signed int _t116;
				signed int _t118;
				void* _t119;
				signed int _t120;
				signed int _t121;
				void* _t122;

				_t118 = __edx;
				_t104 = __ebx;
				_t62 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t62 ^ _t121;
				_t109 = _a12;
				_v12 = _t109;
				_t120 = _a4;
				_t119 = _a8;
				_v52 = _t119;
				if(_t109 != 0) {
					__eflags = _t119;
					if(_t119 != 0) {
						_push(__ebx);
						_t106 = _t120 >> 6;
						_t118 = (_t120 & 0x0000003f) * 0x30;
						_v32 = _t106;
						_t66 =  *((intOrPtr*)(0x92b118 + _t106 * 4));
						_v48 = _t66;
						_v28 = _t118;
						_t107 =  *((intOrPtr*)(_t66 + _t118 + 0x29));
						__eflags = _t107 - 2;
						if(_t107 == 2) {
							L6:
							_t68 =  !_t109;
							__eflags = _t68 & 0x00000001;
							if((_t68 & 0x00000001) != 0) {
								_t66 = _v48;
								L9:
								__eflags =  *(_t66 + _t118 + 0x28) & 0x00000020;
								if(__eflags != 0) {
									E008FCCB2(_t120, 0, 0, 2);
									_t122 = _t122 + 0x10;
								}
								_t69 = E008FC5CD(_t107, _t118, __eflags, _t120);
								__eflags = _t69;
								if(_t69 == 0) {
									_t111 =  *((intOrPtr*)(0x92b118 + _v32 * 4));
									_t71 = _v28;
									__eflags =  *(_t111 + _t71 + 0x28) & 0x00000080;
									if(( *(_t111 + _t71 + 0x28) & 0x00000080) == 0) {
										_v24 = 0;
										_v20 = 0;
										_v16 = 0;
										_t73 = WriteFile( *(_t111 + _t71 + 0x18), _t119, _v12,  &_v20, 0);
										__eflags = _t73;
										if(_t73 == 0) {
											_v24 = GetLastError();
										}
										_t120 =  &_v24;
										goto L28;
									}
									_t87 = _t107;
									__eflags = _t87;
									if(_t87 == 0) {
										_t89 = E008FC643( &_v24, _t120, _t119, _v12);
										goto L17;
									}
									_t90 = _t87 - 1;
									__eflags = _t90;
									if(_t90 == 0) {
										_t89 = E008FC810( &_v24, _t120, _t119, _v12);
										goto L17;
									}
									__eflags = _t90 != 1;
									if(_t90 != 1) {
										goto L34;
									}
									_t89 = E008FC722( &_v24, _t120, _t119, _v12);
									goto L17;
								} else {
									__eflags = _t107;
									if(_t107 == 0) {
										_t89 = E008FC3AD( &_v24, _t120, _t119, _v12);
										L17:
										L15:
										_t120 = _t89;
										L28:
										_t119 =  &_v44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t74 = _v40;
										__eflags = _t74;
										if(_t74 != 0) {
											__eflags = _t74 - _v36;
											L40:
											_pop(_t104);
											L41:
											return E008EDD1F(_t104, _v8 ^ _t121, _t118, _t119, _t120);
										}
										_t77 = _v44;
										__eflags = _t77;
										if(_t77 == 0) {
											_t119 = _v52;
											L34:
											_t116 = _v28;
											_t79 =  *((intOrPtr*)(0x92b118 + _v32 * 4));
											__eflags =  *(_t79 + _t116 + 0x28) & 0x00000040;
											if(( *(_t79 + _t116 + 0x28) & 0x00000040) == 0) {
												L37:
												 *((intOrPtr*)(E008F3728())) = 0x1c;
												_t81 = E008F3715();
												 *_t81 =  *_t81 & 0x00000000;
												__eflags =  *_t81;
												L38:
												goto L40;
											}
											__eflags =  *_t119 - 0x1a;
											if( *_t119 != 0x1a) {
												goto L37;
											}
											goto L40;
										}
										_t120 = 5;
										__eflags = _t77 - _t120;
										if(_t77 != _t120) {
											_t81 = E008F36F2(_t77);
										} else {
											 *((intOrPtr*)(E008F3728())) = 9;
											 *(E008F3715()) = _t120;
										}
										goto L38;
									}
									__eflags = _t107 - 1 - 1;
									if(_t107 - 1 > 1) {
										goto L34;
									}
									_t89 = E008FC560( &_v24, _t119, _v12);
									goto L15;
								}
							}
							 *(E008F3715()) =  *_t97 & 0x00000000;
							 *((intOrPtr*)(E008F3728())) = 0x16;
							_t81 = E008F366C();
							goto L38;
						}
						__eflags = _t107 - 1;
						if(_t107 != 1) {
							goto L9;
						}
						goto L6;
					}
					 *(E008F3715()) =  *_t99 & _t119;
					 *((intOrPtr*)(E008F3728())) = 0x16;
					E008F366C();
					goto L41;
				}
				goto L41;
			}







































                                                            0x008fca28
                                                            0x008fca28
                                                            0x008fca30
                                                            0x008fca37
                                                            0x008fca3a
                                                            0x008fca3d
                                                            0x008fca41
                                                            0x008fca45
                                                            0x008fca48
                                                            0x008fca4d
                                                            0x008fca56
                                                            0x008fca58
                                                            0x008fca79
                                                            0x008fca7e
                                                            0x008fca84
                                                            0x008fca87
                                                            0x008fca8a
                                                            0x008fca91
                                                            0x008fca94
                                                            0x008fca97
                                                            0x008fca9b
                                                            0x008fca9e
                                                            0x008fcaa5
                                                            0x008fcaa7
                                                            0x008fcaa9
                                                            0x008fcaab
                                                            0x008fcaca
                                                            0x008fcacd
                                                            0x008fcacd
                                                            0x008fcad2
                                                            0x008fcadb
                                                            0x008fcae0
                                                            0x008fcae0
                                                            0x008fcae4
                                                            0x008fcaea
                                                            0x008fcaec
                                                            0x008fcb2a
                                                            0x008fcb31
                                                            0x008fcb34
                                                            0x008fcb39
                                                            0x008fcb88
                                                            0x008fcb8b
                                                            0x008fcb8e
                                                            0x008fcb9a
                                                            0x008fcba0
                                                            0x008fcba2
                                                            0x008fcbaa
                                                            0x008fcbaa
                                                            0x008fcbad
                                                            0x00000000
                                                            0x008fcbad
                                                            0x008fcb3e
                                                            0x008fcb3e
                                                            0x008fcb41
                                                            0x008fcb7a
                                                            0x00000000
                                                            0x008fcb7a
                                                            0x008fcb43
                                                            0x008fcb43
                                                            0x008fcb46
                                                            0x008fcb6a
                                                            0x00000000
                                                            0x008fcb6a
                                                            0x008fcb48
                                                            0x008fcb4b
                                                            0x00000000
                                                            0x00000000
                                                            0x008fcb5a
                                                            0x00000000
                                                            0x008fcaee
                                                            0x008fcaee
                                                            0x008fcaf0
                                                            0x008fcb1d
                                                            0x008fcb22
                                                            0x008fcb0d
                                                            0x008fcb0d
                                                            0x008fcbb0
                                                            0x008fcbb0
                                                            0x008fcbb3
                                                            0x008fcbb4
                                                            0x008fcbb5
                                                            0x008fcbb6
                                                            0x008fcbb9
                                                            0x008fcbbb
                                                            0x008fcc20
                                                            0x008fcc23
                                                            0x008fcc23
                                                            0x008fcc24
                                                            0x008fcc33
                                                            0x008fcc33
                                                            0x008fcbbd
                                                            0x008fcbc0
                                                            0x008fcbc2
                                                            0x008fcbe8
                                                            0x008fcbeb
                                                            0x008fcbee
                                                            0x008fcbf1
                                                            0x008fcbf8
                                                            0x008fcbfd
                                                            0x008fcc08
                                                            0x008fcc0d
                                                            0x008fcc13
                                                            0x008fcc18
                                                            0x008fcc18
                                                            0x008fcc1b
                                                            0x00000000
                                                            0x008fcc1b
                                                            0x008fcbff
                                                            0x008fcc02
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008fcc04
                                                            0x008fcbc6
                                                            0x008fcbc7
                                                            0x008fcbc9
                                                            0x008fcbe0
                                                            0x008fcbcb
                                                            0x008fcbd0
                                                            0x008fcbdb
                                                            0x008fcbdb
                                                            0x00000000
                                                            0x008fcbc9
                                                            0x008fcaf4
                                                            0x008fcaf7
                                                            0x00000000
                                                            0x00000000
                                                            0x008fcb05
                                                            0x00000000
                                                            0x008fcb0a
                                                            0x008fcaec
                                                            0x008fcab2
                                                            0x008fcaba
                                                            0x008fcac0
                                                            0x00000000
                                                            0x008fcac0
                                                            0x008fcaa0
                                                            0x008fcaa3
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008fcaa3
                                                            0x008fca5f
                                                            0x008fca66
                                                            0x008fca6c
                                                            0x00000000
                                                            0x008fca71
                                                            0x00000000

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @Mqt
                                                            • API String ID: 0-2740872224
                                                            • Opcode ID: 1c98252c40cd96bb49df339888cff1bc890dcb064cfbd30eeae779c435d28096
                                                            • Instruction ID: 9723fba26d9d9e2e3ddcd4860e424c300fb14c20d570a923e59d90b3d83eebac
                                                            • Opcode Fuzzy Hash: 1c98252c40cd96bb49df339888cff1bc890dcb064cfbd30eeae779c435d28096
                                                            • Instruction Fuzzy Hash: 9551B0B590420DABDB15EFB8CA46EFEBBB8FF05324F140059E605E7291D7319B019B62
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 009072DE Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 77%
                                                            			E009072DE(void* __ebx, void* __eflags, intOrPtr* _a4, signed int* _a8) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _v24;
				signed int _t47;
				intOrPtr* _t67;
				signed int _t68;
				signed int* _t69;
				intOrPtr* _t71;
				intOrPtr* _t77;
				void* _t79;
				intOrPtr* _t81;
				signed int _t82;
				signed int _t86;
				signed int _t87;
				signed int _t91;
				intOrPtr* _t92;
				signed int _t96;

				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_t91 = E008C39DF(0x14, 1);
				if(_t91 != 0) {
					_t77 = _a4;
					_t47 =  *((intOrPtr*)( *_t77 + 0x9c))(_t77,  &_v12, __ebx);
					__eflags = _t47;
					if(_t47 != 0) {
						_t10 = _t47 - 1; // -1
						asm("sbb esi, esi");
						_t96 =  ~_t10 & _t47;
						__eflags = _t96;
						goto L6;
					} else {
						_t96 = E008C229E(_t91, _v12, 0);
						__eflags = _t96;
						if(_t96 >= 0) {
							L6:
							__eflags = _t96;
							if(_t96 >= 0) {
								_t96 =  *((intOrPtr*)( *_t77 + 0xa4))(_t77,  &_v16);
								__eflags = _t96;
								if(_t96 >= 0) {
									_t14 = _t91 + 4; // 0x4
									_t96 = E008C229E(_t14, _v16, 0);
									__eflags = _t96;
									if(_t96 >= 0) {
										_t96 = E00902D56(_t77,  &_v20);
										__eflags = _t96;
										if(_t96 >= 0) {
											_t17 = _t91 + 8; // 0x8
											_t96 = E008C229E(_t17, _v20, 0);
											__eflags = _t96;
											if(_t96 >= 0) {
												_t96 =  *((intOrPtr*)( *_t77 + 0x44))(_t77,  &_v24);
												__eflags = _t96;
												if(_t96 >= 0) {
													_t67 = _v24;
													_t68 =  *((intOrPtr*)( *_t67 + 0x38))(_t67,  &_v8);
													__eflags = _t68;
													if(__eflags != 0) {
														L18:
														_t32 = _t68 - 1; // -1
														asm("sbb esi, esi");
														_t96 =  ~_t32 & _t68;
														__eflags = _t96;
														if(_t96 >= 0) {
															_t69 = _a8;
															while(1) {
																_t86 =  *_t69;
																__eflags = _t86;
																if(_t86 == 0) {
																	break;
																}
																_t69 = _t86 + 0x10;
															}
															 *_t69 = _t91;
															_t91 = 0;
															__eflags = 0;
														}
													} else {
														_t23 = _t91 + 0xc; // 0xc
														_t79 = _t23;
														while(1) {
															_t96 = E009071DB(_t79, __eflags, _v8, _t79);
															__eflags = _t96;
															if(_t96 < 0) {
																goto L23;
															}
															_t87 = _v8;
															__eflags = _t87;
															if(_t87 != 0) {
																 *((intOrPtr*)( *_t87 + 8))(_t87);
																_t27 =  &_v8;
																 *_t27 = _v8 & 0x00000000;
																__eflags =  *_t27;
															}
															_t71 = _v24;
															_t68 =  *((intOrPtr*)( *_t71 + 0x38))(_t71,  &_v8);
															__eflags = _t68;
															if(__eflags == 0) {
																continue;
															} else {
																goto L18;
															}
															goto L23;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
					L23:
				} else {
					_t96 = 0x8007000e;
					E008C38BA(_t45, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp", 0x397, 0x8007000e);
				}
				E009063B1(_t91);
				_t92 = __imp__#6;
				if(_v12 != 0) {
					 *_t92(_v12);
				}
				if(_v16 != 0) {
					 *_t92(_v16);
				}
				if(_v20 != 0) {
					 *_t92(_v20);
				}
				_t81 = _v24;
				if(_t81 != 0) {
					 *((intOrPtr*)( *_t81 + 8))(_t81);
				}
				_t82 = _v8;
				if(_t82 != 0) {
					 *((intOrPtr*)( *_t82 + 8))(_t82);
				}
				return _t96;
			}






















                                                            0x009072ec
                                                            0x009072ef
                                                            0x009072f2
                                                            0x009072f5
                                                            0x009072f8
                                                            0x00907300
                                                            0x00907304
                                                            0x00907321
                                                            0x0090732b
                                                            0x00907331
                                                            0x00907333
                                                            0x0090734b
                                                            0x00907350
                                                            0x00907352
                                                            0x00907352
                                                            0x00000000
                                                            0x00907335
                                                            0x0090733f
                                                            0x00907341
                                                            0x00907343
                                                            0x00907354
                                                            0x00907354
                                                            0x00907356
                                                            0x00907369
                                                            0x0090736b
                                                            0x0090736d
                                                            0x00907378
                                                            0x00907381
                                                            0x00907383
                                                            0x00907385
                                                            0x00907395
                                                            0x00907397
                                                            0x00907399
                                                            0x009073a4
                                                            0x009073ad
                                                            0x009073af
                                                            0x009073b1
                                                            0x009073bd
                                                            0x009073bf
                                                            0x009073c1
                                                            0x009073c3
                                                            0x009073cd
                                                            0x009073d0
                                                            0x009073d2
                                                            0x00907408
                                                            0x00907408
                                                            0x0090740d
                                                            0x0090740f
                                                            0x0090740f
                                                            0x00907411
                                                            0x00907413
                                                            0x0090741b
                                                            0x0090741b
                                                            0x0090741d
                                                            0x0090741f
                                                            0x00000000
                                                            0x00000000
                                                            0x00907418
                                                            0x00907418
                                                            0x00907421
                                                            0x00907423
                                                            0x00907423
                                                            0x00907423
                                                            0x009073d4
                                                            0x009073d4
                                                            0x009073d4
                                                            0x009073d7
                                                            0x009073e0
                                                            0x009073e2
                                                            0x009073e4
                                                            0x00000000
                                                            0x00000000
                                                            0x009073e6
                                                            0x009073e9
                                                            0x009073eb
                                                            0x009073f0
                                                            0x009073f3
                                                            0x009073f3
                                                            0x009073f3
                                                            0x009073f3
                                                            0x009073f7
                                                            0x00907401
                                                            0x00907404
                                                            0x00907406
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00907406
                                                            0x009073d7
                                                            0x009073d2
                                                            0x009073c1
                                                            0x009073b1
                                                            0x00907399
                                                            0x00907385
                                                            0x0090736d
                                                            0x00907356
                                                            0x00907343
                                                            0x00907425
                                                            0x00907306
                                                            0x00907306
                                                            0x00907316
                                                            0x00907316
                                                            0x00907427
                                                            0x00907430
                                                            0x00907436
                                                            0x0090743b
                                                            0x0090743b
                                                            0x00907441
                                                            0x00907446
                                                            0x00907446
                                                            0x0090744c
                                                            0x00907451
                                                            0x00907451
                                                            0x00907453
                                                            0x00907458
                                                            0x0090745d
                                                            0x0090745d
                                                            0x00907460
                                                            0x00907465
                                                            0x0090746a
                                                            0x0090746a
                                                            0x00907472

                                                            APIs
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • SysFreeString.OLEAUT32(00000000), ref: 0090743B
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00907446
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00907451
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp, xrefs: 00907311
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeString$Heap$AllocateProcess
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp
                                                            • API String ID: 2724874077-632479057
                                                            • Opcode ID: dcfaae1cb2f81ba26ef55470bb25230d04cd6af1354b8d3466c449cf4e624db7
                                                            • Instruction ID: 2488d7583f29b73b581f80038b7f3f71dd5e410a93f8b355fbd6f5c161906d4f
                                                            • Opcode Fuzzy Hash: dcfaae1cb2f81ba26ef55470bb25230d04cd6af1354b8d3466c449cf4e624db7
                                                            • Instruction Fuzzy Hash: 8A518231E0422AAFDB11DFA4C844FAEFBB9EF44724F114198E901AB1A0D770ED15DBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 009071DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 65%
                                                            			E009071DB(void* __ebx, void* __eflags, intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				char _v12;
				char _v16;
				signed int _t26;
				intOrPtr* _t40;
				intOrPtr* _t44;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr* _t50;
				signed int _t54;

				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t49 = E008C39DF(0x10, 1);
				if(_t49 != 0) {
					_t44 = _a4;
					_t26 =  *((intOrPtr*)( *_t44 + 0x9c))(_t44,  &_v8, __ebx);
					if(_t26 != 0) {
						_t8 = _t26 - 1; // -1
						asm("sbb esi, esi");
						_t54 =  ~_t8 & _t26;
						goto L6;
					} else {
						_t54 = E008C229E(_t49, _v8, 0);
						if(_t54 >= 0) {
							L6:
							if(_t54 >= 0) {
								_t54 =  *((intOrPtr*)( *_t44 + 0xa4))(_t44,  &_v12);
								if(_t54 >= 0) {
									_t12 = _t49 + 4; // 0x4
									_t54 = E008C229E(_t12, _v12, 0);
									if(_t54 >= 0) {
										_t54 = E00902D56(_t44,  &_v16);
										if(_t54 >= 0) {
											_t15 = _t49 + 8; // 0x8
											_t54 = E008C229E(_t15, _v16, 0);
											if(_t54 >= 0) {
												_t40 = _a8;
												while(1) {
													_t48 =  *_t40;
													if(_t48 == 0) {
														break;
													}
													_t40 = _t48 + 0xc;
												}
												 *_t40 = _t49;
												_t49 = 0;
											}
										}
									}
								}
							}
						}
					}
				} else {
					_t54 = 0x8007000e;
					E008C38BA(_t24, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp", 0x3ea, 0x8007000e);
				}
				E00906368(_t49);
				_t50 = __imp__#6;
				if(_v8 != 0) {
					 *_t50(_v8);
				}
				if(_v12 != 0) {
					 *_t50(_v12);
				}
				if(_v16 != 0) {
					 *_t50(_v16);
				}
				return _t54;
			}













                                                            0x009071e9
                                                            0x009071ec
                                                            0x009071ef
                                                            0x009071f7
                                                            0x009071fb
                                                            0x00907218
                                                            0x00907222
                                                            0x0090722a
                                                            0x0090723e
                                                            0x00907243
                                                            0x00907245
                                                            0x00000000
                                                            0x0090722c
                                                            0x00907236
                                                            0x0090723a
                                                            0x00907247
                                                            0x00907249
                                                            0x00907258
                                                            0x0090725c
                                                            0x00907263
                                                            0x0090726c
                                                            0x00907270
                                                            0x0090727c
                                                            0x00907280
                                                            0x00907287
                                                            0x00907290
                                                            0x00907294
                                                            0x00907296
                                                            0x0090729e
                                                            0x0090729e
                                                            0x009072a2
                                                            0x00000000
                                                            0x00000000
                                                            0x0090729b
                                                            0x0090729b
                                                            0x009072a4
                                                            0x009072a6
                                                            0x009072a6
                                                            0x00907294
                                                            0x00907280
                                                            0x00907270
                                                            0x0090725c
                                                            0x00907249
                                                            0x0090723a
                                                            0x009071fd
                                                            0x009071fd
                                                            0x0090720d
                                                            0x0090720d
                                                            0x009072aa
                                                            0x009072b3
                                                            0x009072b9
                                                            0x009072be
                                                            0x009072be
                                                            0x009072c4
                                                            0x009072c9
                                                            0x009072c9
                                                            0x009072cf
                                                            0x009072d4
                                                            0x009072d4
                                                            0x009072db

                                                            APIs
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                            • SysFreeString.OLEAUT32(00000000), ref: 009072BE
                                                            • SysFreeString.OLEAUT32(?), ref: 009072C9
                                                            • SysFreeString.OLEAUT32(00000000), ref: 009072D4
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp, xrefs: 00907208
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: FreeString$Heap$AllocateProcess
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp
                                                            • API String ID: 2724874077-632479057
                                                            • Opcode ID: 8deaf395fecd3aecb3dc285774a0dc5d8f72683f1a4b6b60dc02b411b5da3ebd
                                                            • Instruction ID: 9d0d6c71cdf8277765cc9ce6d1803c9f11b7d230aacd30a82b5318f8c8a3452c
                                                            • Opcode Fuzzy Hash: 8deaf395fecd3aecb3dc285774a0dc5d8f72683f1a4b6b60dc02b411b5da3ebd
                                                            • Instruction Fuzzy Hash: CC318F32D0462ABFDB229B98C845F9EFBB8BF40724F114165B910BB190D774EE059BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00908B19 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 95%
                                                            			E00908B19(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _t57;

				_t54 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_t57 = E009085F6(__ecx, _a8,  &_v20);
				if(_t57 >= 0) {
					_t57 = E009004A5(__ecx, _a4, _v20, 0x20006, 0, 0,  &_v12,  &_v24);
					if(_t57 >= 0) {
						_push(_a12);
						_t57 = E008C2022( &_v16, L"%ls\\%ls",  *0x92a7e4);
						if(_t57 >= 0) {
							_t57 = E009004A5(_t54, _v12, _v16, 0x20006, 0, 0,  &_v8,  &_v24);
							if(_t57 >= 0) {
								_t57 = E00900D87(_t54, _v8,  *0x92a7d4, _a16);
								if(_t57 >= 0) {
									_t57 = E00900D87(_t54, _v8,  *0x92a7d8, _a20);
									if(_t57 >= 0 && _a24 != 0) {
										_t57 = E00900D39(_v8,  *0x92a7dc, _a24);
									}
								}
							}
						}
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = 0;
				}
				if(_v16 != 0) {
					E008C2762(_v16);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = 0;
				}
				if(_v20 != 0) {
					E008C2762(_v20);
				}
				return _t57;
			}









                                                            0x00908b19
                                                            0x00908b2b
                                                            0x00908b2e
                                                            0x00908b31
                                                            0x00908b34
                                                            0x00908b37
                                                            0x00908b3f
                                                            0x00908b43
                                                            0x00908b64
                                                            0x00908b68
                                                            0x00908b6e
                                                            0x00908b85
                                                            0x00908b8c
                                                            0x00908ba4
                                                            0x00908ba8
                                                            0x00908bbb
                                                            0x00908bbf
                                                            0x00908bd2
                                                            0x00908bd6
                                                            0x00908bee
                                                            0x00908bee
                                                            0x00908bd6
                                                            0x00908bbf
                                                            0x00908ba8
                                                            0x00908b8c
                                                            0x00908b68
                                                            0x00908bf9
                                                            0x00908bfe
                                                            0x00908c00
                                                            0x00908c00
                                                            0x00908c06
                                                            0x00908c0b
                                                            0x00908c0b
                                                            0x00908c13
                                                            0x00908c18
                                                            0x00908c1a
                                                            0x00908c1a
                                                            0x00908c20
                                                            0x00908c25
                                                            0x00908c25
                                                            0x00908c30

                                                            APIs
                                                              • Part of subcall function 009085F6: lstrlenW.KERNEL32(00000100,?,?,?,00908996,000002C0,00000100,00000100,00000100,?,?,?,008E7AD3,?,?,000001BC), ref: 0090861B
                                                            • RegCloseKey.ADVAPI32(00000000,00000000,crypt32.dll,00000000,00000000,00000000,00000000,crypt32.dll), ref: 00908BFE
                                                            • RegCloseKey.ADVAPI32(00000001,00000000,crypt32.dll,00000000,00000000,00000000,00000000,crypt32.dll), ref: 00908C18
                                                              • Part of subcall function 009004A5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,008D05B1,?,00000000,00020006), ref: 009004CA
                                                              • Part of subcall function 00900D87: RegSetValueExW.ADVAPI32(00020006,0090FF38,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,008CF2DF,00000000,?,00020006), ref: 00900DBA
                                                              • Part of subcall function 00900D87: RegDeleteValueW.ADVAPI32(00020006,0090FF38,00000000,?,?,008CF2DF,00000000,?,00020006,?,0090FF38,00020006,00000000,?,?,?), ref: 00900DEA
                                                              • Part of subcall function 00900D39: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,008CF237,0090FF38,Resume,00000005,?,00000000,00000000,00000000), ref: 00900D4E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Value$Close$CreateDeletelstrlen
                                                            • String ID: %ls\%ls$crypt32.dll
                                                            • API String ID: 3924016894-1754266218
                                                            • Opcode ID: ccaf94ad75d20b0666ee056d1653c38f585e0284b1b60c39245b85c7d53d9bfd
                                                            • Instruction ID: 46f23550834ad21b5bca5842d6111878f7e0ce37b61e8b0fe7443d2ceef38e2b
                                                            • Opcode Fuzzy Hash: ccaf94ad75d20b0666ee056d1653c38f585e0284b1b60c39245b85c7d53d9bfd
                                                            • Instruction Fuzzy Hash: 29313B72D0162EBFCF12AFD4CD819AEBB79EB44750B004066A900B2162DB319E11ABA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FC810 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 92%
                                                            			E008FC810(intOrPtr* _a4, signed int _a8, signed short* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v12;
				short _v1716;
				char _v5132;
				intOrPtr _v5136;
				long _v5140;
				void* _v5144;
				int _v5148;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				intOrPtr _t38;
				signed int* _t41;
				int _t45;
				int _t54;
				void* _t55;
				signed short* _t59;
				signed int _t65;
				signed int _t67;
				signed short* _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t73;
				intOrPtr _t74;
				signed int _t75;

				E00909760();
				_t31 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t31 ^ _t75;
				_t54 = 0;
				_t72 = _a4;
				_t59 = _a12;
				_t69 = _t59;
				_v5144 =  *((intOrPtr*)( *((intOrPtr*)(0x92b118 + (_a8 >> 6) * 4)) + 0x18 + (_a8 & 0x0000003f) * 0x30));
				_t38 = _a16 + _t59;
				 *_t72 = 0;
				 *((intOrPtr*)(_t72 + 4)) = 0;
				_v5136 = _t38;
				 *((intOrPtr*)(_t72 + 8)) = 0;
				if(_t59 < _t38) {
					while(1) {
						L1:
						_t74 = _v5136;
						_t41 =  &_v1716;
						while(_t69 < _t74) {
							_t65 =  *_t69 & 0x0000ffff;
							_t69 =  &(_t69[1]);
							if(_t65 == 0xa) {
								_t67 = 0xd;
								 *_t41 = _t67;
								_t41 =  &(_t41[0]);
							}
							 *_t41 = _t65;
							_t41 =  &(_t41[0]);
							if(_t41 <  &_v12) {
								continue;
							}
							break;
						}
						_t45 = WideCharToMultiByte(0xfde9, _t54,  &_v1716, _t41 -  &_v1716 >> 1,  &_v5132, 0xd55, _t54, _t54);
						_t72 = _a4;
						_v5148 = _t45;
						if(_t45 == 0) {
							L11:
							 *_t72 = GetLastError();
						} else {
							while(WriteFile(_v5144,  &(( &_v5132)[_t54]), _t45 - _t54,  &_v5140, 0) != 0) {
								_t54 = _t54 + _v5140;
								_t45 = _v5148;
								if(_t54 < _t45) {
									continue;
								} else {
									 *((intOrPtr*)(_t72 + 4)) = _t69 - _a12;
									if(_t69 < _v5136) {
										_t54 = 0;
										goto L1;
									}
								}
								goto L12;
							}
							goto L11;
						}
						goto L12;
					}
				}
				L12:
				_pop(_t70);
				_pop(_t73);
				_pop(_t55);
				return E008EDD1F(_t55, _v8 ^ _t75, _t67, _t70, _t73);
			}





























                                                            0x008fc81a
                                                            0x008fc81f
                                                            0x008fc826
                                                            0x008fc840
                                                            0x008fc842
                                                            0x008fc84a
                                                            0x008fc84d
                                                            0x008fc84f
                                                            0x008fc858
                                                            0x008fc85a
                                                            0x008fc85c
                                                            0x008fc85f
                                                            0x008fc865
                                                            0x008fc86a
                                                            0x008fc870
                                                            0x008fc870
                                                            0x008fc870
                                                            0x008fc876
                                                            0x008fc87c
                                                            0x008fc880
                                                            0x008fc883
                                                            0x008fc889
                                                            0x008fc88d
                                                            0x008fc88e
                                                            0x008fc891
                                                            0x008fc891
                                                            0x008fc894
                                                            0x008fc897
                                                            0x008fc89f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008fc89f
                                                            0x008fc8c3
                                                            0x008fc8c9
                                                            0x008fc8cc
                                                            0x008fc8d4
                                                            0x008fc922
                                                            0x008fc928
                                                            0x008fc8d6
                                                            0x008fc8d6
                                                            0x008fc8fb
                                                            0x008fc901
                                                            0x008fc909
                                                            0x00000000
                                                            0x008fc90b
                                                            0x008fc910
                                                            0x008fc919
                                                            0x008fc91b
                                                            0x00000000
                                                            0x008fc91b
                                                            0x008fc919
                                                            0x00000000
                                                            0x008fc909
                                                            0x00000000
                                                            0x008fc8d6
                                                            0x00000000
                                                            0x008fc8d4
                                                            0x008fc870
                                                            0x008fc92a
                                                            0x008fc92f
                                                            0x008fc930
                                                            0x008fc933
                                                            0x008fc93c

                                                            APIs
                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000,00000000,00000000,?,?,008FCB6F,00000000,00000000,00000000), ref: 008FC8C3
                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,008FCB6F,00000000,00000000,00000000,00000000,00000000,008F2718,00000000,008F2718,00927BB8), ref: 008FC8F1
                                                            • GetLastError.KERNEL32(?,008FCB6F,00000000,00000000,00000000,00000000,00000000,008F2718,00000000,008F2718,00927BB8,00000010,008FB677,007B9420,00927B30,00000010), ref: 008FC922
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ByteCharErrorFileLastMultiWideWrite
                                                            • String ID: @Mqt
                                                            • API String ID: 2456169464-2740872224
                                                            • Opcode ID: eb3fba40dd6e13f57966d65c450165025d345c4c0c192b16dd37ba016f9c8f70
                                                            • Instruction ID: cf45a345ec5010838be98084fe504c0e9a3a56a39a3d589827b6722930ece402
                                                            • Opcode Fuzzy Hash: eb3fba40dd6e13f57966d65c450165025d345c4c0c192b16dd37ba016f9c8f70
                                                            • Instruction Fuzzy Hash: C3315E75A1021DAFCB14CF69DD919FAB7B9FB48344F0444B9EA0AD7250E770AE84CB60
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C3BA1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008C3BA1(void* _a4, long _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* _t26;
				char* _t28;
				char _t30;
				void* _t31;
				void* _t32;
				void* _t33;
				char _t34;

				_t30 = 0;
				_t33 = HeapReAlloc(GetProcessHeap(), 0x10 + (0 | _a12 != 0x00000000) * 8, _a4, _a8);
				if(_t33 != 0) {
					L10:
					 *_a16 = _t33;
					_t34 = _t30;
					L11:
					if(_t34 != 0) {
						E008C3AA4(_t34);
					}
					L13:
					return _t30;
				}
				_t34 = E008C39DF(_a8, _a12);
				if(_t34 == 0) {
					_t30 = 0x8007000e;
					E008C38BA(_t23, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\memutil.cpp", 0x61, 0x8007000e);
					goto L13;
				}
				_t32 = E008C3C5F(_a4);
				if(_t32 != 0xffffffff) {
					_t26 = E008C3C5F(_t34);
					if(_t26 == 0xffffffff) {
						goto L3;
					}
					_t31 = _t26;
					if(_t26 > _t32) {
						_t31 = _t32;
					}
					E008C3C78(_t34, _t26, _a4, _t31);
					_t28 = _a4;
					if(_t32 == 0) {
						L9:
						E008C3AA4(_a4);
						goto L10;
					} else {
						do {
							 *_t28 = _t30;
							_t28 = _t28 + 1;
							_t32 = _t32 - 1;
						} while (_t32 != 0);
						goto L9;
					}
				}
				L3:
				_t30 = 0x80070057;
				goto L11;
			}










                                                            0x008c3ba7
                                                            0x008c3bcc
                                                            0x008c3bd0
                                                            0x008c3c31
                                                            0x008c3c34
                                                            0x008c3c36
                                                            0x008c3c38
                                                            0x008c3c3a
                                                            0x008c3c3d
                                                            0x008c3c3d
                                                            0x008c3c44
                                                            0x008c3c48
                                                            0x008c3c48
                                                            0x008c3bdd
                                                            0x008c3be1
                                                            0x008c3c4b
                                                            0x008c3c58
                                                            0x00000000
                                                            0x008c3c58
                                                            0x008c3beb
                                                            0x008c3bf0
                                                            0x008c3bfa
                                                            0x008c3c02
                                                            0x00000000
                                                            0x00000000
                                                            0x008c3c04
                                                            0x008c3c08
                                                            0x008c3c0a
                                                            0x008c3c0a
                                                            0x008c3c12
                                                            0x008c3c17
                                                            0x008c3c1f
                                                            0x008c3c29
                                                            0x008c3c2c
                                                            0x00000000
                                                            0x008c3c21
                                                            0x008c3c21
                                                            0x008c3c21
                                                            0x008c3c23
                                                            0x008c3c24
                                                            0x008c3c24
                                                            0x00000000
                                                            0x008c3c21
                                                            0x008c3c1f
                                                            0x008c3bf2
                                                            0x008c3bf2
                                                            0x00000000

                                                            APIs
                                                            • GetProcessHeap.KERNEL32(00000000,00000000,775FA770,00000000,00000000,00000100,?,008C146A,00000000,775FA770,00000000,775FA770,00000000,?,?,008C13B0), ref: 008C3BBF
                                                            • HeapReAlloc.KERNEL32(00000000,?,008C146A,00000000,775FA770,00000000,775FA770,00000000,?,?,008C13B0,?,00000100,?,775FA770,00000000), ref: 008C3BC6
                                                              • Part of subcall function 008C39DF: GetProcessHeap.KERNEL32(?,?,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F0
                                                              • Part of subcall function 008C39DF: RtlAllocateHeap.NTDLL(00000000,?,008C237C,?,00000001,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C39F7
                                                              • Part of subcall function 008C3C5F: GetProcessHeap.KERNEL32(00000000,?,?,008C22D5,?,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C3C67
                                                              • Part of subcall function 008C3C5F: HeapSize.KERNEL32(00000000,?,008C22D5,?,775FA770,8000FFFF,?,?,008FFB39,?,?,00000000,00000000,8000FFFF), ref: 008C3C6E
                                                            • _memcpy_s.LIBCMT ref: 008C3C12
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\memutil.cpp, xrefs: 008C3C53
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Heap$Process$AllocAllocateSize_memcpy_s
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\memutil.cpp
                                                            • API String ID: 3406509257-1758765531
                                                            • Opcode ID: dc70f0b777182164ecfd219840b3f76f75005735d82c04807c0d7b35af14c7f6
                                                            • Instruction ID: 4d61625cd42235370a5f60dfa0e2085bf648c402c567057b03bda1c013c6d916
                                                            • Opcode Fuzzy Hash: dc70f0b777182164ecfd219840b3f76f75005735d82c04807c0d7b35af14c7f6
                                                            • Instruction Fuzzy Hash: 3D112432500258AFCB116E689C45EAE3A3AFF44764B04C618F814EB251C636CF22A7D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FE042 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008FE042(void* __eflags, signed int _a4) {
				intOrPtr _t13;
				void* _t21;
				signed int _t33;
				long _t35;

				_t33 = _a4;
				if(E008F877C(_t33) != 0xffffffff) {
					_t13 =  *0x92b118; // 0x7b7988
					if(_t33 != 1 || ( *(_t13 + 0x88) & 0x00000001) == 0) {
						if(_t33 != 2 || ( *(_t13 + 0x58) & 0x00000001) == 0) {
							goto L7;
						} else {
							goto L6;
						}
					} else {
						L6:
						_t21 = E008F877C(2);
						if(E008F877C(1) == _t21) {
							goto L1;
						}
						L7:
						if(CloseHandle(E008F877C(_t33)) != 0) {
							goto L1;
						}
						_t35 = GetLastError();
						L9:
						E008F86EB(_t33);
						 *((char*)( *((intOrPtr*)(0x92b118 + (_t33 >> 6) * 4)) + 0x28 + (_t33 & 0x0000003f) * 0x30)) = 0;
						if(_t35 == 0) {
							return 0;
						}
						return E008F36F2(_t35) | 0xffffffff;
					}
				}
				L1:
				_t35 = 0;
				goto L9;
			}







                                                            0x008fe049
                                                            0x008fe056
                                                            0x008fe05c
                                                            0x008fe064
                                                            0x008fe072
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008fe07a
                                                            0x008fe07a
                                                            0x008fe07c
                                                            0x008fe08e
                                                            0x00000000
                                                            0x00000000
                                                            0x008fe090
                                                            0x008fe0a0
                                                            0x00000000
                                                            0x00000000
                                                            0x008fe0a8
                                                            0x008fe0aa
                                                            0x008fe0ab
                                                            0x008fe0c3
                                                            0x008fe0ca
                                                            0x00000000
                                                            0x008fe0d8
                                                            0x00000000
                                                            0x008fe0d3
                                                            0x008fe064
                                                            0x008fe058
                                                            0x008fe058
                                                            0x00000000

                                                            APIs
                                                            • CloseHandle.KERNEL32(00000000,00000000,00000000,?,008FDF60,00000000,00927BF8,0000000C), ref: 008FE098
                                                            • GetLastError.KERNEL32(?,008FDF60,00000000,00927BF8,0000000C), ref: 008FE0A2
                                                            • __dosmaperr.LIBCMT ref: 008FE0CD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                            • String ID: @Mqt
                                                            • API String ID: 2583163307-2740872224
                                                            • Opcode ID: d3be8348458e1d0324c940e16b11a861c6b872b769aa52106020acb6c5ed08df
                                                            • Instruction ID: 466458a58b9b441cc90c7ac64ec86af7387351313e5aa3e58b03e95e6fcf24ed
                                                            • Opcode Fuzzy Hash: d3be8348458e1d0324c940e16b11a861c6b872b769aa52106020acb6c5ed08df
                                                            • Instruction Fuzzy Hash: D1016B32614A1C56D734663C588573E2755FBC6734F340128EB04C71F2DEE09C819292
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FCC34 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E008FCC34(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16) {
				signed int _v8;
				void* _v12;
				void* _t15;
				signed int _t19;
				signed int _t32;
				signed int _t33;
				signed int _t36;

				_t36 = _a4;
				_push(_t32);
				_t15 = E008F877C(_t36);
				_t33 = _t32 | 0xffffffff;
				if(_t15 != _t33) {
					_push(_a16);
					if(SetFilePointerEx(_t15, _a8, _a12,  &_v12) != 0) {
						if((_v12 & _v8) == _t33) {
							goto L2;
						} else {
							_t19 = _v12;
							_t39 = (_t36 & 0x0000003f) * 0x30;
							 *( *((intOrPtr*)(0x92b118 + (_t36 >> 6) * 4)) + _t39 + 0x28) =  *( *((intOrPtr*)(0x92b118 + (_t36 >> 6) * 4)) + 0x28 + (_t36 & 0x0000003f) * 0x30) & 0x000000fd;
						}
					} else {
						E008F36F2(GetLastError());
						goto L2;
					}
				} else {
					 *((intOrPtr*)(E008F3728())) = 9;
					L2:
					_t19 = _t33;
				}
				return _t19;
			}










                                                            0x008fcc3c
                                                            0x008fcc3f
                                                            0x008fcc41
                                                            0x008fcc46
                                                            0x008fcc4c
                                                            0x008fcc5f
                                                            0x008fcc75
                                                            0x008fcc90
                                                            0x00000000
                                                            0x008fcc92
                                                            0x008fcc92
                                                            0x008fcc9d
                                                            0x008fcca7
                                                            0x008fcca7
                                                            0x008fcc77
                                                            0x008fcc7e
                                                            0x00000000
                                                            0x008fcc83
                                                            0x008fcc4e
                                                            0x008fcc53
                                                            0x008fcc59
                                                            0x008fcc59
                                                            0x008fcc5b
                                                            0x008fccb1

                                                            APIs
                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,008F2718,00000000,00000000,00000000,00000000,00000000,?,008FCCC8,008F2718,00000000,00000002,00000000), ref: 008FCC6D
                                                            • GetLastError.KERNEL32(?,008FCCC8,008F2718,00000000,00000002,00000000,?,008FCAE0,00000000,00000000,00000000,00000002,00000000,008F2718,00000000,008F2718), ref: 008FCC77
                                                            • __dosmaperr.LIBCMT ref: 008FCC7E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer__dosmaperr
                                                            • String ID: @Mqt
                                                            • API String ID: 2336955059-2740872224
                                                            • Opcode ID: ad302e5fdbf6a2ce07fc2f27b6f7f0a19e8c7447f5836ae383d4ed5a5c00beb6
                                                            • Instruction ID: 3243bf1d6c672d6084a9cddea3e1fc0ed3bb18d3d772bffc81348cba78f6822b
                                                            • Opcode Fuzzy Hash: ad302e5fdbf6a2ce07fc2f27b6f7f0a19e8c7447f5836ae383d4ed5a5c00beb6
                                                            • Instruction Fuzzy Hash: 6D01283262411CBFCB059FBDDC0597E7B29FB85320B240245FA24D7291EA72DE019BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C34C4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008C34C4(WCHAR** _a4, struct HINSTANCE__* _a8) {
				long _t6;
				WCHAR** _t9;
				long _t10;
				signed short _t11;

				_t9 = _a4;
				_t10 = 0x104;
				while(1) {
					_t11 = E008C1FE0(_t9, _t10);
					if(_t11 < 0) {
						break;
					}
					_t6 = GetModuleFileNameW(_a8,  *_t9, _t10);
					if(_t6 == 0) {
						_t11 = GetLastError();
						__eflags = _t11;
						if(__eflags > 0) {
							_t11 = _t11 & 0x0000ffff | 0x80070000;
							__eflags = _t11;
						}
						if(__eflags >= 0) {
							_t11 = 0x80004005;
						}
						E008C38BA(_t7, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\pathutil.cpp", 0x1d4, _t11);
					} else {
						if(_t6 != _t10) {
							_t11 = 0;
						} else {
							_t3 = _t6 + 1; // 0x1
							_t10 = _t3;
							continue;
						}
					}
					break;
				}
				return _t11;
			}







                                                            0x008c34c8
                                                            0x008c34cd
                                                            0x008c34d2
                                                            0x008c34d9
                                                            0x008c34dd
                                                            0x00000000
                                                            0x00000000
                                                            0x008c34e5
                                                            0x008c34ed
                                                            0x008c3502
                                                            0x008c3504
                                                            0x008c3506
                                                            0x008c350b
                                                            0x008c3511
                                                            0x008c3511
                                                            0x008c3513
                                                            0x008c3515
                                                            0x008c3515
                                                            0x008c3525
                                                            0x008c34ef
                                                            0x008c34f1
                                                            0x008c34f8
                                                            0x008c34f3
                                                            0x008c34f3
                                                            0x008c34f3
                                                            0x00000000
                                                            0x008c34f3
                                                            0x008c34f1
                                                            0x00000000
                                                            0x008c34ed
                                                            0x008c3530

                                                            APIs
                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,008C10DD,?,00000000), ref: 008C34E5
                                                            • GetLastError.KERNEL32(?,?,?,?,008C10DD,?,00000000), ref: 008C34FC
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\pathutil.cpp, xrefs: 008C3520
                                                            • @Mqt, xrefs: 008C34FC
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastModuleName
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\pathutil.cpp
                                                            • API String ID: 2776309574-3527269390
                                                            • Opcode ID: fedbf84d4e6c9d45a863b7d00d76ac3506f73035467f960ae01789c0aab1aa3b
                                                            • Instruction ID: e6e514ef2f483a5efae594b5bb884d44f4e48f34f6a775d4ba40b31804b24aae
                                                            • Opcode Fuzzy Hash: fedbf84d4e6c9d45a863b7d00d76ac3506f73035467f960ae01789c0aab1aa3b
                                                            • Instruction Fuzzy Hash: B5F0F677A4423567C73256998C49F4BFB78FF55BA0B068129FD04FB201D675DE0282E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0090412E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E0090412E(void* __ecx, void* _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr* _t12;
				signed short _t20;
				signed short _t25;

				_push(_a20);
				_t20 = 0;
				if(SetFilePointerEx(_a4, _a8, _a12,  &_v12) != 0) {
					_t12 = _a16;
					if(_t12 != 0) {
						 *_t12 = _v12;
						 *((intOrPtr*)(_t12 + 4)) = _v8;
					}
				} else {
					_t20 = GetLastError();
					if(_t20 > 0) {
						_t20 = _t20 & 0x0000ffff | 0x80070000;
						_t25 = _t20;
					}
					if(_t25 >= 0) {
						_t20 = 0x80004005;
					}
					E008C38BA(_t14, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x212, _t20);
				}
				return _t20;
			}








                                                            0x00904134
                                                            0x0090413a
                                                            0x0090414e
                                                            0x00904180
                                                            0x00904185
                                                            0x0090418a
                                                            0x0090418f
                                                            0x0090418f
                                                            0x00904150
                                                            0x00904156
                                                            0x0090415a
                                                            0x0090415f
                                                            0x00904165
                                                            0x00904165
                                                            0x00904167
                                                            0x00904169
                                                            0x00904169
                                                            0x00904179
                                                            0x00904179
                                                            0x00904196

                                                            APIs
                                                            • SetFilePointerEx.KERNEL32(?,?,?,?,?,00000000,?,?,?,008D8651,00000000,00000000,00000000,00000000,00000000), ref: 00904146
                                                            • GetLastError.KERNEL32(?,?,?,008D8651,00000000,00000000,00000000,00000000,00000000), ref: 00904150
                                                            Strings
                                                            • @Mqt, xrefs: 00904150
                                                            • c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp, xrefs: 00904174
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 2976181284-1324176156
                                                            • Opcode ID: 47f627c490feb74b7630904729dd7ad1909767f6a1a208cbb14140a276cbb1d8
                                                            • Instruction ID: bf91ba3c0c0ee3f8447c4fbd80255c52f868342742881e91dbda4d42c2fb9d9a
                                                            • Opcode Fuzzy Hash: 47f627c490feb74b7630904729dd7ad1909767f6a1a208cbb14140a276cbb1d8
                                                            • Instruction Fuzzy Hash: DBF081B6A0422ABFDB208F84DC05D9B7FA9EF24B54B014058FE04AB291E230DD50D6E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00904224 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 58%
                                                            			E00904224(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				char _v12;
				char* _t8;
				void* _t15;
				intOrPtr* _t16;
				void* _t18;
				signed short _t19;
				signed short _t24;

				_t16 = _a8;
				_t8 =  &_v12;
				_t19 = 0;
				 *_t16 = 0;
				 *((intOrPtr*)(_t16 + 4)) = 0;
				__imp__GetFileSizeEx(_a4, _t8, _t15, _t18, __ecx, __ecx);
				if(_t8 != 0) {
					 *_t16 = _v12;
					 *((intOrPtr*)(_t16 + 4)) = _v8;
				} else {
					_t19 = GetLastError();
					if(_t19 > 0) {
						_t19 = _t19 & 0x0000ffff | 0x80070000;
						_t24 = _t19;
					}
					if(_t24 >= 0) {
						_t19 = 0x80004005;
					}
					E008C38BA(_t10, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\fileutil.cpp", 0x24e, _t19);
				}
				return _t19;
			}











                                                            0x0090422b
                                                            0x0090422e
                                                            0x00904235
                                                            0x00904237
                                                            0x00904239
                                                            0x0090423c
                                                            0x00904244
                                                            0x00904279
                                                            0x0090427e
                                                            0x00904246
                                                            0x0090424c
                                                            0x00904250
                                                            0x00904255
                                                            0x0090425b
                                                            0x0090425b
                                                            0x0090425d
                                                            0x0090425f
                                                            0x0090425f
                                                            0x0090426f
                                                            0x0090426f
                                                            0x00904286

                                                            APIs
                                                            • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,7476FB40,?,?,?,008CB9EC,?,?,?,00000000,00000000), ref: 0090423C
                                                            • GetLastError.KERNEL32(?,?,?,008CB9EC,?,?,?,00000000,00000000,?,?,?,00000000,77D59EB0,00000000), ref: 00904246
                                                            Strings
                                                            • @Mqt, xrefs: 00904246
                                                            • c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp, xrefs: 0090426A
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorFileLastSize
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\fileutil.cpp
                                                            • API String ID: 464720113-1324176156
                                                            • Opcode ID: 0fcc1b3f009a146c588ae66b0be85d73e6a2d8ca784a7cddb9bda9b0978e69b2
                                                            • Instruction ID: 367245e7d373378121f1ed62fa6c499d5ad293cacfeeeb2368e4c0b4d9ec886e
                                                            • Opcode Fuzzy Hash: 0fcc1b3f009a146c588ae66b0be85d73e6a2d8ca784a7cddb9bda9b0978e69b2
                                                            • Instruction Fuzzy Hash: 5BF0C2B2A1523ABFD7109B88CD0595AFBACEF54B64B018119BD54E7380E374AD10C7D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F63C9 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 75%
                                                            			E008F63C9(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E008F12A9(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E008EDFC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E008EDFC0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0x8f271a
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E008EF600(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E008EDFC0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E00909570();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E00909570();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E00909570();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E008F66CC(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E00909790(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E008F3728();
					_t183 = 0x22;
					 *_t129 = _t183;
					E008F366C();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                                                            0x008f63c9
                                                            0x008f63d4
                                                            0x008f63db
                                                            0x008f63dd
                                                            0x008f63dd
                                                            0x008f63df
                                                            0x008f63e8
                                                            0x008f63ea
                                                            0x008f63ef
                                                            0x008f63f5
                                                            0x008f640b
                                                            0x008f6410
                                                            0x008f6413
                                                            0x008f6420
                                                            0x008f6425
                                                            0x008f6479
                                                            0x008f6481
                                                            0x008f6483
                                                            0x008f6485
                                                            0x008f6488
                                                            0x008f6488
                                                            0x008f6488
                                                            0x008f648e
                                                            0x008f6496
                                                            0x008f64a9
                                                            0x008f64ac
                                                            0x008f64ae
                                                            0x008f64b1
                                                            0x008f64b2
                                                            0x008f64d3
                                                            0x008f64d6
                                                            0x008f64d6
                                                            0x008f64b4
                                                            0x008f64b4
                                                            0x008f64b6
                                                            0x008f64c1
                                                            0x008f64c1
                                                            0x008f64c3
                                                            0x008f64ca
                                                            0x008f64c5
                                                            0x008f64c5
                                                            0x008f64c5
                                                            0x008f64c3
                                                            0x008f64d7
                                                            0x008f64d9
                                                            0x008f64da
                                                            0x008f64dd
                                                            0x008f64df
                                                            0x008f64f3
                                                            0x008f64e1
                                                            0x008f64e1
                                                            0x008f64e1
                                                            0x008f64f8
                                                            0x008f64f8
                                                            0x008f64fd
                                                            0x008f6500
                                                            0x008f650b
                                                            0x008f650b
                                                            0x008f650b
                                                            0x008f650b
                                                            0x008f650f
                                                            0x008f6516
                                                            0x008f6517
                                                            0x008f651a
                                                            0x008f651d
                                                            0x008f651d
                                                            0x008f651f
                                                            0x00000000
                                                            0x00000000
                                                            0x008f6537
                                                            0x008f653e
                                                            0x008f6542
                                                            0x008f6545
                                                            0x008f6548
                                                            0x008f654a
                                                            0x008f654a
                                                            0x008f654a
                                                            0x008f654c
                                                            0x008f654f
                                                            0x008f6552
                                                            0x008f6554
                                                            0x008f655c
                                                            0x008f6562
                                                            0x008f6565
                                                            0x008f6568
                                                            0x008f6569
                                                            0x008f656c
                                                            0x008f656f
                                                            0x008f656f
                                                            0x008f6574
                                                            0x008f6577
                                                            0x00000000
                                                            0x00000000
                                                            0x008f658f
                                                            0x008f6594
                                                            0x008f6598
                                                            0x00000000
                                                            0x00000000
                                                            0x008f659c
                                                            0x008f659c
                                                            0x008f659f
                                                            0x008f65a0
                                                            0x008f65a0
                                                            0x008f65a2
                                                            0x008f65a5
                                                            0x00000000
                                                            0x00000000
                                                            0x008f65a7
                                                            0x008f65aa
                                                            0x008f65b1
                                                            0x008f65b4
                                                            0x008f65b7
                                                            0x008f65cd
                                                            0x008f65cd
                                                            0x008f65cd
                                                            0x008f65b9
                                                            0x008f65b9
                                                            0x008f65bb
                                                            0x008f65be
                                                            0x008f65c9
                                                            0x008f65c0
                                                            0x008f65c3
                                                            0x008f65c3
                                                            0x008f65be
                                                            0x00000000
                                                            0x008f65b7
                                                            0x008f65ac
                                                            0x008f65ac
                                                            0x008f65ae
                                                            0x008f65ae
                                                            0x008f6502
                                                            0x008f6502
                                                            0x008f6505
                                                            0x008f65d0
                                                            0x008f65d0
                                                            0x008f65d2
                                                            0x008f65d4
                                                            0x008f65d7
                                                            0x008f65d8
                                                            0x008f65d9
                                                            0x008f65da
                                                            0x008f65e2
                                                            0x008f65e2
                                                            0x008f65e2
                                                            0x008f65e4
                                                            0x008f65e7
                                                            0x008f65ea
                                                            0x008f65ec
                                                            0x008f65ec
                                                            0x008f65ee
                                                            0x008f6600
                                                            0x008f6604
                                                            0x008f6607
                                                            0x008f660e
                                                            0x008f6616
                                                            0x008f6616
                                                            0x008f6619
                                                            0x008f661b
                                                            0x008f662c
                                                            0x008f662c
                                                            0x008f6630
                                                            0x008f6630
                                                            0x008f6633
                                                            0x008f6635
                                                            0x008f6638
                                                            0x00000000
                                                            0x008f661d
                                                            0x008f661d
                                                            0x008f6623
                                                            0x008f6623
                                                            0x008f6627
                                                            0x008f663a
                                                            0x008f663a
                                                            0x008f663e
                                                            0x008f663f
                                                            0x008f6641
                                                            0x008f6643
                                                            0x008f6684
                                                            0x008f6684
                                                            0x008f6686
                                                            0x008f6693
                                                            0x008f6693
                                                            0x008f6695
                                                            0x008f6697
                                                            0x008f6698
                                                            0x008f6699
                                                            0x008f66a0
                                                            0x008f66a3
                                                            0x008f66a5
                                                            0x008f66a5
                                                            0x008f66a6
                                                            0x008f66a8
                                                            0x008f66ab
                                                            0x008f66ab
                                                            0x008f66ad
                                                            0x008f66af
                                                            0x00000000
                                                            0x008f66af
                                                            0x008f6688
                                                            0x008f668a
                                                            0x00000000
                                                            0x00000000
                                                            0x008f668c
                                                            0x00000000
                                                            0x00000000
                                                            0x008f668e
                                                            0x008f6691
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f6691
                                                            0x008f664a
                                                            0x008f6650
                                                            0x008f6650
                                                            0x008f6652
                                                            0x008f6653
                                                            0x008f6654
                                                            0x008f6655
                                                            0x008f665c
                                                            0x008f665f
                                                            0x008f6661
                                                            0x008f6662
                                                            0x008f6664
                                                            0x008f6671
                                                            0x008f6671
                                                            0x008f6673
                                                            0x008f6675
                                                            0x008f6676
                                                            0x008f6677
                                                            0x008f667e
                                                            0x008f6681
                                                            0x008f6683
                                                            0x008f6683
                                                            0x00000000
                                                            0x008f6683
                                                            0x008f6666
                                                            0x008f6666
                                                            0x008f6668
                                                            0x00000000
                                                            0x00000000
                                                            0x008f666a
                                                            0x00000000
                                                            0x00000000
                                                            0x008f666c
                                                            0x008f666f
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f666f
                                                            0x008f664c
                                                            0x008f664e
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f664e
                                                            0x008f661f
                                                            0x008f6621
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x008f6621
                                                            0x008f661b
                                                            0x00000000
                                                            0x008f6505
                                                            0x008f6500
                                                            0x008f6427
                                                            0x008f6429
                                                            0x00000000
                                                            0x008f642b
                                                            0x008f6441
                                                            0x008f6446
                                                            0x008f6448
                                                            0x008f6454
                                                            0x008f645a
                                                            0x008f645b
                                                            0x008f645d
                                                            0x008f645f
                                                            0x008f646a
                                                            0x008f646a
                                                            0x008f646d
                                                            0x008f646f
                                                            0x008f646f
                                                            0x008f6472
                                                            0x008f644a
                                                            0x008f644a
                                                            0x008f644a
                                                            0x00000000
                                                            0x008f6448
                                                            0x008f63f7
                                                            0x008f63f7
                                                            0x008f63fe
                                                            0x008f63ff
                                                            0x008f6401
                                                            0x008f66b3
                                                            0x008f66b7
                                                            0x008f66bc
                                                            0x008f66bc
                                                            0x008f66cb
                                                            0x008f66cb

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: __alldvrm$_strrchr
                                                            • String ID:
                                                            • API String ID: 1036877536-0
                                                            • Opcode ID: ad949144aaf5d9b16d0cabd91b61aa8499d9bd64d722724cfcb4a13481783838
                                                            • Instruction ID: 18a8d2ed5a960c2b27fc724d99825b6b77365bbfcfd0052794e4a422e59c0341
                                                            • Opcode Fuzzy Hash: ad949144aaf5d9b16d0cabd91b61aa8499d9bd64d722724cfcb4a13481783838
                                                            • Instruction Fuzzy Hash: B4A1257190428E9FDB21CF38C8817BABBE0FF65314F1842A9E685DB281E6388D51C754
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00905976 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 62%
                                                            			E00905976(signed int __ecx, intOrPtr _a4, signed int _a8, signed short _a12, signed int* _a16, signed int* _a20) {
				signed int _v8;
				signed short _t28;
				signed short _t29;
				signed short _t33;
				signed short _t35;
				signed short _t36;
				signed short _t37;
				signed short _t39;
				signed short _t44;
				signed short _t45;
				void* _t50;
				signed int* _t51;
				void* _t52;
				void* _t54;
				intOrPtr* _t61;
				signed int* _t64;
				intOrPtr _t68;
				signed short _t71;
				void* _t74;
				void* _t79;
				void* _t80;
				void* _t81;

				_t63 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t61 = _a8;
				_t68 = _a4;
				do {
					_a8 = _a8 & 0x00000000;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(_t68);
					if( *0x92a984() != 0) {
						_t71 = E00908222(_t63, _t68, 0x13,  &_v8);
						__eflags = _t71;
						L6:
						if(_t79 < 0) {
							break;
						}
						_t63 = _v8;
						_t80 = _t63 - 0x194;
						if(_t80 > 0) {
							__eflags = _t63 - 0x19e;
							if(__eflags > 0) {
								_t28 = _t63 - 0x1f6;
								__eflags = _t28;
								if(_t28 == 0) {
									L44:
									_t71 = 0x80070003;
									goto L45;
								}
								_t29 = _t28 - 1;
								__eflags = _t29;
								if(_t29 == 0) {
									goto L44;
								}
								__eflags = _t29 == 1;
								if(_t29 == 1) {
									L43:
									_t71 = 0x80070102;
									goto L45;
								}
								L40:
								__eflags = _t71;
								if(_t71 >= 0) {
									_t71 = 0x8000ffff;
								}
								_push( *_t61);
								E008FFB09(_t71, "Unknown HTTP status code %d, returned from URL: %ls", _t63);
								_t74 = _t74 + 0x10;
								goto L45;
							}
							if(__eflags == 0) {
								_t71 = 0x80010135;
								goto L45;
							}
							_t33 = _t63 - 0x195;
							__eflags = _t33;
							if(_t33 == 0) {
								_t71 = 0x80070032;
								goto L45;
							}
							_t35 = _t33;
							__eflags = _t35;
							if(_t35 == 0) {
								L32:
								_t64 = _a16;
								_t71 = 0x80070005;
								_a8 = _a8 & 0x00000000;
								_t36 = _a12;
								 *_t64 =  *_t64 & 0x00000000;
								__eflags = _t36;
								if(_t36 != 0) {
									_t37 =  *_t36;
									__eflags = _t37;
									if(_t37 != 0) {
										_t63 = _a12;
										_t71 =  *_t37( *((intOrPtr*)(_a12 + 4)), _t68, _t63,  &_a8, _t64);
									}
								}
								goto L45;
							}
							_t39 = _t35 - 1;
							__eflags = _t39;
							if(_t39 == 0) {
								goto L43;
							}
							__eflags = _t39 != 0;
							if(_t39 != 0) {
								goto L40;
							}
							L31:
							_t71 = 0x80070002;
							goto L45;
						}
						if(_t80 == 0) {
							goto L31;
						}
						_t81 = _t63 - 0x12f;
						if(_t81 > 0) {
							_t44 = _t63 - 0x190;
							__eflags = _t44;
							if(_t44 == 0) {
								_t71 = 0x800700a1;
								goto L45;
							}
							_t45 = _t44 - 1;
							__eflags = _t45;
							if(_t45 == 0) {
								goto L32;
							}
							__eflags = _t45 != 0;
							if(_t45 != 0) {
								goto L40;
							}
							_t71 = 0x80070005;
							goto L45;
						}
						if(_t81 == 0) {
							L15:
							_t71 = E0090828A(_t63, _t68, 0x33, _t61);
							if(_t71 < 0) {
								break;
							}
							 *_a16 = 1;
							goto L45;
						}
						_t50 = _t63 - 0xc8;
						if(_t50 == 0) {
							_t51 = _a20;
							 *_t51 =  *_t51 & 0x00000000;
							__eflags =  *_t51;
							L19:
							_t71 = 0;
							goto L45;
						}
						_t52 = _t50 - 6;
						if(_t52 == 0) {
							 *_a20 = 1;
							goto L19;
						}
						_t54 = _t52 - 0x5f;
						if(_t54 == 0 || _t54 == 1) {
							goto L15;
						} else {
							goto L40;
						}
					}
					_t71 = GetLastError();
					if(_t71 > 0) {
						_t71 = _t71 & 0x0000ffff | 0x80070000;
					}
					E008FFB09(_t71, "Failed to send request to URL: %ls, trying to process HTTP status code anyway.",  *_t61);
					_t74 = _t74 + 0xc;
					_t79 = E00908222(_t63, _t68, 0x13,  &_v8);
					goto L6;
					L45:
				} while (_a8 != 0);
				return _t71;
			}

























                                                            0x00905976
                                                            0x00905979
                                                            0x0090597a
                                                            0x0090597f
                                                            0x00905984
                                                            0x00905987
                                                            0x00905987
                                                            0x0090598b
                                                            0x0090598d
                                                            0x0090598f
                                                            0x00905991
                                                            0x00905993
                                                            0x0090599c
                                                            0x009059df
                                                            0x009059e1
                                                            0x009059e3
                                                            0x009059e3
                                                            0x00000000
                                                            0x00000000
                                                            0x009059e9
                                                            0x009059f1
                                                            0x009059f3
                                                            0x00905a8e
                                                            0x00905a90
                                                            0x00905af4
                                                            0x00905af4
                                                            0x00905af9
                                                            0x00905b28
                                                            0x00905b28
                                                            0x00000000
                                                            0x00905b28
                                                            0x00905afb
                                                            0x00905afb
                                                            0x00905afe
                                                            0x00000000
                                                            0x00000000
                                                            0x00905b00
                                                            0x00905b03
                                                            0x00905b21
                                                            0x00905b21
                                                            0x00000000
                                                            0x00905b21
                                                            0x00905b05
                                                            0x00905b05
                                                            0x00905b07
                                                            0x00905b09
                                                            0x00905b09
                                                            0x00905b0e
                                                            0x00905b17
                                                            0x00905b1c
                                                            0x00000000
                                                            0x00905b1c
                                                            0x00905a92
                                                            0x00905aeb
                                                            0x00000000
                                                            0x00905aeb
                                                            0x00905a96
                                                            0x00905a96
                                                            0x00905a9b
                                                            0x00905ae4
                                                            0x00000000
                                                            0x00905ae4
                                                            0x00905a9e
                                                            0x00905a9e
                                                            0x00905aa1
                                                            0x00905ab5
                                                            0x00905ab5
                                                            0x00905ab8
                                                            0x00905abd
                                                            0x00905ac1
                                                            0x00905ac4
                                                            0x00905ac7
                                                            0x00905ac9
                                                            0x00905acb
                                                            0x00905acd
                                                            0x00905acf
                                                            0x00905ad7
                                                            0x00905ae0
                                                            0x00905ae0
                                                            0x00905acf
                                                            0x00000000
                                                            0x00905ac9
                                                            0x00905aa3
                                                            0x00905aa3
                                                            0x00905aa6
                                                            0x00000000
                                                            0x00000000
                                                            0x00905aa9
                                                            0x00905aac
                                                            0x00000000
                                                            0x00000000
                                                            0x00905aae
                                                            0x00905aae
                                                            0x00000000
                                                            0x00905aae
                                                            0x009059f9
                                                            0x00000000
                                                            0x00000000
                                                            0x00905a02
                                                            0x00905a04
                                                            0x00905a5f
                                                            0x00905a5f
                                                            0x00905a64
                                                            0x00905a7f
                                                            0x00000000
                                                            0x00905a7f
                                                            0x00905a66
                                                            0x00905a66
                                                            0x00905a69
                                                            0x00000000
                                                            0x00000000
                                                            0x00905a6c
                                                            0x00905a6f
                                                            0x00000000
                                                            0x00000000
                                                            0x00905a75
                                                            0x00000000
                                                            0x00905a75
                                                            0x00905a06
                                                            0x00905a24
                                                            0x00905a2d
                                                            0x00905a31
                                                            0x00000000
                                                            0x00000000
                                                            0x00905a3a
                                                            0x00000000
                                                            0x00905a3a
                                                            0x00905a0a
                                                            0x00905a0f
                                                            0x00905a50
                                                            0x00905a53
                                                            0x00905a53
                                                            0x00905a56
                                                            0x00905a56
                                                            0x00000000
                                                            0x00905a56
                                                            0x00905a11
                                                            0x00905a14
                                                            0x00905a48
                                                            0x00000000
                                                            0x00905a48
                                                            0x00905a16
                                                            0x00905a19
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00905a19
                                                            0x009059a4
                                                            0x009059a8
                                                            0x009059ad
                                                            0x009059ad
                                                            0x009059bb
                                                            0x009059c0
                                                            0x009059cf
                                                            0x00000000
                                                            0x00905b2d
                                                            0x00905b2d
                                                            0x00905b3d

                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,009057DE,00000000,00000000,00905D94,00000000,00000000,00000000,00000000,00000001,?), ref: 0090599E
                                                            Strings
                                                            • Unknown HTTP status code %d, returned from URL: %ls, xrefs: 00905B11
                                                            • Failed to send request to URL: %ls, trying to process HTTP status code anyway., xrefs: 009059B5
                                                            • @Mqt, xrefs: 0090599E
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID: @Mqt$Failed to send request to URL: %ls, trying to process HTTP status code anyway.$Unknown HTTP status code %d, returned from URL: %ls
                                                            • API String ID: 1452528299-869793082
                                                            • Opcode ID: f11591774f3128aa96710295c3796427508bf96154f26f8bc18ef7f6f8adf956
                                                            • Instruction ID: 741e5159ebba351b12454b2e1c6710a9dce08caef2d174de3df4316801fb0bde
                                                            • Opcode Fuzzy Hash: f11591774f3128aa96710295c3796427508bf96154f26f8bc18ef7f6f8adf956
                                                            • Instruction Fuzzy Hash: 54410772610D1A9FDB254E6CED45B7B365CEB41320F174225F911EF2C0E268ED01DEA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00908352 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 78%
                                                            			E00908352(void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, short* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				char _v268;
				char _v528;
				char _v1044;
				char _v5144;
				char _v9244;
				intOrPtr _v9248;
				intOrPtr _v9252;
				intOrPtr _v9256;
				intOrPtr _v9260;
				intOrPtr* _v9264;
				short* _v9268;
				intOrPtr _v9272;
				char* _v9276;
				intOrPtr _v9280;
				char* _v9284;
				intOrPtr _v9288;
				char* _v9292;
				intOrPtr _v9296;
				char* _v9300;
				short _v9304;
				intOrPtr _v9308;
				char* _v9312;
				intOrPtr _v9316;
				char _v9328;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t57;
				short* _t70;
				long _t76;
				long _t77;
				long _t78;
				long _t79;
				intOrPtr _t89;
				void* _t90;
				intOrPtr* _t93;
				void* _t97;
				intOrPtr _t99;
				void* _t100;
				void* _t103;
				signed int _t105;
				long _t115;

				_t97 = __edx;
				E00909760();
				_t57 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t57 ^ _t105;
				_v9260 = _a4;
				_v9264 = _a8;
				_t89 = _a28;
				_v9248 = _a12;
				_v9268 = _a16;
				_t102 = 0;
				_t99 = _a32;
				_v9252 = _a20;
				_v9256 = _a24;
				E008EF600(_t99,  &_v9328, 0, 0x3c);
				_v9328 = 0x3c;
				if(_v9248 != 0) {
					_v9308 = 0x101;
					_v9312 =  &_v1044;
				}
				if(_v9252 != _t102) {
					_v9296 = 0x81;
					_v9300 =  &_v268;
				}
				if(_v9256 != _t102) {
					_v9288 = 0x81;
					_v9292 =  &_v528;
				}
				if(_t89 != 0) {
					_v9280 = 0x801;
					_v9284 =  &_v5144;
				}
				if(_t99 != 0) {
					_v9272 = 0x801;
					_v9276 =  &_v9244;
				}
				_push( &_v9328);
				_push(0x90000000);
				_push(_t102);
				_push(_v9260);
				if( *0x92a98c() != 0) {
					_t93 = _v9264;
					if(_t93 != 0) {
						 *_t93 = _v9316;
					}
					_t69 = _v9248;
					if(_v9248 == 0) {
						L20:
						_t70 = _v9268;
						if(_t70 != 0) {
							 *_t70 = _v9304;
						}
						_t71 = _v9252;
						if(_v9252 == 0) {
							L24:
							_t72 = _v9256;
							if(_v9256 == 0) {
								L26:
								if(_t89 == 0) {
									L28:
									if(_t99 != 0) {
										_t102 = E008C229E(_t99, _v9276, _v9272);
									}
									goto L30;
								}
								_t76 = E008C229E(_t89, _v9284, _v9280);
								_t102 = _t76;
								if(_t76 < 0) {
									goto L30;
								}
								goto L28;
							}
							_t77 = E008C229E(_t72, _v9292, _v9288);
							_t102 = _t77;
							if(_t77 < 0) {
								goto L30;
							}
							goto L26;
						} else {
							_t78 = E008C229E(_t71, _v9300, _v9296);
							_t102 = _t78;
							if(_t78 < 0) {
								goto L30;
							}
							goto L24;
						}
					} else {
						_t79 = E008C229E(_t69, _v9312, _v9308);
						_t102 = _t79;
						if(_t79 < 0) {
							goto L30;
						}
						goto L20;
					}
				} else {
					_t102 = GetLastError();
					if(_t102 > 0) {
						_t115 = _t102;
					}
					if(_t115 >= 0) {
						_t102 = 0x80004005;
					}
					E008C38BA(_t81, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\uriutil.cpp", 0x56, _t102);
					L30:
					_pop(_t100);
					_pop(_t103);
					_pop(_t90);
					return E008EDD1F(_t90, _v8 ^ _t105, _t97, _t100, _t103);
				}
			}














































                                                            0x00908352
                                                            0x0090835a
                                                            0x0090835f
                                                            0x00908366
                                                            0x0090836c
                                                            0x00908375
                                                            0x0090837f
                                                            0x00908382
                                                            0x0090838c
                                                            0x00908392
                                                            0x00908398
                                                            0x0090839b
                                                            0x009083a6
                                                            0x009083b4
                                                            0x009083bc
                                                            0x009083cc
                                                            0x009083d4
                                                            0x009083de
                                                            0x009083de
                                                            0x009083ef
                                                            0x009083f7
                                                            0x009083fd
                                                            0x009083fd
                                                            0x00908409
                                                            0x00908411
                                                            0x00908417
                                                            0x00908417
                                                            0x00908424
                                                            0x0090842c
                                                            0x00908432
                                                            0x00908432
                                                            0x0090843a
                                                            0x00908442
                                                            0x00908448
                                                            0x00908448
                                                            0x00908454
                                                            0x00908455
                                                            0x0090845a
                                                            0x0090845b
                                                            0x00908469
                                                            0x0090849b
                                                            0x009084a3
                                                            0x009084ab
                                                            0x009084ab
                                                            0x009084ad
                                                            0x009084b5
                                                            0x009084d3
                                                            0x009084d3
                                                            0x009084db
                                                            0x009084e4
                                                            0x009084e4
                                                            0x009084e7
                                                            0x009084ef
                                                            0x00908509
                                                            0x00908509
                                                            0x00908511
                                                            0x0090852b
                                                            0x0090852d
                                                            0x00908547
                                                            0x00908549
                                                            0x0090855d
                                                            0x0090855d
                                                            0x00000000
                                                            0x00908549
                                                            0x0090853c
                                                            0x00908541
                                                            0x00908545
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00908545
                                                            0x00908520
                                                            0x00908525
                                                            0x00908529
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x009084f1
                                                            0x009084fe
                                                            0x00908503
                                                            0x00908507
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x00908507
                                                            0x009084b7
                                                            0x009084c4
                                                            0x009084c9
                                                            0x009084cd
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x009084cd
                                                            0x0090846b
                                                            0x00908471
                                                            0x00908475
                                                            0x00908480
                                                            0x00908480
                                                            0x00908482
                                                            0x00908484
                                                            0x00908484
                                                            0x00908491
                                                            0x0090855f
                                                            0x00908564
                                                            0x00908565
                                                            0x00908568
                                                            0x0090856f
                                                            0x0090856f

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID: <$@Mqt$c:\agent\_work\66\s\src\libs\dutil\uriutil.cpp
                                                            • API String ID: 1452528299-3812478274
                                                            • Opcode ID: 7698e861a3aa859cbc256827ed133975b613c1f71ac605bb004d2f25a8b30617
                                                            • Instruction ID: 8153110979ccf93ec1ec7ea9cc04b2619a1cb7a5639c9823c50dc62d8cdb736a
                                                            • Opcode Fuzzy Hash: 7698e861a3aa859cbc256827ed133975b613c1f71ac605bb004d2f25a8b30617
                                                            • Instruction Fuzzy Hash: 1651D972E012299FCB31DF59CC88A9AB7B9BF08710F4541EAA948E7251DB349E848F51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008F8AD8 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            C-Code - Quality: 86%
                                                            			E008F8AD8(void* __edx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t54;
				int _t56;
				signed int _t62;
				int _t65;
				short* _t66;
				signed int _t67;
				short* _t68;

				_t64 = __edx;
				_t34 =  *0x92a008; // 0xa7a0e00c
				_v8 = _t34 ^ _t67;
				E008F12A9(_t54,  &_v28, __edx, _a4);
				_t56 = _a24;
				if(_t56 == 0) {
					_t6 = _v24 + 8; // 0xbce85006
					_t53 =  *_t6;
					_t56 = _t53;
					_a24 = _t53;
				}
				_t65 = 0;
				_t40 = MultiByteToWideChar(_t56, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E008EDD1F(_t54, _v8 ^ _t67, _t64, _t65, _t66);
				}
				_t54 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t54 + 0x00000008 & _t40) == 0) {
					_t66 = 0;
					L11:
					if(_t66 != 0) {
						E008EF600(_t65, _t66, _t65, _t54);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t66, _v12);
						if(_t46 != 0) {
							_t65 = GetStringTypeW(_a8, _t66, _t46, _a20);
						}
					}
					L14:
					E008F8BF5(_t66);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t54 + 0x00000008;
				_t62 = _t54 + 8;
				if((_t40 & _t54 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t66 = E008F5D22(_t62, _t48 & _t62);
					if(_t66 == 0) {
						goto L14;
					}
					 *_t66 = 0xdddd;
					L9:
					_t66 =  &(_t66[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E00909650();
				_t66 = _t68;
				if(_t66 == 0) {
					goto L14;
				}
				 *_t66 = 0xcccc;
				goto L9;
			}























                                                            0x008f8ad8
                                                            0x008f8ae0
                                                            0x008f8ae7
                                                            0x008f8af3
                                                            0x008f8af8
                                                            0x008f8afd
                                                            0x008f8b02
                                                            0x008f8b02
                                                            0x008f8b05
                                                            0x008f8b07
                                                            0x008f8b07
                                                            0x008f8b0c
                                                            0x008f8b25
                                                            0x008f8b2b
                                                            0x008f8b30
                                                            0x008f8bcf
                                                            0x008f8bd3
                                                            0x008f8bd8
                                                            0x008f8bd8
                                                            0x008f8bf4
                                                            0x008f8bf4
                                                            0x008f8b36
                                                            0x008f8b3e
                                                            0x008f8b42
                                                            0x008f8b8e
                                                            0x008f8b90
                                                            0x008f8b92
                                                            0x008f8b97
                                                            0x008f8bae
                                                            0x008f8bb6
                                                            0x008f8bc6
                                                            0x008f8bc6
                                                            0x008f8bb6
                                                            0x008f8bc8
                                                            0x008f8bc9
                                                            0x00000000
                                                            0x008f8bce
                                                            0x008f8b49
                                                            0x008f8b4b
                                                            0x008f8b4d
                                                            0x008f8b55
                                                            0x008f8b72
                                                            0x008f8b7c
                                                            0x008f8b81
                                                            0x00000000
                                                            0x00000000
                                                            0x008f8b83
                                                            0x008f8b89
                                                            0x008f8b89
                                                            0x00000000
                                                            0x008f8b89
                                                            0x008f8b59
                                                            0x008f8b5d
                                                            0x008f8b62
                                                            0x008f8b66
                                                            0x00000000
                                                            0x00000000
                                                            0x008f8b68
                                                            0x00000000

                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(?,00000000,BCE85006,008F1C3F,00000000,00000000,008F2C74,?,008F2C74,?,00000001,008F1C3F,BCE85006,00000001,008F2C74,008F2C74), ref: 008F8B25
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008F8BAE
                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 008F8BC0
                                                            • __freea.LIBCMT ref: 008F8BC9
                                                              • Part of subcall function 008F5D22: RtlAllocateHeap.NTDLL(00000000,?,?,?,008F1782,?,0000015D,?,?,?,?,008F2BDB,000000FF,00000000,?,?), ref: 008F5D54
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                            • String ID:
                                                            • API String ID: 2652629310-0
                                                            • Opcode ID: cd47ee6f700767cc273e525161e35a1ea645b2cacea569b31d99f18bc4087bdc
                                                            • Instruction ID: 99a36d71eab03cd7b106d984428578194117d5a44b6b6e10c3a8b836c48f1883
                                                            • Opcode Fuzzy Hash: cd47ee6f700767cc273e525161e35a1ea645b2cacea569b31d99f18bc4087bdc
                                                            • Instruction Fuzzy Hash: 4B31BAB2A0020AEBDF259F78DC45EBE7BA5FB41320F140568F904D6290EB35DC91CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00905854 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 62%
                                                            			E00905854(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20, signed short _a24, signed short* _a28) {
				char _v8;
				intOrPtr* _t20;
				signed short _t22;
				signed short _t25;
				void* _t37;
				signed short _t44;
				signed short _t46;
				signed short _t57;

				_v8 = 0;
				_t37 = ((0 | _a12 == 0x00000004) - 0x00000001 & 0xff800000) + 0x84c00200;
				_t46 = E008C229E( &_v8, _a16, 0);
				if(_t46 < 0) {
					L21:
					if(_v8 != 0) {
						E008C2762(_v8);
					}
					return _t46;
				}
				_t20 = _a20;
				if(_t20 == 0 ||  *_t20 == 0) {
					L4:
					_t44 =  *0x92a978(_a4, _a8, _v8, 0, 0, 0x92a7c4, _t37, 0);
					if(_t44 != 0) {
						_t22 = _a24;
						__eflags = _t22;
						if(_t22 == 0) {
							L18:
							 *_a28 = _t44;
							_t44 = 0;
							L19:
							__eflags = _t44;
							if(_t44 != 0) {
								 *0x92a994(_t44);
							}
							goto L21;
						}
						__eflags =  *_t22;
						if( *_t22 == 0) {
							goto L18;
						}
						_t25 =  *0x92a980(_t44, _t22, 0xffffffff, 0x40000000);
						__eflags = _t25;
						if(_t25 != 0) {
							goto L18;
						}
						_t46 = GetLastError();
						__eflags = _t46;
						if(__eflags > 0) {
							_t46 = _t46 & 0x0000ffff | 0x80070000;
							__eflags = _t46;
						}
						if(__eflags >= 0) {
							_t46 = 0x80004005;
						}
						E008C38BA(_t26, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0x244, _t46);
						goto L19;
					}
					_t46 = GetLastError();
					if(_t46 > 0) {
						_t46 = _t46 & 0x0000ffff | 0x80070000;
						_t57 = _t46;
					}
					if(_t57 >= 0) {
						_t46 = 0x80004005;
					}
					E008C38BA(_t28, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\dlutil.cpp", 0x23e, _t46);
					goto L21;
				} else {
					_t46 = E008C1FF4( &_v8, _t20, 0);
					if(_t46 < 0) {
						goto L21;
					}
					goto L4;
				}
			}











                                                            0x0090586d
                                                            0x00905878
                                                            0x00905883
                                                            0x00905887
                                                            0x0090595f
                                                            0x00905963
                                                            0x00905968
                                                            0x00905968
                                                            0x00905973
                                                            0x00905973
                                                            0x0090588d
                                                            0x00905892
                                                            0x009058ae
                                                            0x009058c6
                                                            0x009058ca
                                                            0x009058fc
                                                            0x00905901
                                                            0x00905903
                                                            0x0090594d
                                                            0x00905950
                                                            0x00905952
                                                            0x00905954
                                                            0x00905954
                                                            0x00905956
                                                            0x00905959
                                                            0x00905959
                                                            0x00000000
                                                            0x00905956
                                                            0x00905905
                                                            0x00905908
                                                            0x00000000
                                                            0x00000000
                                                            0x00905913
                                                            0x00905919
                                                            0x0090591b
                                                            0x00000000
                                                            0x00000000
                                                            0x00905923
                                                            0x00905925
                                                            0x00905927
                                                            0x0090592c
                                                            0x00905932
                                                            0x00905932
                                                            0x00905934
                                                            0x00905936
                                                            0x00905936
                                                            0x00905946
                                                            0x00000000
                                                            0x00905946
                                                            0x009058d2
                                                            0x009058d6
                                                            0x009058db
                                                            0x009058e1
                                                            0x009058e1
                                                            0x009058e3
                                                            0x009058e5
                                                            0x009058e5
                                                            0x009058f5
                                                            0x00000000
                                                            0x00905899
                                                            0x009058a4
                                                            0x009058a8
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000
                                                            0x009058a8

                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,009057BF,00000000,00000000,00000001), ref: 009058CC
                                                            • GetLastError.KERNEL32(?,?,009057BF,00000000,00000000,00000001), ref: 0090591D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\dlutil.cpp
                                                            • API String ID: 1452528299-3014452495
                                                            • Opcode ID: ffdd2c45c09b4111890db807accc2adcf7b42dd7b0256f9513d81e0688dfc2d0
                                                            • Instruction ID: 426cfb816e7f565cc5114bbf319783a2b29a658c345a52e5e1fce93945b2646b
                                                            • Opcode Fuzzy Hash: ffdd2c45c09b4111890db807accc2adcf7b42dd7b0256f9513d81e0688dfc2d0
                                                            • Instruction Fuzzy Hash: 6431E777900A2AEFDB219A998D48F9B7A7DEF81B70B134124FD10FB190D674CD00DAA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0090828A Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 39%
                                                            			E0090828A(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				unsigned int _v8;
				char _v12;
				intOrPtr* _t33;
				signed short _t36;
				signed short _t47;

				_t33 = _a12;
				_v8 = 0;
				_v12 = 0;
				if( *_t33 != 0) {
					L2:
					_t36 = E008C28D4( *_t33,  &_v8);
					if(_t36 < 0) {
						L13:
						return _t36;
					}
					_push( &_v12);
					_push( &_v8);
					_push( *_t33);
					_push(_a8);
					_push(_a4);
					if( *0x92a988() != 0) {
						goto L13;
					}
					_t36 = GetLastError();
					if(_t36 != 0x7a) {
						L9:
						if(_t36 > 0) {
							_t36 = _t36 & 0x0000ffff | 0x80070000;
							_t47 = _t36;
						}
						if(_t47 < 0) {
							E008C38BA(_t22, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\inetutil.cpp", 0x6c, _t36);
						}
						goto L13;
					}
					_t25 = _v8 + 2;
					_v8 = _v8 + 2;
					_t36 = E008C1FE0(_t33, _t25 >> 1);
					if(_t36 < 0) {
						goto L13;
					} else {
						_push( &_v12);
						_push( &_v8);
						_push( *_t33);
						_push(_a8);
						_push(_a4);
						if( *0x92a988() != 0) {
							_t36 = 0;
						} else {
							_t36 = GetLastError();
						}
						goto L9;
					}
				}
				_t36 = E008C1FE0(_t33, 0x40);
				if(_t36 < 0) {
					goto L13;
				}
				goto L2;
			}








                                                            0x00908291
                                                            0x00908296
                                                            0x00908299
                                                            0x0090829e
                                                            0x009082b2
                                                            0x009082bd
                                                            0x009082c1
                                                            0x0090834a
                                                            0x0090834f
                                                            0x0090834f
                                                            0x009082ca
                                                            0x009082ce
                                                            0x009082cf
                                                            0x009082d1
                                                            0x009082d4
                                                            0x009082df
                                                            0x00000000
                                                            0x00000000
                                                            0x009082e7
                                                            0x009082ec
                                                            0x0090832c
                                                            0x0090832e
                                                            0x00908333
                                                            0x00908339
                                                            0x00908339
                                                            0x0090833b
                                                            0x00908345
                                                            0x00908345
                                                            0x00000000
                                                            0x0090833b
                                                            0x009082f1
                                                            0x009082f4
                                                            0x00908300
                                                            0x00908304
                                                            0x00000000
                                                            0x00908306
                                                            0x00908309
                                                            0x0090830d
                                                            0x0090830e
                                                            0x00908310
                                                            0x00908313
                                                            0x0090831e
                                                            0x0090832a
                                                            0x00908320
                                                            0x00908326
                                                            0x00908326
                                                            0x00000000
                                                            0x0090831e
                                                            0x00908304
                                                            0x009082a8
                                                            0x009082ac
                                                            0x00000000
                                                            0x00000000
                                                            0x00000000

                                                            APIs
                                                            • GetLastError.KERNEL32(?,00905A2D,?,00000033,00000000,?,00000013,00000000,?,?,009057DE,00000000,00000000,00905D94,00000000,00000000), ref: 009082E1
                                                            • GetLastError.KERNEL32(?,00905A2D,?,00000033,00000000,?,00000013,00000000,?,?,009057DE,00000000,00000000,00905D94,00000000,00000000), ref: 00908320
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID: @Mqt$c:\agent\_work\66\s\src\libs\dutil\inetutil.cpp
                                                            • API String ID: 1452528299-1391240214
                                                            • Opcode ID: b1bf727319a997f311c45d25676bdc6d3d9eefc897efcdbb101930dac7ab3a44
                                                            • Instruction ID: e8515e3b0bce0bcfa40a63dcf78565569f6666c3b5cc1ea90801370d7bc07ec2
                                                            • Opcode Fuzzy Hash: b1bf727319a997f311c45d25676bdc6d3d9eefc897efcdbb101930dac7ab3a44
                                                            • Instruction Fuzzy Hash: 72213D72A01129FFCB219BA4C845E9FBBB8EF44B90B114125FD41E6150EB30DE519BA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00902AB1 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 44%
                                                            			E00902AB1(void* __eax, intOrPtr* _a4, intOrPtr _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v20;
				char _v28;
				intOrPtr* _t36;
				intOrPtr* _t39;
				signed int _t40;
				signed int _t41;
				signed int* _t43;
				void* _t46;
				void* _t47;
				void* _t51;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				__imp__#2(_a8);
				_t46 = __eax;
				__imp__#8( &_v28);
				_t39 = _a4;
				_t47 =  *((intOrPtr*)( *_t39 + 0x44))(_t39,  &_v8);
				if(_t47 >= 0) {
					_t47 = E00902CFC( &_v12, _v8, __eax,  &_v12);
					if(_t47 != 1 && _t47 >= 0) {
						_t36 = _v12;
						_t47 =  *((intOrPtr*)( *_t36 + 0x20))(_t36,  &_v28);
						_t51 = _t47;
						if(_t51 >= 0 && _t51 == 0) {
							_t43 = _a12;
							if(_t43 != 0) {
								_v20 = _v20 & 0x00000000;
								 *_t43 = _v20;
							}
						}
					}
				}
				_t40 = _v8;
				if(_t40 != 0) {
					 *((intOrPtr*)( *_t40 + 8))(_t40);
				}
				_t41 = _v12;
				if(_t41 != 0) {
					 *((intOrPtr*)( *_t41 + 8))(_t41);
				}
				__imp__#9( &_v28);
				if(_t46 != 0) {
					__imp__#6(_t46);
				}
				return _t47;
			}















                                                            0x00902ab7
                                                            0x00902abb
                                                            0x00902ac4
                                                            0x00902aca
                                                            0x00902ad0
                                                            0x00902ad6
                                                            0x00902ae3
                                                            0x00902ae7
                                                            0x00902af6
                                                            0x00902afb
                                                            0x00902b01
                                                            0x00902b0e
                                                            0x00902b10
                                                            0x00902b12
                                                            0x00902b16
                                                            0x00902b1b
                                                            0x00902b20
                                                            0x00902b24
                                                            0x00902b24
                                                            0x00902b1b
                                                            0x00902b12
                                                            0x00902afb
                                                            0x00902b26
                                                            0x00902b2b
                                                            0x00902b30
                                                            0x00902b30
                                                            0x00902b33
                                                            0x00902b38
                                                            0x00902b3d
                                                            0x00902b3d
                                                            0x00902b44
                                                            0x00902b4c
                                                            0x00902b4f
                                                            0x00902b4f
                                                            0x00902b5a

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 00902AC4
                                                            • VariantInit.OLEAUT32(?), ref: 00902AD0
                                                            • VariantClear.OLEAUT32(?), ref: 00902B44
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00902B4F
                                                              • Part of subcall function 00902CFC: SysAllocString.OLEAUT32(?), ref: 00902D11
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocVariant$ClearFreeInit
                                                            • String ID:
                                                            • API String ID: 347726874-0
                                                            • Opcode ID: 9a30740dd2bb9ac2461fbf24def721d526a3a12b5831e2821e28abe4ed7c1022
                                                            • Instruction ID: c9bc00f293148f4b7e21df7a57fc0fe5640fd52a9dfaa2a6204eb7cce8f98522
                                                            • Opcode Fuzzy Hash: 9a30740dd2bb9ac2461fbf24def721d526a3a12b5831e2821e28abe4ed7c1022
                                                            • Instruction Fuzzy Hash: EA212972A0121AAFCB15DFA4D84CEAEBBBCBF45715F150198E901EB260D730DE05DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008FFA47 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 100%
                                                            			E008FFA47() {
				void* _t1;
				signed int _t2;
				signed int _t3;

				EnterCriticalSection(0x92b5d4);
				_t1 =  *0x92a774; // 0x22c
				 *0x92b5c8 = 1;
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x92a774 =  *0x92a774 | 0xffffffff;
				}
				_t2 =  *0x92b5cc; // 0x7be160
				if(_t2 != 0) {
					E008C2762(_t2);
					 *0x92b5cc =  *0x92b5cc & 0x00000000;
				}
				_t3 =  *0x92b5d0; // 0x0
				if(_t3 != 0) {
					_t3 = E008C2762(_t3);
					 *0x92b5d0 =  *0x92b5d0 & 0x00000000;
				}
				LeaveCriticalSection(0x92b5d4);
				return _t3;
			}






                                                            0x008ffa4e
                                                            0x008ffa54
                                                            0x008ffa59
                                                            0x008ffa66
                                                            0x008ffa69
                                                            0x008ffa6f
                                                            0x008ffa6f
                                                            0x008ffa76
                                                            0x008ffa7d
                                                            0x008ffa80
                                                            0x008ffa85
                                                            0x008ffa85
                                                            0x008ffa8c
                                                            0x008ffa93
                                                            0x008ffa96
                                                            0x008ffa9b
                                                            0x008ffa9b
                                                            0x008ffaa3
                                                            0x008ffaaa

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(0092B5D4,00000000,008D40BF,feclient.dll,?,00000000,?,?,?,008C4B57,?,?,0090A488,?,00000001,00000000), ref: 008FFA4E
                                                            • CloseHandle.KERNEL32(0000022C,?,?,008C4B57,?,?,0090A488,?,00000001,00000000,00000000,?,?,008C54CB,?,?), ref: 008FFA69
                                                            • LeaveCriticalSection.KERNEL32(0092B5D4,?,?,008C4B57,?,?,0090A488,?,00000001,00000000,00000000,?,?,008C54CB,?,?), ref: 008FFAA3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$CloseEnterHandleLeave
                                                            • String ID: `{
                                                            • API String ID: 2394387412-2310148178
                                                            • Opcode ID: 993daebae9e8dfb7e30e21102d9337be4b4157feecbe7606af6a5268dc6d304b
                                                            • Instruction ID: 220af6b4301d2f917b165c3ab3a0749ac7fac5a2fc93d9b0a27676cf963e945f
                                                            • Opcode Fuzzy Hash: 993daebae9e8dfb7e30e21102d9337be4b4157feecbe7606af6a5268dc6d304b
                                                            • Instruction Fuzzy Hash: A8F0F8719382158BD760AB38EC48F6637E8FF15325F144314F125D61E1DB7C8802AB92
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00900517 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 81%
                                                            			E00900517(void* __ecx, void* _a4, short* _a8, intOrPtr _a12, signed short _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed short _t35;
				signed short _t36;
				signed int _t37;
				void* _t55;
				signed short _t57;
				signed short _t58;
				signed int _t59;
				signed short _t60;
				signed int _t63;
				signed short _t64;
				void* _t65;

				_t55 = __ecx;
				_v12 = _v12 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t63 = 0;
				_t65 =  *0x92b634 - _t63; // 0x1
				if(_t65 != 0 || _a12 == 0) {
					_t35 = _a12 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						_t63 = 0x200;
					} else {
						__eflags = _t35 == 1;
						if(_t35 == 1) {
							_t63 = 0x100;
						}
					}
					__eflags = _a16;
					if(_a16 == 0) {
						L16:
						_t36 =  *0x92b628;
						__eflags = _t36;
						if(_t36 == 0) {
							_t37 = RegDeleteKeyW(_a4, _a8);
							_t59 = _t37 & 0x0000ffff;
							__eflags = _t37;
							if(_t37 > 0) {
								_t57 = _t59 | 0x80070000;
								__eflags = _t57;
								_t60 = _t57;
							} else {
								_t57 = _t37;
								_t60 = _t59 | 0x80070000;
							}
							__eflags = _t57 - 0x80070002;
							if(_t57 != 0x80070002) {
								_t64 = 0;
								__eflags = _t37;
								if(__eflags == 0) {
									goto L39;
								}
								_t64 = _t37;
								if(__eflags > 0) {
									_t64 = _t60;
								}
								__eflags = _t64;
								if(_t64 >= 0) {
									_t64 = 0x80004005;
								}
								_push(_t64);
								_push(0xfb);
								L38:
								_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
								E008C38BA(_t37);
							} else {
								_t64 = _t57;
							}
							goto L39;
						}
						_t64 =  *_t36(_a4, _a8, _t63, 0);
						_t58 = _t64;
						_t37 = _t64 & 0x0000ffff | 0x80070000;
						__eflags = _t64;
						if(_t64 > 0) {
							_t58 = _t37;
						}
						__eflags = _t58 - 0x80070002;
						if(_t58 != 0x80070002) {
							__eflags = _t64;
							if(__eflags == 0) {
								goto L9;
							}
							if(__eflags > 0) {
								_t64 = _t37;
								__eflags = _t64;
							}
							if(__eflags >= 0) {
								_t64 = 0x80004005;
							}
							_push(_t64);
							_push(0xf2);
							goto L38;
						} else {
							_t64 = 0x80070002;
							goto L39;
						}
					} else {
						_t64 = E00900823(_a4, _a8, _t63 | 0x00020019,  &_v8);
						__eflags = _t64 - 0x80070002;
						if(_t64 != 0x80070002) {
							while(1) {
								__eflags = _t64;
								if(_t64 < 0) {
									break;
								}
								_t64 = E00900708(_t55, _v8, 0,  &_v12);
								__eflags = _t64 - 0x80070103;
								if(_t64 == 0x80070103) {
									goto L16;
								}
								__eflags = _t64;
								if(_t64 < 0) {
									L39:
									__eflags = _v8;
									if(_v8 != 0) {
										RegCloseKey(_v8);
										_t28 =  &_v8;
										 *_t28 = _v8 & 0x00000000;
										__eflags =  *_t28;
									}
									__eflags = _v12;
									if(_v12 != 0) {
										E008C2762(_v12);
									}
									__eflags = _v16;
									if(_v16 != 0) {
										E008C2762(_v16);
									}
									goto L45;
								}
								_t64 = E008C2E55(_t55, _a8, _v12,  &_v16);
								__eflags = _t64;
								if(_t64 < 0) {
									goto L39;
								}
								_t64 = E00900517(_t55, _a4, _v16, _a12, _a16);
							}
							goto L39;
						}
						L9:
						_t64 = 0;
						goto L39;
					}
				} else {
					_t64 = 0x80070057;
					L45:
					return _t64;
				}
			}

















                                                            0x00900517
                                                            0x0090051d
                                                            0x00900521
                                                            0x00900525
                                                            0x0090052b
                                                            0x0090052d
                                                            0x00900533
                                                            0x00900547
                                                            0x00900547
                                                            0x0090054a
                                                            0x00900558
                                                            0x0090054c
                                                            0x0090054c
                                                            0x0090054f
                                                            0x00900551
                                                            0x00900551
                                                            0x0090054f
                                                            0x0090055d
                                                            0x00900561
                                                            0x009005e1
                                                            0x009005e1
                                                            0x009005e6
                                                            0x009005e8
                                                            0x00900637
                                                            0x0090063d
                                                            0x00900640
                                                            0x00900642
                                                            0x00900650
                                                            0x00900650
                                                            0x00900656
                                                            0x00900644
                                                            0x00900644
                                                            0x00900646
                                                            0x00900646
                                                            0x00900658
                                                            0x0090065e
                                                            0x00900664
                                                            0x00900666
                                                            0x00900668
                                                            0x00000000
                                                            0x00000000
                                                            0x0090066a
                                                            0x0090066c
                                                            0x0090066e
                                                            0x0090066e
                                                            0x00900670
                                                            0x00900672
                                                            0x00900674
                                                            0x00900674
                                                            0x00900679
                                                            0x0090067a
                                                            0x0090067f
                                                            0x0090067f
                                                            0x00900684
                                                            0x00900660
                                                            0x00900660
                                                            0x00900660
                                                            0x00000000
                                                            0x0090065e
                                                            0x009005f5
                                                            0x009005fa
                                                            0x009005fc
                                                            0x00900601
                                                            0x00900603
                                                            0x00900605
                                                            0x00900605
                                                            0x0090060c
                                                            0x0090060e
                                                            0x00900614
                                                            0x00900616
                                                            0x00000000
                                                            0x00000000
                                                            0x0090061c
                                                            0x0090061e
                                                            0x00900620
                                                            0x00900620
                                                            0x00900622
                                                            0x00900624
                                                            0x00900624
                                                            0x00900629
                                                            0x0090062a
                                                            0x00000000
                                                            0x00900610
                                                            0x00900610
                                                            0x00000000
                                                            0x00900610
                                                            0x00900563
                                                            0x0090057a
                                                            0x00900581
                                                            0x00900583
                                                            0x009005d8
                                                            0x009005d8
                                                            0x009005da
                                                            0x00000000
                                                            0x00000000
                                                            0x0090059a
                                                            0x0090059c
                                                            0x009005a2
                                                            0x00000000
                                                            0x00000000
                                                            0x009005a4
                                                            0x009005a6
                                                            0x00900689
                                                            0x00900689
                                                            0x0090068d
                                                            0x00900692
                                                            0x00900698
                                                            0x00900698
                                                            0x00900698
                                                            0x00900698
                                                            0x0090069c
                                                            0x009006a0
                                                            0x009006a5
                                                            0x009006a5
                                                            0x009006aa
                                                            0x009006ae
                                                            0x009006b3
                                                            0x009006b3
                                                            0x00000000
                                                            0x009006ae
                                                            0x009005bb
                                                            0x009005bd
                                                            0x009005bf
                                                            0x00000000
                                                            0x00000000
                                                            0x009005d6
                                                            0x009005d6
                                                            0x00000000
                                                            0x009005dc
                                                            0x00900585
                                                            0x00900585
                                                            0x00000000
                                                            0x00900585
                                                            0x0090053a
                                                            0x0090053a
                                                            0x009006b9
                                                            0x009006bd
                                                            0x009006bd

                                                            APIs
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00900692
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 0090067F
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 3535843008-3237223240
                                                            • Opcode ID: 40f6e2dd4c7620c3a3f5d3dd5a81d4dd0864dd67f4e5d211ff5fc6036f89f487
                                                            • Instruction ID: 35ab5e8cd35dbc9fce53bb8591ca4277e7b7046d70090ea8224df81c8d836bd4
                                                            • Opcode Fuzzy Hash: 40f6e2dd4c7620c3a3f5d3dd5a81d4dd0864dd67f4e5d211ff5fc6036f89f487
                                                            • Instruction Fuzzy Hash: 5D41B432D01129EFDF314A59CC05BAD7AAAABC0721F198325FC04AB1D0D73ACD60EB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0090095E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 91%
                                                            			E0090095E(void* _a4, short* _a8, char** _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				void* _v20;
				signed int _t37;
				long _t41;
				signed int _t57;
				long _t59;
				char** _t61;
				long _t62;

				_t61 = _a12;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_t61 == 0 ||  *_t61 == 0) {
					L4:
					_v8 = 2;
					_t62 = E008C1FE0(_t61, 2);
					if(_t62 < 0) {
						goto L26;
					} else {
						_t37 = _v8;
						goto L6;
					}
				} else {
					_t62 = E008C2847( *_t61,  &_v8);
					if(_t62 < 0) {
						L26:
						if(_v20 != 0) {
							E008C2762(_v20);
						}
						return _t62;
					}
					_t37 = _v8;
					if(_t37 >= 2) {
						L6:
						_v16 = _t37 * 2 - 2;
						_t41 = RegQueryValueExW(_a4, _a8, 0,  &_v12,  *_t61,  &_v16);
						if(_t41 != 0xea) {
							L9:
							_t59 = _t41;
							_t57 = _t41 & 0x0000ffff | 0x80070000;
							if(_t41 > 0) {
								_t59 = _t57;
							}
							if(_t59 != 0x80070002) {
								__eflags = _t41;
								if(__eflags == 0) {
									__eflags = _v12 - 1;
									if(_v12 == 1) {
										L23:
										( *_t61)[_v8 * 2 - 2] = 0;
										__eflags = _v12 - 2;
										if(_v12 == 2) {
											_t62 = E008C229E( &_v20,  *_t61, 0);
											__eflags = _t62;
											if(_t62 >= 0) {
												_t62 = E008C3171(_t61, _v20, 1);
											}
										}
										goto L26;
									}
									__eflags = _v12 - 2;
									if(_v12 == 2) {
										goto L23;
									}
									_t62 = 0x8007070c;
									_push(0x8007070c);
									_push(0x1ef);
									L19:
									_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
									E008C38BA(_t41);
									goto L26;
								}
								_t62 = _t41;
								if(__eflags > 0) {
									_t62 = _t57;
								}
								__eflags = _t62;
								if(_t62 >= 0) {
									_t62 = 0x80004005;
								}
								_push(_t62);
								_push(0x1dc);
								goto L19;
							} else {
								_t62 = _t59;
								goto L26;
							}
						}
						_v8 = (_v16 >> 1) + 1;
						_t62 = E008C1FE0(_t61, (_v16 >> 1) + 1);
						if(_t62 < 0) {
							goto L26;
						}
						_t41 = RegQueryValueExW(_a4, _a8, 0,  &_v12,  *_t61,  &_v16);
						goto L9;
					}
					goto L4;
				}
			}













                                                            0x00900969
                                                            0x0090096c
                                                            0x0090096f
                                                            0x00900972
                                                            0x00900975
                                                            0x0090097a
                                                            0x0090099d
                                                            0x009009a0
                                                            0x009009ac
                                                            0x009009b0
                                                            0x00000000
                                                            0x009009b6
                                                            0x009009b6
                                                            0x00000000
                                                            0x009009b6
                                                            0x00900980
                                                            0x0090098b
                                                            0x0090098f
                                                            0x00900a9e
                                                            0x00900aa1
                                                            0x00900aa6
                                                            0x00900aa6
                                                            0x00900ab1
                                                            0x00900ab1
                                                            0x00900995
                                                            0x0090099b
                                                            0x009009b9
                                                            0x009009c0
                                                            0x009009d4
                                                            0x009009df
                                                            0x00900a12
                                                            0x00900a15
                                                            0x00900a17
                                                            0x00900a1f
                                                            0x00900a21
                                                            0x00900a21
                                                            0x00900a29
                                                            0x00900a2f
                                                            0x00900a31
                                                            0x00900a54
                                                            0x00900a58
                                                            0x00900a6d
                                                            0x00900a74
                                                            0x00900a79
                                                            0x00900a7d
                                                            0x00900a8b
                                                            0x00900a8d
                                                            0x00900a8f
                                                            0x00900a9c
                                                            0x00900a9c
                                                            0x00900a8f
                                                            0x00000000
                                                            0x00900a7d
                                                            0x00900a5a
                                                            0x00900a5e
                                                            0x00000000
                                                            0x00000000
                                                            0x00900a60
                                                            0x00900a65
                                                            0x00900a66
                                                            0x00900a48
                                                            0x00900a48
                                                            0x00900a4d
                                                            0x00000000
                                                            0x00900a4d
                                                            0x00900a33
                                                            0x00900a35
                                                            0x00900a37
                                                            0x00900a37
                                                            0x00900a39
                                                            0x00900a3b
                                                            0x00900a3d
                                                            0x00900a3d
                                                            0x00900a42
                                                            0x00900a43
                                                            0x00000000
                                                            0x00900a2b
                                                            0x00900a2b
                                                            0x00000000
                                                            0x00900a2b
                                                            0x00900a29
                                                            0x009009e9
                                                            0x009009f1
                                                            0x009009f5
                                                            0x00000000
                                                            0x00000000
                                                            0x00900a0c
                                                            0x00000000
                                                            0x00900a0c
                                                            0x00000000
                                                            0x0090099b

                                                            APIs
                                                            • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 009009D4
                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00900A0C
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 00900A48
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: QueryValue
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 3660427363-3237223240
                                                            • Opcode ID: 241fa7e926cae77c23fcfb4dfc6c3cd11220a7f147a34e840f341f276cc0d417
                                                            • Instruction ID: b52c24885f42e0e917b7a0b4a7b487f0575555f8df99889e3ac24fb42f410d7a
                                                            • Opcode Fuzzy Hash: 241fa7e926cae77c23fcfb4dfc6c3cd11220a7f147a34e840f341f276cc0d417
                                                            • Instruction Fuzzy Hash: 67416331E0022AAFDF21DE98C885BAEB7B9FF80750F104569E914E7291D7309E51DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 008C3ADB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 96%
                                                            			E008C3ADB(void* __ecx, signed int* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24) {
				intOrPtr _v8;
				void* __edi;
				intOrPtr _t21;
				signed int _t23;
				intOrPtr _t25;
				void* _t29;
				signed int _t31;
				intOrPtr _t34;
				signed int _t43;
				signed int _t45;
				intOrPtr _t48;
				signed int _t50;
				void* _t52;

				_push(__ecx);
				_t45 = _a12;
				if(_t45 != 0) {
					_t50 = _a20;
					_t29 = _a16 + _t45;
					_t21 = E008C3A01(__ecx, __eflags, _a4, _t29, _t50, _a24);
					_v8 = _t21;
					__eflags = _t21;
					if(_t21 >= 0) {
						_t43 =  *_a4;
						_t8 = _t29 - 1; // 0x90a49f
						_t23 = _t8;
						_t31 = _a8;
						_a20 = _t43;
						__eflags = _t23 - _t31;
						if(_t23 > _t31) {
							_a24 = _t23 * _t50 + _t43;
							_t12 = _t23 - 1; // 0x90a49e
							_t41 = _t12 * _t50 + _t43;
							_t25 = _t23 - _t31;
							__eflags = _t25;
							_t34 = _a24;
							_t48 = _t25;
							_a4 = _t12 * _t50 + _t43;
							do {
								E008C3C78(_t34, _t50, _t41, _t50);
								_t52 = _t52 + 0x10;
								_t41 = _a4 - _t50;
								_t34 = _t34 - _t50;
								_a4 = _a4 - _t50;
								_t48 = _t48 - 1;
								__eflags = _t48;
							} while (_t48 != 0);
							_t45 = _a12;
							_t31 = _a8;
							_t43 = _a20;
						}
						__eflags = _t31 * _t50 + _t43;
						E008EF600(_t45 * _t50, _t31 * _t50 + _t43, 0, _t45 * _t50);
						_t21 = _v8;
					}
				} else {
					_t21 = 0;
				}
				return _t21;
			}
















                                                            0x008c3ade
                                                            0x008c3ae0
                                                            0x008c3ae5
                                                            0x008c3af6
                                                            0x008c3af9
                                                            0x008c3b00
                                                            0x008c3b05
                                                            0x008c3b08
                                                            0x008c3b0a
                                                            0x008c3b0f
                                                            0x008c3b11
                                                            0x008c3b11
                                                            0x008c3b14
                                                            0x008c3b17
                                                            0x008c3b1a
                                                            0x008c3b1c
                                                            0x008c3b25
                                                            0x008c3b28
                                                            0x008c3b2e
                                                            0x008c3b30
                                                            0x008c3b30
                                                            0x008c3b32
                                                            0x008c3b35
                                                            0x008c3b37
                                                            0x008c3b3a
                                                            0x008c3b3e
                                                            0x008c3b46
                                                            0x008c3b49
                                                            0x008c3b4b
                                                            0x008c3b4d
                                                            0x008c3b50
                                                            0x008c3b50
                                                            0x008c3b50
                                                            0x008c3b55
                                                            0x008c3b58
                                                            0x008c3b5b
                                                            0x008c3b5b
                                                            0x008c3b65
                                                            0x008c3b6a
                                                            0x008c3b6f
                                                            0x008c3b72
                                                            0x008c3ae7
                                                            0x008c3ae7
                                                            0x008c3ae7
                                                            0x008c3b79

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: _memcpy_s
                                                            • String ID: crypt32.dll$wininet.dll
                                                            • API String ID: 2001391462-82500532
                                                            • Opcode ID: 4ae1699a8e0cffef73e401e02ee7f8f13826bdea54519662f1ff0bf1fc8a425b
                                                            • Instruction ID: c49b429c77c2621d37b0e4bc9dfd16ae4c07971fa063f77bdf73386d3f265c9c
                                                            • Opcode Fuzzy Hash: 4ae1699a8e0cffef73e401e02ee7f8f13826bdea54519662f1ff0bf1fc8a425b
                                                            • Instruction Fuzzy Hash: D4112E71600219ABCF18DF29CDD5E9F7F69EF95294B148029FD058B351D631EA118BE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00900D87 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62registryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 84%
                                                            			E00900D87(void* __ecx, void* _a4, short* _a8, char* _a12) {
				signed int _v8;
				signed short _t12;
				signed int _t19;
				signed short _t25;

				_t19 = 0;
				_v8 = _v8 & 0;
				if(_a12 == 0) {
					_t12 = RegDeleteValueW(_a4, _a8);
					__eflags = _t12 - 2;
					if(_t12 == 2) {
						L11:
						_t12 = 0;
						__eflags = 0;
					} else {
						__eflags = _t12 - 3;
						if(_t12 == 3) {
							goto L11;
						}
					}
					__eflags = _t12;
					if(__eflags != 0) {
						if(__eflags > 0) {
							_t19 = _t12 & 0x0000ffff | 0x80070000;
							__eflags = _t19;
						} else {
							_t19 = _t12;
						}
						__eflags = _t19;
						if(_t19 >= 0) {
							_t19 = 0x80004005;
						}
						_push(_t19);
						_push(0x2fe);
						goto L19;
					}
				} else {
					_t19 = E009003F8(_a12, 0xffffffff,  &_v8);
					if(_t19 >= 0) {
						_t12 = RegSetValueExW(_a4, _a8, 0, 1, _a12, _v8);
						_t25 = _t12;
						if(_t25 != 0) {
							if(_t25 > 0) {
								_t19 = _t12 & 0x0000ffff | 0x80070000;
								__eflags = _t19;
							} else {
								_t19 = _t12;
							}
							if(_t19 >= 0) {
								_t19 = 0x80004005;
							}
							_push(_t19);
							_push(0x2f5);
							L19:
							_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\regutil.cpp");
							E008C38BA(_t12);
						}
					}
				}
				return _t19;
			}







                                                            0x00900d8c
                                                            0x00900d8e
                                                            0x00900d94
                                                            0x00900dea
                                                            0x00900df0
                                                            0x00900df3
                                                            0x00900dfa
                                                            0x00900dfa
                                                            0x00900dfa
                                                            0x00900df5
                                                            0x00900df5
                                                            0x00900df8
                                                            0x00000000
                                                            0x00000000
                                                            0x00900df8
                                                            0x00900dfc
                                                            0x00900dfe
                                                            0x00900e00
                                                            0x00900e09
                                                            0x00900e09
                                                            0x00900e02
                                                            0x00900e02
                                                            0x00900e02
                                                            0x00900e0f
                                                            0x00900e11
                                                            0x00900e13
                                                            0x00900e13
                                                            0x00900e18
                                                            0x00900e19
                                                            0x00000000
                                                            0x00900e19
                                                            0x00900d96
                                                            0x00900da4
                                                            0x00900da8
                                                            0x00900dba
                                                            0x00900dc0
                                                            0x00900dc2
                                                            0x00900dc4
                                                            0x00900dcd
                                                            0x00900dcd
                                                            0x00900dc6
                                                            0x00900dc6
                                                            0x00900dc6
                                                            0x00900dd5
                                                            0x00900dd7
                                                            0x00900dd7
                                                            0x00900ddc
                                                            0x00900ddd
                                                            0x00900e1e
                                                            0x00900e1e
                                                            0x00900e23
                                                            0x00900e23
                                                            0x00900dc2
                                                            0x00900da8
                                                            0x00900e2c

                                                            APIs
                                                            • RegSetValueExW.ADVAPI32(00020006,0090FF38,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,008CF2DF,00000000,?,00020006), ref: 00900DBA
                                                            • RegDeleteValueW.ADVAPI32(00020006,0090FF38,00000000,?,?,008CF2DF,00000000,?,00020006,?,0090FF38,00020006,00000000,?,?,?), ref: 00900DEA
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\regutil.cpp, xrefs: 00900E1E
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Value$Delete
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\regutil.cpp
                                                            • API String ID: 1738766685-3237223240
                                                            • Opcode ID: 40de616d8d8246ddb0582e443d07b5deeea2b07c2b6f2d4443bf135ebd10f0b5
                                                            • Instruction ID: bc5c700254f8244290fe9e3a16c6625deba00dd8c64c0ebd8bf2003f56c38f69
                                                            • Opcode Fuzzy Hash: 40de616d8d8246ddb0582e443d07b5deeea2b07c2b6f2d4443bf135ebd10f0b5
                                                            • Instruction Fuzzy Hash: 9611C23795123EBFDB314A94CD05BAFBA69EB84760F154924FE00BA1D0DA30DD2097E0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00903183 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 25%
                                                            			E00903183(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t6;
				void* _t11;
				void* _t13;
				intOrPtr _t14;
				intOrPtr* _t16;
				void* _t17;

				_t16 = _a4;
				if(_t16 != 0) {
					if(_a12 != 0) {
						_t6 = _a8;
						if(_t6 == 0) {
							_t6 = 0x90a534;
						}
						__imp__#2(_t6, _t13);
						_t14 = _t6;
						if(_t14 != 0) {
							_t17 =  *((intOrPtr*)( *_t16 + 0x90))(_t16, _t14, _a12);
							__imp__#6(_t14);
						} else {
							_t17 = 0x8007000e;
							E008C38BA(_t6, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x412, 0x8007000e);
						}
					} else {
						_t11 = 0x8000ffff;
						_push(0x8000ffff);
						_push(0x40f);
						goto L2;
					}
				} else {
					_t11 = 0x8000ffff;
					_push(0x8000ffff);
					_push(0x40e);
					L2:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp");
					_t17 = _t11;
					E008C38BA(_t11);
				}
				return _t17;
			}









                                                            0x00903187
                                                            0x0090318c
                                                            0x009031ab
                                                            0x009031ba
                                                            0x009031bf
                                                            0x009031c1
                                                            0x009031c1
                                                            0x009031c8
                                                            0x009031ce
                                                            0x009031d2
                                                            0x009031f8
                                                            0x009031fb
                                                            0x009031d4
                                                            0x009031d4
                                                            0x009031e4
                                                            0x009031e4
                                                            0x009031ad
                                                            0x009031ad
                                                            0x009031b2
                                                            0x009031b3
                                                            0x00000000
                                                            0x009031b3
                                                            0x0090318e
                                                            0x0090318e
                                                            0x00903193
                                                            0x00903194
                                                            0x00903199
                                                            0x00903199
                                                            0x0090319e
                                                            0x009031a0
                                                            0x009031a0
                                                            0x00903206

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 009031C8
                                                            • SysFreeString.OLEAUT32(00000000), ref: 009031FB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocFree
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 344208780-3017383397
                                                            • Opcode ID: 663f1abc26b7e3870e57f9e0bd858904adfa6358429fe30d7ab3c9e8fe989896
                                                            • Instruction ID: e4b17c95c9f3c7bde3691a34d04eb08d2c485f042b1c62850a506cb952565917
                                                            • Opcode Fuzzy Hash: 663f1abc26b7e3870e57f9e0bd858904adfa6358429fe30d7ab3c9e8fe989896
                                                            • Instruction Fuzzy Hash: B901D63124831ABFE7201A595C08F7A36ADEF45765F118439FD04E7381C678CE05A691
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00903209 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 25%
                                                            			E00903209(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t6;
				void* _t11;
				void* _t13;
				intOrPtr _t14;
				intOrPtr* _t16;
				void* _t17;

				_t16 = _a4;
				if(_t16 != 0) {
					if(_a12 != 0) {
						_t6 = _a8;
						if(_t6 == 0) {
							_t6 = 0x90a534;
						}
						__imp__#2(_t6, _t13);
						_t14 = _t6;
						if(_t14 != 0) {
							_t17 =  *((intOrPtr*)( *_t16 + 0x94))(_t16, _t14, _a12);
							__imp__#6(_t14);
						} else {
							_t17 = 0x8007000e;
							E008C38BA(_t6, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x226, 0x8007000e);
						}
					} else {
						_t11 = 0x8000ffff;
						_push(0x8000ffff);
						_push(0x223);
						goto L2;
					}
				} else {
					_t11 = 0x8000ffff;
					_push(0x8000ffff);
					_push(0x222);
					L2:
					_push("c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp");
					_t17 = _t11;
					E008C38BA(_t11);
				}
				return _t17;
			}









                                                            0x0090320d
                                                            0x00903212
                                                            0x00903231
                                                            0x00903240
                                                            0x00903245
                                                            0x00903247
                                                            0x00903247
                                                            0x0090324e
                                                            0x00903254
                                                            0x00903258
                                                            0x0090327e
                                                            0x00903281
                                                            0x0090325a
                                                            0x0090325a
                                                            0x0090326a
                                                            0x0090326a
                                                            0x00903233
                                                            0x00903233
                                                            0x00903238
                                                            0x00903239
                                                            0x00000000
                                                            0x00903239
                                                            0x00903214
                                                            0x00903214
                                                            0x00903219
                                                            0x0090321a
                                                            0x0090321f
                                                            0x0090321f
                                                            0x00903224
                                                            0x00903226
                                                            0x00903226
                                                            0x0090328c

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 0090324E
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00903281
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocFree
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 344208780-3017383397
                                                            • Opcode ID: f7e84b66e28660a3c3b42ff5ccb556d6c6df747f70c2ca2867b46846715deaa4
                                                            • Instruction ID: aa0c664a6b8bab1f0a53fab99d18ff1726476eb503a61441f8f27ba07c22bcd5
                                                            • Opcode Fuzzy Hash: f7e84b66e28660a3c3b42ff5ccb556d6c6df747f70c2ca2867b46846715deaa4
                                                            • Instruction Fuzzy Hash: EA018632645356BFDB205A9D9C08E7B76ACEF51BA4F118139FD14E7380C678CE005691
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0090608D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 68%
                                                            			E0090608D(void* __ecx, struct _FILETIME* _a4, intOrPtr _a8) {
				char _v8;
				void* _t10;
				struct _FILETIME* _t21;
				DWORD _t24;
				DWORD _t28;

				_t21 = _a4;
				_v8 = 0;
				if(_t21->dwHighDateTime != 0 ||  *_t21 != 0) {
					_t24 = 0x8007000d;
					E008C38BA(_t10, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\atomutil.cpp", 0x427, 0x8007000d);
				} else {
					_t24 = E00902D56(_a8,  &_v8);
					_t28 = _t24;
					if(_t28 >= 0) {
						if(_t28 != 0) {
							 *_t21 = 0;
							_t24 = 0;
							_t21->dwHighDateTime = 0;
						} else {
							_t24 = E00907ED3(_v8, _t21);
						}
					}
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				return _t24;
			}








                                                            0x00906094
                                                            0x00906099
                                                            0x0090609f
                                                            0x009060cf
                                                            0x009060df
                                                            0x009060a5
                                                            0x009060b1
                                                            0x009060b3
                                                            0x009060b5
                                                            0x009060b7
                                                            0x009060c6
                                                            0x009060c8
                                                            0x009060ca
                                                            0x009060b9
                                                            0x009060c2
                                                            0x009060c2
                                                            0x009060b7
                                                            0x009060b5
                                                            0x009060e7
                                                            0x009060ec
                                                            0x009060ec
                                                            0x009060f8

                                                            APIs
                                                            • SysFreeString.OLEAUT32(?), ref: 009060EC
                                                              • Part of subcall function 00907ED3: SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 00907FE0
                                                              • Part of subcall function 00907ED3: GetLastError.KERNEL32 ref: 00907FEA
                                                            Strings
                                                            • clbcatq.dll, xrefs: 009060B9
                                                            • c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp, xrefs: 009060DA
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: Time$ErrorFileFreeLastStringSystem
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\atomutil.cpp$clbcatq.dll
                                                            • API String ID: 211557998-2486263986
                                                            • Opcode ID: df9ac9db1d0eb3ad4ec4ef7c66ee6080a5b57f13eb6c5ab3b6f6786473d8e4e7
                                                            • Instruction ID: 5c69bed196fe67691400d3c629941eed6d4b8c093fae017aac119459913b2dd2
                                                            • Opcode Fuzzy Hash: df9ac9db1d0eb3ad4ec4ef7c66ee6080a5b57f13eb6c5ab3b6f6786473d8e4e7
                                                            • Instruction Fuzzy Hash: 3501AD7294012AFFCB209F86884185AFAB8FF14360B10817AE604A7190D3719E20D7A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00902A57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E00902A57(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t12;
				intOrPtr* _t15;
				void* _t16;

				if(_a12 == 0) {
					L6:
					return 0x80070057;
				}
				_t15 = _a4;
				if(_t15 == 0) {
					goto L6;
				}
				__imp__#2(_a8, _t12);
				if(__eax != 0) {
					_t16 =  *((intOrPtr*)( *_t15 + 0xbc))(_t15, __eax, _a12);
					__imp__#6(__eax);
				} else {
					_t16 = 0x8007000e;
					E008C38BA(__eax, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x66, 0x8007000e);
				}
				return _t16;
			}






                                                            0x00902a5f
                                                            0x00902aa7
                                                            0x00000000
                                                            0x00902aa7
                                                            0x00902a61
                                                            0x00902a66
                                                            0x00000000
                                                            0x00000000
                                                            0x00902a6c
                                                            0x00902a76
                                                            0x00902a99
                                                            0x00902a9c
                                                            0x00902a78
                                                            0x00902a78
                                                            0x00902a85
                                                            0x00902a85
                                                            0x00000000

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 00902A6C
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00902A9C
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp, xrefs: 00902A80
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocFree
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 344208780-3017383397
                                                            • Opcode ID: fadb2de90cf3b228b726d3caeab392055e45c2f77f46a36305add95604ae5cd1
                                                            • Instruction ID: 1431ccaedf9186718880d2ee97772da40472d73413d6b55482459eb321c03f6a
                                                            • Opcode Fuzzy Hash: fadb2de90cf3b228b726d3caeab392055e45c2f77f46a36305add95604ae5cd1
                                                            • Instruction Fuzzy Hash: 86F03036245655AFD7315B449C08F6B7769AF80761F154029FC0467290CB798D10AAE5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00902CFC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                            Download Yara Rule
                                                            C-Code - Quality: 37%
                                                            			E00902CFC(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t12;
				intOrPtr* _t15;
				void* _t16;

				_t15 = _a4;
				if(_t15 == 0 || _a12 == 0) {
					return 0x80070057;
				} else {
					__imp__#2(_a8, _t12);
					if(__eax != 0) {
						_t16 =  *((intOrPtr*)( *_t15 + 0x1c))(_t15, __eax, _a12);
						__imp__#6(__eax);
					} else {
						_t16 = 0x8007000e;
						E008C38BA(__eax, "c:\\agent\\_work\\66\\s\\src\\libs\\dutil\\xmlutil.cpp", 0x340, 0x8007000e);
					}
					return _t16;
				}
			}






                                                            0x00902d00
                                                            0x00902d05
                                                            0x00000000
                                                            0x00902d0d
                                                            0x00902d11
                                                            0x00902d1b
                                                            0x00902d3e
                                                            0x00902d41
                                                            0x00902d1d
                                                            0x00902d1d
                                                            0x00902d2d
                                                            0x00902d2d
                                                            0x00000000
                                                            0x00902d49

                                                            APIs
                                                            • SysAllocString.OLEAUT32(?), ref: 00902D11
                                                            • SysFreeString.OLEAUT32(00000000), ref: 00902D41
                                                            Strings
                                                            • c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp, xrefs: 00902D28
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.750820461.00000000008C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008C0000, based on PE: true
                                                            • Associated: 00000006.00000002.750799128.00000000008C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750881184.000000000090A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750915296.000000000092A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000006.00000002.750931663.000000000092D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_8c0000_camtasia.jbxd
                                                            Similarity
                                                            • API ID: String$AllocFree
                                                            • String ID: c:\agent\_work\66\s\src\libs\dutil\xmlutil.cpp
                                                            • API String ID: 344208780-3017383397
                                                            • Opcode ID: 044839b274a559b0ab8489389e90165c33542a418ae955db09e09e59694c9e30
                                                            • Instruction ID: 63755ad40316fd2f572c14971f8ca23c80f031d4685831a94b37f41ac07295d3
                                                            • Opcode Fuzzy Hash: 044839b274a559b0ab8489389e90165c33542a418ae955db09e09e59694c9e30
                                                            • Instruction Fuzzy Hash: ADF05436156265AFC7225F449C0CE5A7B69EF41761F15401AFC08AB2A0C778DD11AAE1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%